Skip to content

Run grype scan on built APKs as part of CI #3171

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jdolitsky merged 4 commits into from
Jun 28, 2023
Merged

Run grype scan on built APKs as part of CI #3171

jdolitsky merged 4 commits into from
Jun 28, 2023

Conversation

@jdolitsky
Copy link
Member

@jdolitsky jdolitsky commented Jun 28, 2023

No description provided.

@jdolitsky jdolitsky requested a review from luhring June 28, 2023 19:54
@jdolitsky jdolitsky requested review from a team as code owners June 28, 2023 19:54
@jdolitsky jdolitsky requested a review from ajayk June 28, 2023 19:54
@jdolitsky jdolitsky force-pushed the grype-scan-in-ci branch 3 times, most recently from a19041a to b43625e Compare June 28, 2023 20:22
@jdolitsky jdolitsky enabled auto-merge June 28, 2023 20:31
kaniini
kaniini suggested changes Jun 28, 2023
View reviewed changes
@jdolitsky jdolitsky requested a review from kaniini June 28, 2023 20:35
@jdolitsky jdolitsky added this pull request to the merge queue Jun 28, 2023
Merged via the queue into wolfi-dev:main with commit cbed14c Jun 28, 2023
@jdolitsky jdolitsky deleted the grype-scan-in-ci branch June 28, 2023 20:38
mattmoor
mattmoor reviewed Jun 28, 2023
View reviewed changes
.github/workflows/ci-build.yaml
Comment on lines +87 to +97
# Note: vulns found in scans do not currently block CI
- name: 'Grype scan APKs'
id: grype-scan
if: steps.file_check.outputs.exists == 'true'
run: |
set -x
for line in `cat packages.log`; do
# convert the melange output (e.g. "x86_64|grype|grype|0.63.0-r1" ) to an actual apk path
apk_path=$(echo "${line}" | awk '{ split($1, pkg, "|"); printf("packages/%s/%s-%s.apk\n", pkg[1], pkg[2], pkg[4]) }')
./scripts/grype-scan-apk.sh "${apk_path}"
done
Copy link
Member

@mattmoor mattmoor Jun 28, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FYI: https://github.com/chainguard-images/actions/tree/main/scan-apk

@philroche philroche mentioned this pull request Nov 5, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mattmoor mattmoor mattmoor left review comments

@luhring luhring Awaiting requested review from luhring

@ajayk ajayk Awaiting requested review from ajayk ajayk was automatically assigned from wolfi-dev/wolfi-repository-maintainers

+1 more reviewer

@kaniini kaniini kaniini approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jdolitsky @kaniini @mattmoor