enable configuring uncompressed database in grype db#483
Merged
willmurphyscode merged 1 commit intomainfrom Aug 6, 2025
Merged
enable configuring uncompressed database in grype db#483willmurphyscode merged 1 commit intomainfrom
willmurphyscode merged 1 commit intomainfrom
Conversation
Previously, grype depended on the 'grype-db package' step, which includes the database, having been run. However, recent versions of grype can import the vulnerability.db file that results from 'grype-db build' directly. Therefore, yardstick should support configuring the grype database to be a .db file. The main benefit is saving time in CI, where we sometimes build a grype database, and then compress it, and then import it (which includes decompressing it) on the same host. This change will allow quality gates to use less CPU time by preventing them from needing to zstd compress and then decompress the vulnerability database. Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
wagoodman
approved these changes
Aug 6, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Previously, grype depended on the 'grype-db package' step, which includes the database, having been run. However, recent versions of grype can import the vulnerability.db file that results from 'grype-db build' directly. Therefore, yardstick should support configuring the grype database to be a .db file.
The main benefit is saving time in CI, where we sometimes build a grype database, and then compress it, and then import it (which includes decompressing it) on the same host. This change will allow quality gates to use less CPU time by preventing them from needing to zstd compress and then decompress the vulnerability database.