fix(docs): update Grype version to v0.107.0 in scripts and documentation

2026-01-30 01:04:46 +00:00
parent d0ef725c67
commit 98eae4afd9
5 changed files with 21 additions and 21 deletions
--- a/.github/skills/security-scan-docker-image-scripts/run.sh
+++ b/.github/skills/security-scan-docker-image-scripts/run.sh
@@ -35,7 +35,7 @@ fi
 # Check Grype
 if ! command -v grype >/dev/null 2>&1; then
    log_error "Grype not found - install from: https://github.com/anchore/grype"
-    log_error "Installation: curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin v0.85.0"
+    log_error "Installation: curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin v0.107.0"
    error_exit "Grype is required for vulnerability scanning" 2
 fi

@@ -51,7 +51,7 @@ GRYPE_INSTALLED_VERSION=$(grype version | grep -oP 'Version:\s*\Kv?[0-9]+\.[0-9]

 # Set defaults matching CI workflow
 set_default_env "SYFT_VERSION" "v1.17.0"
-set_default_env "GRYPE_VERSION" "v0.85.0"
+set_default_env "GRYPE_VERSION" "v0.107.0"
 set_default_env "IMAGE_TAG" "charon:local"
 set_default_env "FAIL_ON_SEVERITY" "Critical,High"

--- a/.github/skills/security-scan-docker-image.SKILL.md
+++ b/.github/skills/security-scan-docker-image.SKILL.md
@@ -40,7 +40,7 @@ environment_variables:
    required: false
  - name: "GRYPE_VERSION"
    description: "Grype version to use for vulnerability scanning"
-    default: "v0.85.0"
+    default: "v0.107.0"
    required: false
  - name: "IMAGE_TAG"
    description: "Docker image tag to build and scan"
@@ -145,7 +145,7 @@ brew install syft  # macOS

 ```bash
 # Linux/macOS
-curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin v0.85.0
+curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin v0.107.0

 # Or via package manager
 brew install grype  # macOS
@@ -191,7 +191,7 @@ Override default versions or behavior:

 ```bash
 # Use specific tool versions
-SYFT_VERSION=v1.17.0 GRYPE_VERSION=v0.85.0 \
+SYFT_VERSION=v1.17.0 GRYPE_VERSION=v0.107.0 \
  .github/skills/scripts/skill-runner.sh security-scan-docker-image

 # Change failure threshold
@@ -211,7 +211,7 @@ FAIL_ON_SEVERITY="Critical" \
 | Variable | Required | Default | Description |
 |----------|----------|---------|-------------|
 | SYFT_VERSION | No | v1.17.0 | Syft version (matches CI) |
-| GRYPE_VERSION | No | v0.85.0 | Grype version (matches CI) |
+| GRYPE_VERSION | No | v0.107.0 | Grype version (matches CI) |
 | IMAGE_TAG | No | charon:local | Default image tag if not provided |
 | FAIL_ON_SEVERITY | No | Critical,High | Severities that cause exit code 1 |

@@ -239,7 +239,7 @@ FAIL_ON_SEVERITY="Critical" \
 [SBOM] Generating SBOM using Syft v1.17.0...
 [SBOM] Generated SBOM contains 247 packages

-[SCAN] Scanning for vulnerabilities using Grype v0.85.0...
+[SCAN] Scanning for vulnerabilities using Grype v0.107.0...
 [SCAN] Vulnerability Summary:
  🔴 Critical: 0
  🟠 High: 0
@@ -266,7 +266,7 @@ $ .github/skills/scripts/skill-runner.sh security-scan-docker-image
 [SBOM] Scanning image: charon:local
 [SBOM] Generated SBOM contains 247 packages

-[SCAN] Scanning for vulnerabilities using Grype v0.85.0...
+[SCAN] Scanning for vulnerabilities using Grype v0.107.0...
 [SCAN] Vulnerability Summary:
  🔴 Critical: 0
  🟠 High: 2
@@ -413,7 +413,7 @@ Solution: Install Syft v1.17.0 using installation instructions above
 **Grype not installed**:
 ```bash
 [ERROR] Grype not found - install from: https://github.com/anchore/grype
-Solution: Install Grype v0.85.0 using installation instructions above
+Solution: Install Grype v0.107.0 using installation instructions above
 ```

 **Build failure**:
@@ -476,7 +476,7 @@ This skill **exactly replicates** the supply-chain-pr.yml workflow:
 | Build Image | ✅ Docker build | ✅ Docker build | ✅ |
 | Load Image | ✅ Load from artifact | ✅ Use built image | ✅ |
 | Syft Version | v1.17.0 | v1.17.0 | ✅ |
-| Grype Version | v0.85.0 | v0.85.0 | ✅ |
+| Grype Version | v0.107.0 | v0.107.0 | ✅ |
 | SBOM Format | CycloneDX JSON | CycloneDX JSON | ✅ |
 | Scan Target | Docker image | Docker image | ✅ |
 | Severity Counts | Critical/High/Medium/Low | Critical/High/Medium/Low | ✅ |
@@ -571,7 +571,7 @@ Verify versions match:

 ```bash
 syft version  # Should be v1.17.0
-grype version # Should be v0.85.0
+grype version # Should be v0.107.0
 ```

 Update if needed:
@@ -579,7 +579,7 @@ Update if needed:
 ```bash
 # Reinstall specific versions
 curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin v1.17.0
-curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin v0.85.0
+curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin v0.107.0
 ```

 ## Notes
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -31,7 +31,7 @@ env:
  DOCKERHUB_REGISTRY: docker.io
  IMAGE_NAME: wikid82/charon
  SYFT_VERSION: v1.17.0
-  GRYPE_VERSION: v0.85.0
+  GRYPE_VERSION: v0.107.0

 jobs:
  build-and-push:
--- a/.github/workflows/supply-chain-pr.yml
+++ b/.github/workflows/supply-chain-pr.yml
@@ -21,7 +21,7 @@ concurrency:

 env:
  SYFT_VERSION: v1.17.0
-  GRYPE_VERSION: v0.85.0
+  GRYPE_VERSION: v0.107.0

 permissions:
  contents: read
--- a/docs/implementation/DOCKER_IMAGE_SCAN_SKILL_COMPLETE.md
+++ b/docs/implementation/DOCKER_IMAGE_SCAN_SKILL_COMPLETE.md
@@ -26,7 +26,7 @@ Successfully created a comprehensive Agent Skill that closes a critical security
 - **Size**: 18KB comprehensive documentation
 - **Features**:
  - Complete metadata (name, version, description, author, license)
-  - Tool requirements (Docker 24.0+, Syft v1.17.0, Grype v0.85.0)
+  - Tool requirements (Docker 24.0+, Syft v1.17.0, Grype v0.107.0)
  - Environment variables with CI-aligned defaults
  - Parameters for image tag and build options
  - Detailed usage examples and troubleshooting
@@ -82,10 +82,10 @@ Application: syft
 Version:    1.17.0
 BuildDate:  2024-11-21T14:39:38Z

-# Grype v0.85.0 installed
+# Grype v0.107.0 installed
 $ grype version
 Application:         grype
-Version:             0.85.0
+Version:             0.107.0
 BuildDate:           2024-11-21T15:21:23Z
 Syft Version:        v1.17.0
 ```
@@ -109,8 +109,8 @@ $ .github/skills/scripts/skill-runner.sh security-scan-docker-image test-quick
 [ENVIRONMENT] Validating prerequisites
 [INFO] Installed Syft version: 1.17.0
 [INFO] Expected Syft version: v1.17.0
-[INFO] Installed Grype version: 0.85.0
-[INFO] Expected Grype version: v0.85.0
+[INFO] Installed Grype version: 0.107.0
+[INFO] Expected Grype version: v0.107.0
 [INFO] Image tag: test-quick
 [INFO] Fail on severity: Critical,High
 [BUILD] Building Docker image: test-quick
@@ -128,7 +128,7 @@ $ .github/skills/scripts/skill-runner.sh security-scan-docker-image test-quick
 |------|------------|------------|-------|
 | Build Image | ✅ Docker build | ✅ Docker build | ✅ |
 | Syft Version | v1.17.0 | v1.17.0 | ✅ |
-| Grype Version | v0.85.0 | v0.85.0 | ✅ |
+| Grype Version | v0.107.0 | v0.107.0 | ✅ |
 | SBOM Format | CycloneDX JSON | CycloneDX JSON | ✅ |
 | Scan Target | Docker image | Docker image | ✅ |
 | Severity Counts | Critical/High/Medium/Low | Critical/High/Medium/Low | ✅ |
@@ -243,7 +243,7 @@ Solution: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install
 ```bash
 [ERROR] Grype not found
 Solution: curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | \
-  sh -s -- -b /usr/local/bin v0.85.0
+  sh -s -- -b /usr/local/bin v0.107.0
 ```

 **Version mismatch**: