Skip to content

Commit cd9f677

Browse files
authored
Merge pull request #174 from dalaoqi/ci/add-grype-security-scan
Ci/add grype security scan
2 parents 64c1cfd + efa0f35 commit cd9f677

1 file changed

Lines changed: 26 additions & 0 deletions

File tree

.github/workflows/go.yml

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,3 +25,29 @@ jobs:
2525

2626
- name: Test
2727
run: go test -v ./...
28+
29+
- name: Install Syft
30+
run: |
31+
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
32+
33+
- name: Generate SBOM
34+
run: |
35+
syft . -o table=sbom-table.txt
36+
37+
- name: Install Grype
38+
run: |
39+
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
40+
41+
- name: Run Grype vulnerability scan
42+
run: |
43+
grype . --output table --file grype-report.txt
44+
45+
- name: Upload Security Reports
46+
uses: actions/upload-artifact@v4
47+
if: always()
48+
with:
49+
name: security-reports-${{ github.sha }}
50+
path: |
51+
sbom-table.txt
52+
grype-report.*
53+
retention-days: 10

0 commit comments

Comments
 (0)