Skip to content

Commit

Permalink
Makefile: add experimental report-tool grype
Browse files Browse the repository at this point in the history
`grype` is a security scanner for container images etc. Golang
tools are among the supported scan targets.

    $> grype .
    ✔ Vulnerability DB        [no update available]
    ✔ Indexed .
    ✔ Cataloged packages      [66 packages]
    ✔ Scanning image...       [2 vulnerabilities]
    ├── 0 critical, 2 high, 0 medium, 0 low, 0 negligible
    └── 0 fixed
    NAME                            INSTALLED  FIXED-IN  TYPE       VULNERABILITY        SEVERITY
    github.com/opencontainers/runc  v1.1.4               go-module  GHSA-vpvm-3wq2-2wvm  High

This commit adds it to the Makefile to have it at hand every now and
then.
  • Loading branch information
mgumz committed Mar 11, 2023
1 parent 8958e25 commit 255aefa
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,10 @@ report-gosec:
@echo '####################################################################'
gosec ./...

report-grype:
@echo '####################################################################'
grype .

fetch-report-tools:
go install github.com/fzipp/gocyclo/cmd/gocyclo@latest
go install github.com/client9/misspell/cmd/misspell@latest
Expand All @@ -97,4 +101,7 @@ fetch-report-tools:
go install golang.org/x/vuln/cmd/govulncheck@latest
go install github.com/securego/gosec/v2/cmd/gosec@latest

fetch-report-tool-grype:
go install github.com/anchore/grype@latest

.PHONY: cciu bin/cciu

0 comments on commit 255aefa

Please sign in to comment.