Grype can only scan a Java application source code if all the dependencies have already been fetched and available as JAR files. In the "commit-stage.yml" workflow, we need to fix the sequence of actions so that we build the app first and scan the source code afterwards.
Grype can only scan a Java application source code if all the dependencies have already been fetched and available as JAR files. In the "commit-stage.yml" workflow, we need to fix the sequence of actions so that we build the app first and scan the source code afterwards.
Fixes gh-38