akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 14 Packages Projects Releases Wiki Activity

fix(ci): load Grype ignore config in supply chain verification

Browse Source
This commit is contained in:
GitHub Actions
2026-04-05 02:33:40 +00:00
parent fc0e31df56
commit 85a80568b2
2 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/supply-chain-pr.yml vendored
View File

@@ -281,7 +281,7 @@ jobs:
echo "component_count=${COMPONENT_COUNT}" >> "$GITHUB_OUTPUT"
echo "✅ SBOM generated with ${COMPONENT_COUNT} components"
# Scan for vulnerabilities using manual Grype installation (pinned to v0.107.1)
# Scan for vulnerabilities using manual Grype installation (pinned to v0.110.0)
- name: Install Grype
if: steps.set-target.outputs.image_name != ''
run: |
@@ -292,8 +292,8 @@ jobs:
id: grype-scan
run: |
echo "🔍 Scanning SBOM for vulnerabilities..."
grype sbom:sbom.cyclonedx.json -o json > grype-results.json
grype sbom:sbom.cyclonedx.json -o sarif > grype-results.sarif
grype sbom:sbom.cyclonedx.json --config .grype.yaml -o json > grype-results.json
grype sbom:sbom.cyclonedx.json --config .grype.yaml -o sarif > grype-results.sarif
- name: Debug Output Files
if: steps.set-target.outputs.image_name != ''