Skip to content

Add GRYPE_EXECUTABLE_PATH support to bypass Go build requirement#504

Merged
wagoodman merged 5 commits intoanchore:mainfrom
jamestexas:add-env-var-for-grype
Oct 23, 2025
Merged

Add GRYPE_EXECUTABLE_PATH support to bypass Go build requirement#504
wagoodman merged 5 commits intoanchore:mainfrom
jamestexas:add-env-var-for-grype

Conversation

@jamestexas
Copy link
Copy Markdown
Contributor

@jamestexas jamestexas commented Oct 22, 2025
edited
Loading

Summary

Add opt-in environment variable GRYPE_EXECUTABLE_PATH to allow using pre-built grype binaries instead of building from source. This enables running yardstick in distroless containers or environments without Go toolchain installed.

This mirrors the implementation in grype-db-manager PR #699 for GRYPE_DB_EXECUTABLE_PATH.

Changes

  • Added GRYPE_EXECUTABLE_PATH environment variable support

    • Uses cross-platform shutil.which() for executable validation
    • Logs warning and falls back to source build if path is invalid
    • Creates proper working directory with symlink to external binary
    • No behavior change for existing users (opt-in only)

  • Tests the following scenarios:

    • Valid executable path
    • Invalid/non-executable path
    • Environment variable not set
    • Custom DB import with external binary
    • Backward compatibility verification

Usage

Set environment variable to use system grype

export GRYPE_EXECUTABLE_PATH=/usr/bin/grype

Yardstick will now use the pre-built binary instead of building from source

yardstick result capture -r my-results

jamestexas and others added 3 commits August 27, 2025 13:10
@jamestexas
deps(pyproject.toml): removed unused rfc3319 dep.
c340076 
- Code currently uses timestamp.isoformat(), which >= py-3.11 supports rfc3319 designations with stdlib
- This removes the unused import since the project already pins to >=3.11, < 3.14
- All tests currently pass with this change

Signed-off-by: James Gardner <james.gardner@chainguard.dev>
@jamestexas
Merge branch 'anchore:main' into main
75a0f50
@jamestexas
Merge branch 'anchore:main' into main
43da303
@jamestexas jamestexas force-pushed the add-env-var-for-grype branch from 013cd9b to 2797c64 Compare October 23, 2025 16:42
@jamestexas
feat(src/yardstick/tool/grype): add in support for env var to skip gr…
0d0e51a 
…ype executable install

Signed-off-by: James Gardner <james.gardner@chainguard.dev>
@jamestexas jamestexas force-pushed the add-env-var-for-grype branch from 2797c64 to 0d0e51a Compare October 23, 2025 16:47
@jamestexas jamestexas marked this pull request as ready for review October 23, 2025 17:05
@jamestexas
fix(src/yardstick/tool/grype.py): ensure symlink creation is done
8833bd2 
Signed-off-by: James Gardner <james.gardner@chainguard.dev>
@wagoodman wagoodman merged commit 8753c7d into anchore:main Oct 23, 2025
3 checks passed
@wagoodman wagoodman added the enhancement New feature or request label Oct 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wagoodman wagoodman wagoodman approved these changes

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jamestexas @wagoodman