From 557941fe552b29479b97324f08f9578d144e3cc1 Mon Sep 17 00:00:00 2001
From: Ettore Di Giacinto <mudler@users.noreply.github.com>
Date: Wed, 8 Mar 2023 09:13:08 +0100
Subject: [PATCH] robot: Add grype scan reports (#1057)

Signed-off-by: mudler <mudler@c3os.io>
---
 Earthfile | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/Earthfile b/Earthfile
index baf4684..09e1420 100644
--- a/Earthfile
+++ b/Earthfile
@@ -38,6 +38,7 @@ all:
   BUILD +docker
   BUILD +image-sbom
   BUILD +trivy-scan
+  BUILD +grype-scan
   BUILD +iso
   BUILD +netboot
   BUILD +ipxe-iso
@@ -46,6 +47,7 @@ all-arm:
   BUILD --platform=linux/arm64 +docker
   BUILD +image-sbom
   BUILD +trivy-scan
+  BUILD +grype-scan
   BUILD +arm-image
 
 go-deps:
@@ -521,6 +523,23 @@ trivy-scan:
     SAVE ARTIFACT /build/report.html report.html AS LOCAL build/${VARIANT}-${FLAVOR}-${VERSION}-trivy.html
     SAVE ARTIFACT /build/results.json results.json AS LOCAL build/${VARIANT}-${FLAVOR}-${VERSION}-trivy.json
 
+grype:
+    FROM anchore/grype
+    SAVE ARTIFACT /grype /grype
+
+grype-scan:
+    FROM +docker
+    COPY +grype/grype /grype
+    COPY +version/VERSION ./
+    ARG VERSION=$(cat VERSION)
+    ARG FLAVOR
+    ARG VARIANT
+    WORKDIR /build
+    RUN /grype dir:/ --output sarif --file report.sarif
+    RUN /grype dir:/ --output json --file report.json
+    SAVE ARTIFACT /build/report.sarif report.sarif AS LOCAL build/${VARIANT}-${FLAVOR}-${VERSION}-grype.sarif
+    SAVE ARTIFACT /build/report.json report.json AS LOCAL build/${VARIANT}-${FLAVOR}-${VERSION}-grype.json
+
 linux-bench:
     ARG GO_VERSION
     FROM golang:$GO_VERSION