Skip to content

feat: update Scan action to use grype db v6 #462

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Apr 29, 2025
Merged

feat: update Scan action to use grype db v6 #462

merged 9 commits into from
Apr 29, 2025

Conversation

spiffcs
Copy link
Contributor

@spiffcs spiffcs commented Apr 25, 2025
edited
Loading

Update Scan Action to use Grype DB v6

Features

  • Change the grype pinned version from v0.87.0 ==> v0.91.0
  • Update testing scripts to use newer grype db import commands to manage and import db from url
  • add ease of use registry and image scripts for local testing
  • remove db server mocks from v5 and cache testing against mocks

Note on removing mock db: it's grype's job to test that it can use GRYPE_CACHE_DB correctly - Scan Action should not mock and double check this

spiffcs added 6 commits April 1, 2025 14:54
@spiffcs
feat: update package.json and grype version
5df5556 
Signed-off-by: Christopher Phillips <[email protected]>
@spiffcs
chore: update to use zstd for v6
78ce390 
Signed-off-by: Christopher Phillips <[email protected]>
@spiffcs
chore: remove old mocks
b9b1ea2 
Signed-off-by: Christopher Phillips <[email protected]>
@spiffcs
tests: update scripts for tests to download gdbv6
6778eea 
Signed-off-by: Christopher Phillips <[email protected]>
@spiffcs
test: remove old cache dir in favor of single import run
07354a8 
Signed-off-by: Christopher Phillips <[email protected]>
@spiffcs
feat: use correct grype version
a5effe4 
Signed-off-by: Christopher Phillips <[email protected]>
@spiffcs spiffcs self-assigned this Apr 29, 2025
@spiffcs spiffcs linked an issue Apr 29, 2025 that may be closed by this pull request
grype version is still pinned to v0.87.0 in GrypeVersion.js #451
Closed
@spiffcs
chore: remove stderr from debug
3f7057e 
Signed-off-by: Christopher Phillips <[email protected]>
wagoodman
wagoodman reviewed Apr 29, 2025
View reviewed changes
wagoodman
wagoodman reviewed Apr 29, 2025
View reviewed changes
kzantow
kzantow approved these changes Apr 29, 2025
View reviewed changes
Copy link
Contributor

@kzantow kzantow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

kzantow
kzantow reviewed Apr 29, 2025
View reviewed changes
scripts/start_registry_and_push_images.sh
set -euo pipefail

# Remove existing container named 'registry' if it exists
if docker ps -a --format '{{.Names}}' | grep -Eq '^registry$'; then
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One other option is just uploading these prebuilt images to GHCR and getting rid of the build step altogether. It would make everyone's lives easier, probably.

@spiffcs spiffcs changed the title Scan action v6 feat: update Scan action to use grype db v6 Apr 29, 2025
@spiffcs spiffcs merged commit 2c901ab into main Apr 29, 2025
31 checks passed
@spiffcs spiffcs deleted the scan-action-v6 branch April 29, 2025 17:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wagoodman wagoodman wagoodman left review comments

@kzantow kzantow kzantow approved these changes

Assignees

@spiffcs spiffcs

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

grype version is still pinned to v0.87.0 in GrypeVersion.js
3 participants
@spiffcs @wagoodman @kzantow