Closed
Description
When using the anchore acan-action, I have not been able to get my .grype.yaml file read from anywhere. I have tried repository root, home (~), and directory containing image to scan.
When inputting debug: true to the action, I can see grype is invoked with -vv flag, but no additional output is shown other than the error for failed vulnerability check. Example below:
Executing: grype -vv -o json --fail-on medium docker-image/image.tar Error: Failed minimum severity level. Found vulnerabilities with level medium or higher
Upon discussion with @wagoodman , he stated we're capturing stdout but stderr isn't being captured nor does it inherit that from the parent process (and logging output goes to stderr).
Hope this helps, thanks