actions/grype-container-scanning
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Added a double grype scan to show the suppressed scans without fail-on

Browse Source
This commit is contained in:
Skydust
2024-11-26 20:47:29 +01:00
parent 47faba6c9f
commit 4efbe95393
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
entrypoint.sh
View File

@@ -35,12 +35,16 @@ if [ -n "$INPUT_PLATFORM" ]; then
GRYPE_OPTIONS+=("--platform" "$INPUT_PLATFORM") GRYPE_OPTIONS+=("--platform" "$INPUT_PLATFORM")
fi fi
GRYPE_OPTIONS+=("registry:${IMAGE_NAME}")
# shellcheck disable=SC2145
echo "Running grype container scanning with options: ${GRYPE_OPTIONS[@]} --show-suppressed"
grype "${GRYPE_OPTIONS[@]}" "--show-suppressed"
if [ -n "$INPUT_FAIL_ON" ]; then if [ -n "$INPUT_FAIL_ON" ]; then
GRYPE_OPTIONS+=("--fail-on" "$INPUT_FAIL_ON") GRYPE_OPTIONS+=("--fail-on" "$INPUT_FAIL_ON")
fi fi
GRYPE_OPTIONS+=("registry:${IMAGE_NAME}")
# shellcheck disable=SC2145 # shellcheck disable=SC2145
echo "Running grype container scanning with options: ${GRYPE_OPTIONS[@]}" echo "Running grype container scanning with options: ${GRYPE_OPTIONS[@]}"
grype "${GRYPE_OPTIONS[@]}" grype "${GRYPE_OPTIONS[@]}"