robot: Add grype scan reports (#1057)

Signed-off-by: mudler <mudler@c3os.io>
2025-10-20 10:38:34 +00:00 · 2023-03-08 09:13:08 +01:00
parent ca7576c1fe
commit 557941fe55
1 changed files with 19 additions and 0 deletions
--- a/19
+++ b/19
@@ -38,6 +38,7 @@ all:
  BUILD +docker
  BUILD +image-sbom
  BUILD +trivy-scan
+  BUILD +grype-scan
  BUILD +iso
  BUILD +netboot
  BUILD +ipxe-iso
@@ -46,6 +47,7 @@ all-arm:
  BUILD --platform=linux/arm64 +docker
  BUILD +image-sbom
  BUILD +trivy-scan
+  BUILD +grype-scan
  BUILD +arm-image

 go-deps:
@@ -521,6 +523,23 @@ trivy-scan:
    SAVE ARTIFACT /build/report.html report.html AS LOCAL build/${VARIANT}-${FLAVOR}-${VERSION}-trivy.html
    SAVE ARTIFACT /build/results.json results.json AS LOCAL build/${VARIANT}-${FLAVOR}-${VERSION}-trivy.json

+grype:
+    FROM anchore/grype
+    SAVE ARTIFACT /grype /grype
+
+grype-scan:
+    FROM +docker
+    COPY +grype/grype /grype
+    COPY +version/VERSION ./
+    ARG VERSION=$(cat VERSION)
+    ARG FLAVOR
+    ARG VARIANT
+    WORKDIR /build
+    RUN /grype dir:/ --output sarif --file report.sarif
+    RUN /grype dir:/ --output json --file report.json
+    SAVE ARTIFACT /build/report.sarif report.sarif AS LOCAL build/${VARIANT}-${FLAVOR}-${VERSION}-grype.sarif
+    SAVE ARTIFACT /build/report.json report.json AS LOCAL build/${VARIANT}-${FLAVOR}-${VERSION}-grype.json
+
 linux-bench:
    ARG GO_VERSION
    FROM golang:$GO_VERSION