Add output-file as an input param

[sidmitra]

This is a "nice-to-have" feature request.

Currently the output file name is hardcoded to ./results.json or results.sarif. See here

I would like some control over the file name, currently i need to add an extra step like so

    - name: Run grype vulnerability scanner
      uses: anchore/scan-action@v3 
      id: grype-scan
      with:
        path: .
        fail-build: false
        output-format: sarif
    - name: Output report to custom file
      run: cat ${{ steps.grype-scan.outputs.sarif }} > grype-results.sarif
    - name: Upload vulnerability report
      uses: actions/upload-artifact@master
      if: always()
      with:
        name: grype-results
        path: |
          grype-results.sarif
        if-no-files-found: warn

This avoids automatic name clashes with results.json produced by other steps in the same job.

Note: This parameter is supported by "trivy". See here

PS: I'd be happy to send a PR if you guys agree.

[tgerla]

Hi @sidmitra, we would be happy to review a PR for this! Let us know if we can help, and thanks.