build: break YAML to see if grype throws an error.

A debug run of anchore is showing the config as: configpath: /home/runner/work/roundup/roundup/.grype.yaml when running: Executing: grype -vv -o sarif --fail-on medium localbuild/testimage:latest Try breaking the yaml to see if it is actually being loaded. [skip travis]
roundup-tracker · Sep 25, 2023 · 98d6503 · 98d6503
1 parent 697c4d1
commit 98d6503
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 4 deletions.
diff --git a/.github/workflows/anchore.yml b/.github/workflows/anchore.yml
@@ -42,8 +42,6 @@ jobs:
       run: docker pull python:3-alpine; docker build . --file scripts/Docker/Dockerfile --tag localbuild/testimage:latest
     - name: List the Docker image
       run: docker image ls
-    - name: copy grype.yaml into $home
-      run: cp .grype.yaml $HOME/
     - name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled
       uses: anchore/scan-action@24fd7c9060f3c96848dd1929fac8d796fb5ae4b4 # v3.3.6
       id: scan

diff --git a/.grype.yaml b/.grype.yaml
@@ -1,5 +1,5 @@
 ignore:
-  - vulnerability: CVE-2018-20225
+  - vlnerability: CVE-2018-20225
     fix-state: not-fixed
   - vulnerability: CVE-2018-20225-pip
-    fix-state: not-fixed
+  fix-state: not-fixed