CHEF-33010 Added grype scan config

Nik08 · Copilot · Nik08 · commit 372af8c5828d · 2026-03-26T23:12:26.000+05:30
Signed-off-by: Nikita Mathur &lt;nikita.mathur@progress.com&gt;

Co-authored-by: Copilot &lt;223556219+Copilot@users.noreply.github.com&gt;
diff --git a/.github/workflows/ci-main-pull-request-stub.yml b/.github/workflows/ci-main-pull-request-stub.yml
@@ -106,6 +106,11 @@ jobs:
       perform-language-linting: true    # Perform language-specific linting and pre-compilation checks
       perform-trufflehog-scan: true
       perform-trivy-scan: true
+
+      # grype vulnerability scanning
+      perform-grype-scan: true
+      grype-fail-on-high: true
+      grype-fail-on-critical: true
              
       # perform application build and unit testing, will use custom repository properties when implemented for chef-primary-application, chef-build-profile, and chef-build-language
       build: true
