Add show-grype-output option to show vulnerabilities in console when …

[ken-chou-glia]

…running scan in blocking mode

Signed-off-by: Ken Chou [email protected]

[JAORMX]

This would close #168

[kzantow]

This is a great idea -- however, I think we could probably do this without a config parameter to just always dump the table view to the console, WDYT?

[JAORMX]

This is a great idea -- however, I think we could probably do this without a config parameter to just always dump the table view to the console, WDYT?

to be honest, that behavior would be a nice default to have.

[JAORMX]

@kzantow is this a change that would need to go into grype itself or is it something that needs to happen in this action?

[jonasagx]

@ken-chou-finn thank for your work on this PR. On @JAORMX's latest question: grype currently prints the table and then errors out, like in the example below:

$ grype ubuntu:20.04 --fail-on medium                                                                                                                                                              
NAME          INSTALLED                 FIXED-IN            TYPE  VULNERABILITY   SEVERITY
coreutils     8.30-3ubuntu2                                 deb   CVE-2016-2781   Low
e2fsprogs     1.45.5-2ubuntu1                               deb   CVE-2022-1304   Medium
[other vulns removed for brevity of this snippet]
1 error occurred:
	* discovered vulnerabilities at or above the severity threshold

We just need to make use of the table output, so no need to change grype, just this action. I am happy to help with this PR and get the feature delivered.

[JAORMX]

@jonasagx that would be great!

[kzantow]

Sorry this has taken a while to get back to -- I think we may want to combine this with #187 by allowing users to specify a format parameter, which could be table.

One question: is there any situation a user wants to get both a table output printed and an output file of some sort?