To load these rules, add this to the top of your BUILD file:
load("@rules_syft//grype:defs.bzl", ...)grype_test(name, database, fail_on_severity, ignore_vulnerabilities, only_fixed, sbom)
Scans a SBOM for known vulnerabilities and fails if vulnerabilities are found that exceed a certain severity.
oci_image(
name = "image"
)
syft_sbom(
name = "sbom",
image = ":image"
)
grype_test(
name = "test",
sbom = ":sbom",
database = "@grype_database",
)ATTRIBUTES
| Name | Description | Type | Mandatory | Default |
|---|---|---|---|---|
| name | A unique name for this target. | Name | required | |
| database | Label to grype.database | Label | required | |
| fail_on_severity | Severity at or above which to fail | String | optional | "low" |
| ignore_vulnerabilities | Vulnerabilities to ignore | List of strings | optional | [] |
| only_fixed | Ignore matches for vulnerabilities that are not fixed | Boolean | optional | False |
| sbom | Label to syft_sbom | Label | required |