anchore · kzantow · Sep 30, 2021 · Sep 15, 2021 · Sep 15, 2021 · Sep 15, 2021
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -36,13 +36,9 @@ jobs:
           for distro in alpine centos debian; do
             docker buildx imagetools inspect localhost:5000/match-coverage/$distro:latest
           done
-      - run: |
-          echo Downloading a pinned Grype DB for testing...
-          mkdir -p grype-db/3
-          curl -sL https://toolbox-data.anchore.io/grype/databases/vulnerability-db_v3_2021-09-10T08:18:17Z.tar.gz | tar zxf - -C grype-db/3
       - run: npm ci
       - run: npm audit --production
-      - run: GRYPE_DB_AUTO_UPDATE=false GRYPE_DB_CACHE_DIR=./grype-db npm test
+      - run: npm test
 
   functional:
     runs-on: ubuntu-latest

diff --git a/README.md b/README.md
@@ -4,7 +4,7 @@
 
 :zap: _Find threats in files or containers at lightning speed_ :zap:
 
-This is a GitHub Action for invoking the [grype](https://github.com/anchore/grype) scanner and returning the vulnerabilities found,
+This is a GitHub Action for invoking the [Grype](https://github.com/anchore/grype) scanner and returning the vulnerabilities found,
 and optionally fail if a vulnerability is found with a configurable severity level.
 
 Use this in your workflows to quickly verify files or containers' content after a build and before pushing, allowing PRs, or deploying updates.
@@ -111,7 +111,7 @@ The only required key is `image` or `path`; all the other keys are optional. The
 
 | Output Name | Description                   | Type   |
 | ----------- | ----------------------------- | ------ |
-| sarif       | Path to the SARIF report file | string |
+| `sarif`     | Path to the SARIF report file | string |
 
 ### Example Workflows
 
@@ -165,6 +165,12 @@ Optionally, you can add a step to inspect the SARIF report produced:
   run: cat ${{ steps.scan.outputs.sarif }}
 ```
 
+## Additional configuration
+
+You may add a `.grype.yaml` file at your repository root
+for more [Grype configuration](https://github.com/anchore/grype#configuration)
+such as [ignoring certain matches](https://github.com/anchore/grype#specifying-matches-to-ignore).
+
 ## Contributing
 
 We love contributions, feedback, and bug reports. For issues with the invocation of this action, file [issues](https://github.com/anchore/scan-action/issues) in this repository.
@@ -175,10 +181,7 @@ For contributing, see [Contributing](CONTRIBUTING.rst).
 
 For documentation on Grype itself, including other output capabilities, see the [grype project](https://github.com/anchore/grype)
 
-Connect with the community directly on [slack](https://anchore.com/slack). These channels from Anchore's toolbox project are ideal for engaging development of help-related discussions:
-
-- grype-dev
-- grype-help
+Connect with the community directly on [slack](https://anchore.com/slack).
 
 [test]: https://github.com/anchore/scan-action
 [test-img]: https://github.com/anchore/scan-action/workflows/Tests/badge.svg
diff --git a/dist/index.js b/dist/index.js
@@ -12,7 +12,7 @@ const fs = __webpack_require__(747);
 const stream = __webpack_require__(413);
 
 const grypeBinary = "grype";
-const grypeVersion = "0.17.0";
+const grypeVersion = "0.22.0";
 
 // sarif code
 function convert_severity_to_acs_level(input_severity, severity_cutoff_param) {
@@ -534,8 +534,13 @@ async function runScan({
     core.debug(cmdOutput);
   }
 
-  let grypeVulnerabilities = JSON.parse(cmdOutput);
-
+  let grypeVulnerabilities;
+  try {
+    grypeVulnerabilities = JSON.parse(cmdOutput);
+  } catch (e) {
+    core.error(`Unable to parse grype output: ${e}`);
+    core.error(cmdOutput);
+  }
   if (acsReportEnable) {
     try {
       const serifOut = sarifGrypeGeneration(

diff --git a/index.js b/index.js
@@ -5,7 +5,7 @@ const fs = require("fs");
 const stream = require("stream");
 
 const grypeBinary = "grype";
-const grypeVersion = "0.17.0";
+const grypeVersion = "0.22.0";
 
 // sarif code
 function convert_severity_to_acs_level(input_severity, severity_cutoff_param) {
@@ -527,8 +527,13 @@ async function runScan({
     core.debug(cmdOutput);
   }
 
-  let grypeVulnerabilities = JSON.parse(cmdOutput);
-
+  let grypeVulnerabilities;
+  try {
+    grypeVulnerabilities = JSON.parse(cmdOutput);
+  } catch (e) {
+    core.error(`Unable to parse grype output: ${e}`);
+    core.error(cmdOutput);
+  }
   if (acsReportEnable) {
     try {
       const serifOut = sarifGrypeGeneration(

diff --git a/package.json b/package.json
@@ -9,8 +9,9 @@
   },
   "scripts": {
     "lint": "eslint index.js",
-    "test": "eslint index.js && jest",
-    "update-snapshots": "eslint index.js && jest --updateSnapshot",
+    "test": "eslint index.js && npm run download-pinned-grype-db && GRYPE_DB_AUTO_UPDATE=false GRYPE_DB_CACHE_DIR=./grype-db jest",
+    "update-snapshots": "eslint index.js && npm run download-pinned-grype-db && GRYPE_DB_AUTO_UPDATE=false GRYPE_DB_CACHE_DIR=./grype-db jest --updateSnapshot",
+    "download-pinned-grype-db": "mkdir -p grype-db/3 && curl -sL https://toolbox-data.anchore.io/grype/databases/vulnerability-db_v3_2021-09-10T08:18:17Z.tar.gz | tar zxf - -C grype-db/3",
     "build": "ncc build ./index.js",
     "precommit": "pretty-quick --staged && npm run build && git add dist/",
     "prettier": "prettier -w index.js"