anchore
.grype.yaml ignored
I've added a .grype.yaml file to ignore several issues but it appears that it is being ignored. My latest run is here: https://github.com/BallAerospace/COSMOS/pull/1656/checks?check_run_id=6644500146
I'm scanning a number of containers in a matrix and it appears to all work except for picking up my grype.yaml
Thanks for the issue @jasonatball! I'll take a look when I have time and see if I can work out why this is broken. If you have any other information or idea on why it's not being picked up please added it here.
I'm able to run grype on the command line of my local machine, e.g. grype ballaerospace/cosmosc2-ruby:latest and it's definitely picking up the .grype.yaml because I can change the output. My action is pretty simple:
container-scan:
needs: cosmos-build
runs-on: ubuntu-latest
strategy:
matrix:
container:
[
base,
ruby,
node,
traefik,
operator,
cmd-tlm-api,
script-runner-api,
redis,
minio-init,
]
steps:
- name: Run the Anchore scan action
uses: anchore/scan-action@v3
with:
image: "docker.io/ballaerospace/cosmosc2-${{ matrix.container }}:latest"
acs-report-enable: true
severity-cutoff: critical # low, medium, high, critical
fail-build: false
- name: Upload Anchore Scan Report
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
category: ${{ matrix.container }}
Based on the comment in #226, I believe this is working properly. I'm going to close this issue for now, but if anyone continues to have issues with this functionality please do reopen it!
