chore: upgrade grype to 0.15.0

.github/workflows/test.yml

@@ -6,13 +6,17 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
-    - run: npm ci
-    - run: npm audit --production
-    - run: npm test -- --testPathIgnorePatterns action.test.js
+      - uses: actions/checkout@v2
+      - run: npm ci
+      - run: npm audit --production
+      - run: npm test -- --testPathIgnorePatterns action.test.js
 
   functional:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
-    - run: make check
+      - uses: actions/checkout@v2
+      - run: make check
+      - uses: actions/upload-artifact@v2
+        with:
+          name: functional-test-output
+          path: tests/functional/output/*

.gitignore

@@ -108,6 +108,7 @@ typings/
 
 # IDE files/dirs
 .vscode
+.idea
 
 # Exclude python test artifacts
 /act

README.md

@@ -102,7 +102,7 @@ The only required key is `image`; all the other keys are optional. These are all
 | `image` | The image to scan | N/A |
 | `debug` | Verbose logging output | `false` |
 | `fail-build` | Fail the build if a vulnerability is found with a higher severity. That severity defaults to `"medium"` and can be set with `severity-cutoff`.  | `false` |
-| `grype-version` | An optional parameter to specify a specific version of `grype` to use for the scan. Default is the version locked to the scan-action release | `0.1.0` |
+| `grype-version` | An optional parameter to specify a specific version of `grype` to use for the scan. Default is the version locked to the scan-action release | `0.15.0` |
 | `acs-report-enable` | Optionally, enable the feature that causes a result.sarif report to be generated after successful action execution.  This report is compatible with GitHub Automated Code Scanning (ACS), as the artifact to upload for display as a Code Scanning Alert report. | `false` |
 | `severity-cutoff` | With ACS reporting enabled, optionally specify the minimum vulnerability severity to trigger an "error" level ACS result.  Valid choices are "negligible", "low", "medium", "high" and "critical".  Any vulnerability with a severity less than this value will lead to a "warning" result.  Default is "medium". | `"medium"` |
 

dist/index.js

@@ -11,7 +11,7 @@ const { exec } = __webpack_require__(514);
 const fs = __webpack_require__(747);
 
 const grypeBinary = "grype";
-const grypeVersion = "0.7.0";
+const grypeVersion = "0.15.0";
 
 // sarif code
 function convert_severity_to_acs_level(input_severity, severity_cutoff_param) {

index.js

@@ -4,7 +4,7 @@ const { exec } = require("@actions/exec");
 const fs = require("fs");
 
 const grypeBinary = "grype";
-const grypeVersion = "0.7.0";
+const grypeVersion = "0.15.0";
 
 // sarif code
 function convert_severity_to_acs_level(input_severity, severity_cutoff_param) {