Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Action continues on non-vulnerability failures #390

Open
kzantow opened this issue Oct 15, 2024 · 0 comments
Open

Action continues on non-vulnerability failures #390

kzantow opened this issue Oct 15, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@kzantow
Copy link
Contributor

kzantow commented Oct 15, 2024

The action should not continue if there is some failure when executing Grype which is caused by something other than vulnerability results. For example, a user reported issues on Discourse which were caused by specifying an SBOM file location that Grype was unable to find; this did not fail the build:

/opt/hostedtoolcache/grype/0.82.1/x64/grype -o sarif --fail-on critical sbom:poke-cli-sbom-v0.6.2.spdx.json
  failed to catalog: unable to open file poke-cli-sbom-v0.6.2.spdx.json: open poke-cli-sbom-v0.6.2.spdx.json: no such file or directory
  
Warning: Failed minimum severity level. Found vulnerabilities with level 'critical' or higher
@kzantow kzantow added the bug Something isn't working label Oct 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
Status: No status
Development

No branches or pull requests

1 participant