chore(security): anchore upload (#331)

.github/workflows/release.yml

@@ -151,12 +151,11 @@ jobs:
         image-reference: "${{ env.REGISTRY }}/${{ github.repository }}/${{ env.IMAGE }}:${{ steps.vars.outputs.sha_short }}"
         dockerfile-path: "./build/docker/prod"
         fail-build: false
-    - name: anchore inline scan JSON results
-      run: for j in `ls ./anchore-reports/*.json`; do echo "---- ${j} ----"; cat ${j}; echo; done
-    - uses: actions/upload-artifact@v1
+        acs-report-enable: true
+    - name: Upload Anchore Scan Report
+      uses: github/codeql-action/upload-sarif@v1
       with:
-        name: anchore-reports
-        path: ./anchore-reports/
+        sarif_file: results.sarif
 
   container-test:
     runs-on: ubuntu-18.04