To load these rules, add this to the top of your BUILD
file:
load("@rules_syft//grype:defs.bzl", ...)
grype_report(name, database, ignore_vulnerabilities, only_fixed, sbom)
Generate CVE Report for an syft_sbom using grype binary that is pulled as a toolchain.
oci_image(
name = "image"
)
syft_sbom(
name = "sbom",
image = ":image"
)
grype_report(
name = "report",
sbom = ":sbom",
database = "@grype_database",
)
ATTRIBUTES
Name | Description | Type | Mandatory | Default |
---|---|---|---|---|
name | A unique name for this target. | Name | required | |
database | Label to grype.database | Label | required | |
ignore_vulnerabilities | Vulnerabilities to ignore | List of strings | optional | [] |
only_fixed | Ignore matches for vulnerabilities that are not fixed | Boolean | optional | False |
sbom | Label to syft_sbom | Label | required |