Skip to content

CHEF-33010 Added grype scan config#63

Merged
Nik08 merged 3 commits intomainfrom
nm/grype-scan-flags
Mar 31, 2026
Merged

CHEF-33010 Added grype scan config#63
Nik08 merged 3 commits intomainfrom
nm/grype-scan-flags

Conversation

@Nik08
Copy link
Copy Markdown
Contributor

@Nik08 Nik08 commented Mar 26, 2026

Description

This pull request updates the CI workflow configuration by enabling an additional security scanning tool and its associated strictness settings. The main focus is on strengthening vulnerability detection during the CI process.

Security scanning enhancements:

  • Enabled Grype vulnerability scanning by setting perform-grype-scan to true, ensuring that container images are checked for known vulnerabilities as part of the workflow.
  • Configured the workflow to fail if Grype detects vulnerabilities of "high" or "critical" severity, by setting grype-fail-on-high and grype-fail-on-critical to true, increasing the strictness of security checks.

Related Issue

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New content (non-breaking change)
  • Breaking change (a content change which would break existing functionality or processes)

Checklist:

  • I have read the CONTRIBUTING document.

@Nik08
ci: add grype scan config and rename workflow file
a8ee9ca 
- Add perform-grype-scan: true to enable Grype vulnerability scanning
- Add grype-fail-on-high: true to fail build on high severity CVEs
- Add grype-fail-on-critical: true to fail build on critical severity CVEs
- Rename ci-main-pull-request-stub-1.0.8.yml to ci-main-pull-request-stub.yml
- Add trailing newline at end of file

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Signed-off-by: Nik08 <nikita.mathur@progress.com>
@Nik08 Nik08 added Expeditor: Skip All CI/CD: Don't do anything on merge Expeditor: Skip Version Bump labels Mar 26, 2026
Nik08 and others added 2 commits March 26, 2026 23:48
@Nik08
CHEF-33010 Fix SBOM pipeline: add run-bundle-install to generate Gemf…
b60715d 
…ile.lock at runtime

Signed-off-by: Nikita Mathur <nikita.mathur@progress.com>

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@Nik08
Merge main and resolve conflicts
522c780
@Nik08 Nik08 merged commit 541dfa2 into main Mar 31, 2026
30 of 33 checks passed
nandanhegde73 pushed a commit that referenced this pull request Apr 23, 2026
@Nik08 @nandanhegde73
CHEF-33010 Added grype scan config (#63)
5cba95b 
* ci: add grype scan config and rename workflow file

- Add perform-grype-scan: true to enable Grype vulnerability scanning
- Add grype-fail-on-high: true to fail build on high severity CVEs
- Add grype-fail-on-critical: true to fail build on critical severity CVEs
- Rename ci-main-pull-request-stub-1.0.8.yml to ci-main-pull-request-stub.yml
- Add trailing newline at end of file

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Signed-off-by: Nik08 <nikita.mathur@progress.com>

* CHEF-33010 Fix SBOM pipeline: add run-bundle-install to generate Gemfile.lock at runtime

Signed-off-by: Nikita Mathur <nikita.mathur@progress.com>

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Signed-off-by: Nik08 <nikita.mathur@progress.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Expeditor: Skip All CI/CD: Don't do anything on merge Expeditor: Skip Version Bump

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Nik08