Fix version identofier for Anchore scan

use anything on v3. Also dump serif output file. Also add id and
use ${{ steps.scan.outputs.sarif }} rather than hardcoded file name
to match example.

Author: rouilj

.github/workflows/anchore.yml

@@ -40,12 +40,15 @@ jobs:
     - name: Build the Docker image
       run: docker build . --file scripts/Docker/Dockerfile --tag localbuild/testimage:latest
     - name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled
-      uses: anchore/[email protected]
+      uses: anchore/scan-action@v3
+      id: scan
       with:
         image: "localbuild/testimage:latest"
         acs-report-enable: true
         fail-build: false
     - name: Upload Anchore Scan Report
       uses: github/codeql-action/upload-sarif@v2
       with:
-        sarif_file: results.sarif
+        sarif_file: ${{ steps.scan.outputs.sarif }}
+    - name: Inspect action SARIF report
+      run: cat ${{ steps.scan.outputs.sarif }}