From ceea03e959d64d711b219a108718b4666560e219 Mon Sep 17 00:00:00 2001
From: Matthew Boedicker <24275+mmb@users.noreply.github.com>
Date: Fri, 20 Feb 2026 19:28:27 -0800
Subject: [PATCH] Upload govulncheck sarif

---
 .github/workflows/check.yaml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/check.yaml b/.github/workflows/check.yaml
index 73a298e..96e2fdd 100644
--- a/.github/workflows/check.yaml
+++ b/.github/workflows/check.yaml
@@ -44,6 +44,10 @@ jobs:
           go-version-file: go.mod
           go-version-input:
           output-format: sarif
+          output-file: govulncheck.sarif
+      - uses: github/codeql-action/upload-sarif@v4
+        with:
+          sarif_file: govulncheck.sarif
   hadolint:
     name: hadolint
     runs-on: ubuntu-latest
@@ -111,11 +115,11 @@ jobs:
         with:
           scan-type: fs
           format: sarif
-          output: trivy-results.sarif
+          output: trivy.sarif
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v4
         with:
-          sarif_file: trivy-results.sarif
+          sarif_file: trivy.sarif
   yamllint:
     name: yamllint
     runs-on: ubuntu-latest