From cde55615efb41561b68c26b0912ff2392761510b Mon Sep 17 00:00:00 2001
From: Makar Dzhehur <makardzhehur2@gmail.com>
Date: Fri, 24 Apr 2026 20:41:49 +0300
Subject: [PATCH] fix(workflow): split trivy sarif upload into separate steps
 with categories

---
 .github/workflows/release.yml | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c2dec3a..3b95034 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -100,11 +100,23 @@ jobs:
           exit-code: "0"
 
       # ── Upload scan results ─────────────────────────────────────────────────
-      - name: Upload Trivy results to GitHub Security
+      - name: Upload API Trivy results
         if: always()
         uses: github/codeql-action/upload-sarif@v4
         with:
-          sarif_file: |
-            trivy-api.sarif
-            trivy-web.sarif
-            trivy-bot.sarif
+          sarif_file: trivy-api.sarif
+          category: api
+
+      - name: Upload Web Trivy results
+        if: always()
+        uses: github/codeql-action/upload-sarif@v4
+        with:
+          sarif_file: trivy-web.sarif
+          category: web
+
+      - name: Upload Bot Trivy results
+        if: always()
+        uses: github/codeql-action/upload-sarif@v4
+        with:
+          sarif_file: trivy-bot.sarif
+          category: bot