fix(ci): Fix grype output file and dependency

saisatishkarra · saisatishkarra · commit 37539911dc44 · 2023-06-20T11:18:40.000-05:00
diff --git a/.github/workflows/docker-image-scan.yml b/.github/workflows/docker-image-scan.yml
@@ -10,12 +10,9 @@ on:
     tags:
     - '*'
 
-env:
-  HAS_ACCESS_TO_GITHUB_TOKEN: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository }}
-
 jobs:
   test-scan-docker-image:
-    if: ${{ env.HAS_ACCESS_TO_GITHUB_TOKEN == 'true' }}
+    if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository }}
     name: Test Scan Docker Image
     runs-on: ubuntu-22.04
     env:
diff --git a/code-check-actions/rustcheck/action.yml b/code-check-actions/rustcheck/action.yml
@@ -128,7 +128,7 @@ runs:
     
     # Don't fail during report generation
     - name: Vulnerability analysis of SBOM
-      uses: anchore/scan-action@v3.3.4
+      uses: anchore/scan-action@v3.3.5
       id: grype_analysis_sarif
       if: ${{ steps.sbom_report.outputs.files_exists == 'true' }}
       with:
@@ -140,7 +140,7 @@ runs:
     # Don't fail during report generation
     # JSON format will report  any ignored rules
     - name: Vulnerability analysis of SBOM
-      uses: anchore/scan-action@v3.3.4
+      uses: anchore/scan-action@v3.3.5
       id: grype_analysis_json
       if: ${{ steps.sbom_report.outputs.files_exists == 'true' }}
       with:
@@ -153,7 +153,7 @@ runs:
       uses: andstor/file-existence-action@v2
       id: grype_report
       with:
-        files: "${{ steps.grype_analysis_sarif.outputs.sarif }}, ${{ steps.grype_analysis_json.outputs.report }}"
+        files: "${{ steps.grype_analysis_sarif.outputs.sarif }}, ${{ steps.grype_analysis_json.outputs.json }}"
         fail: true
     
     # Grype CVE Action generates an ./results.sarif or ./results.report and no way to customize output file name
@@ -162,7 +162,7 @@ runs:
       shell: bash
       run: |
         mv ${{ steps.grype_analysis_sarif.outputs.sarif }} ${{ steps.meta.outputs.grype_sarif_file }}
-        mv ${{ steps.grype_analysis_json.outputs.report }} ${{ steps.meta.outputs.grype_json_file }}
+        mv ${{ steps.grype_analysis_json.outputs.json }} ${{ steps.meta.outputs.grype_json_file }}
     
     - name: Upload grype analysis report
       uses: actions/upload-artifact@v3
@@ -185,7 +185,7 @@ runs:
     # Notify grype quick scan results in table format
     # Table format will supress any specified ignore rules
     - name: Inspect Vulnerability analysis of SBOM
-      uses: anchore/scan-action@v3.3.4
+      uses: anchore/scan-action@v3.3.5
       if: ${{ steps.sbom_report.outputs.files_exists == 'true' }}
       with:
         sbom: ${{ steps.meta.outputs.sbom_spdx_file }}
diff --git a/security-actions/scan-docker-image/action.yml b/security-actions/scan-docker-image/action.yml
@@ -111,7 +111,7 @@ runs:
     
     # Don't fail during report generation
     - name: Vulnerability analysis of SBOM
-      uses: anchore/scan-action@v3.3.4
+      uses: anchore/scan-action@v3.3.5
       id: grype_analysis_sarif
       if: ${{ steps.sbom_report.outputs.files_exists == 'true' }}
       with:
@@ -123,7 +123,7 @@ runs:
     # Don't fail during report generation
     # JSON format will report  any ignored rules
     - name: Vulnerability analysis of SBOM
-      uses: anchore/scan-action@v3.3.4
+      uses: anchore/scan-action@v3.3.5
       id: grype_analysis_json
       if: ${{ steps.sbom_report.outputs.files_exists == 'true' }}
       with:
@@ -136,7 +136,7 @@ runs:
       uses: andstor/file-existence-action@v2
       id: grype_report
       with:
-        files: "${{ steps.grype_analysis_sarif.outputs.sarif }}, ${{ steps.grype_analysis_json.outputs.report }}"
+        files: "${{ steps.grype_analysis_sarif.outputs.sarif }}, ${{ steps.grype_analysis_json.outputs.json }}"
         fail: true
     
     # Grype CVE Action generates an ./results.sarif or ./results.report and no way to customize output file name
@@ -145,7 +145,7 @@ runs:
       shell: bash
       run: |
         mv ${{ steps.grype_analysis_sarif.outputs.sarif }} ${{ steps.meta.outputs.grype_sarif_file }}
-        mv ${{ steps.grype_analysis_json.outputs.report }} ${{ steps.meta.outputs.grype_json_file }}
+        mv ${{ steps.grype_analysis_json.outputs.json }} ${{ steps.meta.outputs.grype_json_file }}
     
     - name: Upload grype analysis report
       uses: actions/upload-artifact@v3
@@ -193,7 +193,7 @@ runs:
     # Notify grype quick scan results in table format
     # Table format will supress any specified ignore rules
     - name: Inspect Vulnerability analysis of SBOM
-      uses: anchore/scan-action@v3.3.4
+      uses: anchore/scan-action@v3.3.5
       if: ${{ steps.sbom_report.outputs.files_exists == 'true' }}
       with:
         sbom: ${{ steps.meta.outputs.sbom_spdx_file }}
