fix: scan with grype

mguzman14 · mguzman14 · commit 40a787e96457 · 2025-12-09T15:26:50.000+01:00
diff --git a/.github/workflows/build_and_push.yml b/.github/workflows/build_and_push.yml
@@ -49,19 +49,19 @@ jobs:
           if-no-files-found: error
           retention-days: 14
         # 🛡 Evaluate SBOM with Grype (fail build on HIGH or CRITICAL vulns)
-      # - name: 🛡 Vulnerability scan (Grype on SBOM)
-      #   run: |
-      #     docker run --rm \
-      #     -v "$PWD":/work \
-      #     anchore/grype:latest /work/sbom.syft.json \
-      #     --fail-on high \
-      #     --only-fixed=false \
-      #     --add-cpes-if-none
-
-      - name: Scan SBOM
-        uses: anchore/scan-action@v6
-        with:
-          sbom: sbom.syft.json
+      - name: 🛡 Vulnerability scan (Grype on SBOM)
+        run: |
+          docker run --rm \
+          -v "$PWD":/work \
+          anchore/grype:v0.104.1 /work/sbom.syft.json \
+          --fail-on high \
+          --only-fixed=false \
+          --add-cpes-if-none
+
+      # - name: Scan SBOM
+      #   uses: anchore/scan-action@v6
+      #   with:
+      #     sbom: sbom.syft.json
 
       - name: 🔑 Login to Quay.io
         run: |
