File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1414 - ref : slsa-checks
1515 with :
1616 runner : GITHUB_ACTION
17+ - ref : vulnerability-management
18+ with :
19+ severity : " HIGH"
Original file line number Diff line number Diff line change 9393 # Install Syft
9494 wget --no-verbose https://raw.githubusercontent.com/anchore/syft/c43f4fb416c34c1c4b3997373689d8d4c0fb9b36/install.sh -O - | sh -s -- -b /usr/local/bin
9595
96+ - name : Install Grype
97+ run : curl -sSfL https://raw.githubusercontent.com/anchore/grype/7b7d5be174d392ded78fd45d6cfaff4b7610d23b/install.sh | sh -s -- -b /usr/local/bin
98+
9699 - name : Run GoReleaser
97100 id : release
98101 uses : goreleaser/goreleaser-action@b508e2e3ef3b19d4e4146d4f8fb3ba9db644a757 # v3.2.0
@@ -149,6 +152,10 @@ jobs:
149152
150153 # Upload the SBOM to the release
151154 gh release upload ${{ github.ref_name }} /tmp/sbom-$material_name.cyclonedx.json --clobber
155+
156+ # Run Grype vulnerability scan and attest result
157+ grype --only-fixed -o sarif --file ./vuln-${container_name}.json $entry
158+ chainloop attestation add --name ${container_name}-vulnerability-report --value ./vuln-${container_name}.json --attestation-id ${{ env.ATTESTATION_ID }}
152159 fi
153160 done
154161
You can’t perform that action at this time.
0 commit comments