Update grype to version 0.73.4
Why is this change being made?
@hacks4oats, would you mind assigning correct milestone and taking care of this MR?
We're updating grype to the newest available version (0.73.4).
Please follow these steps to release the new version:
-
Retrieve the image URL from the pipeline job log:
- The job should have the title: release > tag branch:[grype, Dockerfile]
- Look for the image URL from the logs. It should look something like:
registry.gitlab.com/gitlab-org/security-products/analyzers/container-scanning/tmp/grype:193dca72bab3627976c62f4b6d3e7ccb438a7f5c
-
Run a container scan using the image URL
You can reference this Container Scanning Test repo to run a container scan.
- Run a new pipeline.
- Set a CI variable
CS_ANALYZER_IMAGE
with theimage URL
obtained from step 1. - Set a CI variable
CS_IMAGE
toregistry.gitlab.com/gitlab-org/security-products/tests/webgoat/develop:1ea6d6bb5e1e770dae269d5f8866cdefbeb5da70
. - Check that the container scan completes without error.
-
Check the changelog of Trivy and Grype to see if there are any potential breaking change that might affect the code.
-
Ensure Integration tests are passing
-
If all is good, merge this MR.
-
Create a new tag based on the new version that should have been auto incremented.
- The new version can be found in the version.rb file.
-
A release pipeline would be triggered to release the new version.