feat: [#44] Grype scanning (#46)

* fix: [#30] Issue in README.md * feat: [#44] Grype scanning
schubergphilis · May 30, 2024 · 2f037a5 · 2f037a5
1 parent f732c84
commit 2f037a5
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 16 deletions.
diff --git a/README.md b/README.md
@@ -4,18 +4,18 @@ Mission Critical Vulnerability Scanner (MCVS) Golang Action is a custom
 [GitHub Action](https://github.com/features/actions) that consists of the
 following steps:
 
-* Install the Golang version that is defined in the project `go.mod`.
-* Verify to be downloaded Golang modules.
-* Check for incorrect import order and indicate how to resolve it.
-* Code security scanning and suppression of certain CVEs for a maximum one
+- Install the Golang version that is defined in the project `go.mod`.
+- Verify to be downloaded Golang modules.
+- Check for incorrect import order and indicate how to resolve it.
+- Code security scanning and suppression of certain CVEs for a maximum of one
   month. In some situations a particular CVE will be resolved in a couple of
   weeks and this allows the developer to continue in a safe way while knowing
   that the pipeline will fail again if the issue has not been resolved in a
   couple of weeks.
-* Linting.
-* Unit tests.
-* Integration tests.
-* Code coverage.
+- Linting.
+- Unit tests.
+- Integration tests.
+- Code coverage.
 
 In summary, using this action will ensure that Golang code meets certain
 standards before it will be deployed to production as the assembly line will

diff --git a/action.yml b/action.yml
@@ -6,7 +6,7 @@ inputs:
   golang-unit-tests-exclusions:
     description: |
       The Golang paths that should be excluded from unit testing.
-    default: ' '
+    default: " "
   golangci-lint-version:
     description: |
       The Golangci-lint version that has to be installed and used.
@@ -15,16 +15,16 @@ inputs:
   golang-number-of-tests-in-parallel:
     description: |
       Number of test in parallel.
-    default: '4'
+    default: "4"
 runs:
-  using: 'composite'
+  using: "composite"
   steps:
     #
     # Install the golang version that has been defined in the go.mod file.
     #
     - uses: actions/[email protected]
       with:
-        go-version-file: 'go.mod'
+        go-version-file: "go.mod"
         cache: false
     #
     # Verify downloaded dependencies.
@@ -51,14 +51,20 @@ runs:
     #
     # Code security scanning.
     #
+    - uses: anchore/[email protected]
+      with:
+        only-fixed: false
+        output-format: table
+        path: "."
+        severity-cutoff: high
     - uses: 030/[email protected]
     - uses: aquasecurity/[email protected]
       with:
-        scan-type: 'fs'
-        scan-ref: '.'
-        exit-code: '1'
+        scan-type: "fs"
+        scan-ref: "."
+        exit-code: "1"
         ignore-unfixed: true
-        severity: 'CRITICAL,HIGH'
+        severity: "CRITICAL,HIGH"
         trivyignores: .trivyignore
     #
     # Run golangci-lint.