grype

release(v0.7.7): prepare release #296

	name: grype
	on:
	push:
	branches-ignore:
	- 'dependabot/**'
	pull_request:
	schedule:
	- cron: '0 12 * * 6'
	permissions:
	contents: read
	jobs:
	grype:
	permissions:
	contents: read # for docker/build-push-action to read repo content
	security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
	runs-on: ubuntu-22.04
	steps:
	- name: Check out code into the Go module directory
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- name: Set up QEMU
	uses: docker/[email protected]
	- name: Set up Docker Buildx
	uses: docker/[email protected]
	- name: Build Container Image
	uses: docker/[email protected]
	with:
	context: .
	file: ./Dockerfile
	load: true
	platforms: linux/amd64
	provenance: false
	push: false
	tags: ghcr.io/${{ github.repository }}:grype
	- name: Run Grype Vulnerability Scanner
	uses: anchore/scan-action@v3
	id: scan
	with:
	image: ghcr.io/${{ github.repository }}:grype
	- name: Upload Grype Scan Results
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: ${{ steps.scan.outputs.sarif }}

Provide feedback