feat: CHEF-33010 - Added grype scan config #13
Nik08ci-main-pull-request-stub.yml
on: pull_request
Detect custom properties
4s
Echo stub version
2s
call-ci-main-pr-check-pipeline
/
Checkout repository
3s
call-ci-main-pr-check-pipeline
/
Pre-compilation checks
4s
call-ci-main-pr-check-pipeline
/
Build/compilation and unit tests (CI)
49s
call-ci-main-pr-check-pipeline
/
...
/
Export SBOM from GitHub Dependency Graph API
6s
call-ci-main-pr-check-pipeline
/
...
/
Blackduck SCA Scan (PURPLE)
1m 47s
call-ci-main-pr-check-pipeline
/
...
/
Generate MSFT SBOM
0s
call-ci-main-pr-check-pipeline
/
...
/
license_scout
0s
call-ci-main-pr-check-pipeline
/
...
/
Complexity and SLOC generation
19s
call-ci-main-pr-check-pipeline
/
Language-specific pre-compilation steps and linting
5s
call-ci-main-pr-check-pipeline
/
Language-agnostic pre-compilation steps
3s
call-ci-main-pr-check-pipeline
/
...
/
Trufflehog
12s
call-ci-main-pr-check-pipeline
/
Grype scan
47s
call-ci-main-pr-check-pipeline
/
...
/
BlackDuck Polaris SAST scan
1m 14s
call-ci-main-pr-check-pipeline
/
...
/
Grype vulnerability scan
call-ci-main-pr-check-pipeline
/
...
/
Grype scan (Linux)
call-ci-main-pr-check-pipeline
/
...
/
Grype scan (MacOS)
call-ci-main-pr-check-pipeline
/
...
/
Grype scan (Windows)
call-ci-main-pr-check-pipeline
/
Creating packaged binaries
0s
call-ci-main-pr-check-pipeline
/
Detect SBOM version for application
0s
Matrix: call-ci-main-pr-check-pipeline / Unit tests
call-ci-main-pr-check-pipeline
/
...
/
irfan
call-ci-main-pr-check-pipeline
/
Creating Habitat packages
0s
call-ci-main-pr-check-pipeline
/
Publishing Habitat packages to Builder
call-ci-main-pr-check-pipeline
/
Publishing packages
call-ci-main-pr-check-pipeline
/
Grype scan of Habitat packages
call-ci-main-pr-check-pipeline
/
Grype scan of Habitat packages (Windows)
Annotations
6 warnings
|
Detect custom properties
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
call-ci-main-pr-check-pipeline / Generating SBOM / Export SBOM from GitHub Dependency Graph API
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/upload-artifact@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
call-ci-main-pr-check-pipeline / Source code complexity checks / Complexity and SLOC generation
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/upload-artifact@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
call-ci-main-pr-check-pipeline / Grype scan
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/upload-artifact@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
call-ci-main-pr-check-pipeline / BlackDuck Polaris SAST scan / BlackDuck Polaris SAST scan
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: blackduck-inc/black-duck-security-scan@v2. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
call-ci-main-pr-check-pipeline / Generating SBOM / Blackduck SCA Scan (PURPLE)
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/upload-artifact@v4, blackduck-inc/black-duck-security-scan@v2.1.1. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
Artifacts
Produced during runtime
| Name | Size | Digest | |
|---|---|---|---|
|
grype-scan-train-kubernetes-20260331-202416
|
2.07 KB |
sha256:e8ce84ac59da53f9aa96d9921ee392732ff4a6e1ca1b654d0fceda1d01c003e2
|
|
|
inspec-train-kubernetes-20260331202336-GitHub-sbom.json
|
1.44 KB |
sha256:b1c4d11ecc4f1d8a697fee0882cf57a042cd3b987aea4503acff7fa7c956e746
|
|
|
inspec-train-kubernetes-41-merge-0.3.3-20260331202336-GitHub-sbom.csv
|
806 Bytes |
sha256:52329ba91b20f8b215ebe8b429ad00cafa26122c07b158a97c6731fa811f3c16
|
|
|
inspec-train-kubernetes-41-merge-20260331202350-scc-complexity.html
|
1.94 KB |
sha256:8df5cac2f9ffe5ae106a2ca4a1eab3f12a586b366ee1f2c48e2bdcffdb48aacf
|
|
|
inspec-train-kubernetes-41-merge-20260331202350-scc-complexity.json
|
2.08 KB |
sha256:a07d0cd8582297de348b6713028a84490b952f147a99d7b39b36e0987afffe17
|
|
|
inspec-train-kubernetes-41-merge-20260331202350-scc-complexity.txt
|
690 Bytes |
sha256:ff75f41aadc31f0561391db9b2e4cf928beb116a160eea5d137ee9f5bf546d59
|
|
|
train-kubernetes-Gemfile-lock.txt
|
5.25 KB |
sha256:9e706e451fac78834ffc18a96a9f92f09c878f6357f6284dff42b69736cfd911
|
|