added REAMDE for ecr sarif action w/ burnettk

README.md

@@ -1,3 +1,7 @@
 # github-actions-library
 
 Each directory is a github actions library that can be used in your github actions workflow.
+
+## Library list
+
+[wait-for-ecr-scan-and-get-sarif](./wait-for-ecr-scan-and-get-sarif/README.md)

wait-for-ecr-scan-and-get-sarif/README.md

@@ -0,0 +1,79 @@
+# Wait for ECR Scan and get Sarif GitHub Action
+
+### Easily upload coverage reports to Codecov from GitHub Actions
+
+## Usage
+
+To integrate with your Actions pipeline, specify the name of this repository with a branch or tag number (`main` is recommended) as a `step` within your `workflow.yml` file.
+
+Inside your `.github/workflows/workflow.yml` file:
+
+```yaml
+steps:
+  - uses: discoveryedu/github-actions-library/wait-for-ecr-scan-and-get-sarif@main
+    with:
+      repository_name: "docker/repo"
+      image_tag: "main"
+      aws_region: "us-east-2"
+      output_file: "report.sarif"
+```
+
+After you run this shared workflow you might want to upload the results to github.
+That looks like this:
+
+```yaml
+steps:
+  - name: Upload SARIF file
+    uses: github/codeql-action/upload-sarif@v3
+    with:
+      sarif_file: report.sarif
+      category: security
+```
+
+## Arguments
+
+This Action supports inputs from the user. These inputs, along with their descriptions and usage contexts, are listed in the table below:
+
+| Input             | Description                                                                                            |  Required  |
+| :---------------- | :----------------------------------------------------------------------------------------------------- | :--------: |
+| `repository_name` | ECR repository name                                                                                    | \*Required |
+| `image_tag`       | Docker image tag                                                                                       | \*Required |
+| `aws_region`      | Region, like us-east-1                                                                                 | \*Required |
+| `output_file`     | File location to place the Sarif output file. It is json, but it sometimes uses the `.sarif` extension | \*Required |
+
+### Example full `workflow.yml` using this Action
+
+```yaml
+name: "Build container image"
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+jobs:
+  ecr-scan:
+    runs-on: ubuntu-latest
+
+    steps:
+      # [Probably build and push image to ECR here]
+
+      - name: Run ECR Scan and Get SARIF Report
+        uses: sartography/github-actions-library/wait-for-ecr-scan-and-get-sarif@main
+        with:
+          repository_name: "infr/testcloud2202"
+          image_tag: "main"
+          aws_region: "us-east-2"
+          output_file: "report.sarif"
+
+      - name: Upload SARIF report as artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: sarif-report
+          path: report.sarif
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: report.sarif
+          category: security
+```