kzantow
commented
1 month ago Hey @p5, sorry for the delay here. Is this still something you are interested in getting merged? I think to get this merged it would be useful to have a test validating the CLI option (like these).
However, I should also note that today there are already a couple other ways to configure grype-specific parameters in the action using environment variables, a couple examples are passing a configuration file using environment variables:
- uses: anchore/scan-action@main
with:
image: alpine:3.15
env:
GRYPE_CONFIG: ./my-config.yml... or simply setting specific parameters using the grype environment variables:
- uses: anchore/scan-action@main
with:
image: alpine:3.15
env:
GRYPE_ONLY_FIXED: true... would either of these suffice or would you prefer adding an explicit configuration option?
Closes #217
Adds a new input parameter to allow the user to specify the location of a config file. This PR includes some tests to ensure the correct flags are passed into Grype, and updates the README.md.
I am unsure what else to add to the tests, or how to actually test that parameters in the config files are working. Hopefully I can have some guidance here.
I have chosen the same naming convention as the Syft action.