Skip to content

Update grype to version 0.73.4

Ghost User requested to merge update-grype-to-0.73.4-2023-12-11 into master

Why is this change being made?

@hacks4oats, would you mind assigning correct milestone and taking care of this MR? 👀

We're updating grype to the newest available version (0.73.4).

Please follow these steps to release the new version:

  1. Retrieve the image URL from the pipeline job log:

    • The job should have the title: release > tag branch:[grype, Dockerfile]
    • Look for the image URL from the logs. It should look something like: registry.gitlab.com/gitlab-org/security-products/analyzers/container-scanning/tmp/grype:193dca72bab3627976c62f4b6d3e7ccb438a7f5c
  2. Run a container scan using the image URL

    You can reference this Container Scanning Test repo to run a container scan.

    1. Run a new pipeline.
    2. Set a CI variable CS_ANALYZER_IMAGE with the image URL obtained from step 1.
    3. Set a CI variable CS_IMAGE to registry.gitlab.com/gitlab-org/security-products/tests/webgoat/develop:1ea6d6bb5e1e770dae269d5f8866cdefbeb5da70.
    4. Check that the container scan completes without error.
  3. Check the changelog of Trivy and Grype to see if there are any potential breaking change that might affect the code.

  4. Ensure Integration tests are passing

  5. If all is good, merge this MR.

  6. Create a new tag based on the new version that should have been auto incremented.

    • The new version can be found in the version.rb file.
  7. A release pipeline would be triggered to release the new version.

Merge request reports

Loading