github action for grype

SCA/grype_image/Dockerfile

@@ -0,0 +1,6 @@
+FROM stefanfle/secobserve-scanners:latest
+
+WORKDIR /
+COPY entrypoint.sh .
+RUN chmod +x entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]

SCA/grype_image/action.yaml

@@ -0,0 +1,23 @@
+name: 'SecObserve Grype image'
+description: 'Scans Docker images for vulnerabilities with Grype'
+author: 'MaibornWolff'
+inputs:
+  target:
+    description: 'The target to be scanned, here the name of the docker image.'
+    required: true
+    default: '.'
+  report_name:
+    description: 'The name of the report to be written.'
+    required: true
+  further_parameters:
+    description: 'Further parameters to be given to the scanner.'
+    required: false
+    default: ''
+
+runs:
+  using: 'docker'
+  image: "Dockerfile"
+  env:
+    INPUT_TARGET: ${{ inputs.target }}
+    INPUT_REPORT_NAME: ${{ inputs.report_name }}
+    INPUT_FURTHER_PARAMETERS: ${{ inputs.further_parameters }}

SCA/grype_image/entrypoint.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+set -e
+
+cd "$GITHUB_WORKSPACE"
+docker pull "$INPUT_TARGET"
+grype docker:"$INPUT_TARGET" $INPUT_FURTHER_PARAMETERS --output cyclonedx-json --file "$INPUT_REPORT_NAME"
+
+exit 0