Skip to content

Add hab path#38

Merged
karunesh-tech merged 1 commit intomainfrom
sandhi/add-hab-path
Mar 20, 2026
Merged

Add hab path#38
karunesh-tech merged 1 commit intomainfrom
sandhi/add-hab-path

Conversation

@sandhi18
Copy link
Contributor

@sandhi18 sandhi18 commented Mar 20, 2026

Description

This pull request updates the Grype vulnerability scanning workflows to provide greater flexibility and improve artifact management. The main changes include allowing a custom Habitat package path to be specified, updating the Grype scan process to use the CLI directly, and improving artifact naming and handling.

Grype scan workflow improvements:

  • Added a new input grype-hab-path to .github/workflows/ci-main-pull-request.yml and .github/workflows/grype-hab-package-scan.yml to allow specifying a custom path to a built Habitat package, which overrides the default package inputs. [1] [2]
  • Modified Habitat build steps in grype-hab-package-scan.yml (Linux, Windows, and Mac) to use the custom hab_path if provided, otherwise defaulting to the current directory. [1] [2] [3]
  • Updated the usage of the shared workflow to reference a branch that includes the new hab_path support.
  • Passed the new hab_path input to the shared workflow from the main workflow.

Direct Grype CLI usage and artifact handling:

  • Replaced the use of the anchore/scan-action with direct Grype CLI commands, ensuring the latest Grype version is installed, and outputting both JSON and table-formatted scan results.
  • Improved artifact naming by generating a unique name using the repository and timestamp, and uploading both the JSON and log output from the Grype scan.

Related Issue

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Chore (non-breaking change that does not add functionality or fix an issue)

Checklist:

  • I have read the CONTRIBUTING document.
  • I have run the pre-merge tests locally and they pass.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • If Gemfile.lock has changed, I have used --conservative to do it and included the full output in the Description above.
  • All new and existing tests passed.
  • All commits have been signed-off for the Developer Certificate of Origin.

@sandhi18
Add hab path
ffd4dd6 
Signed-off-by: sandhi <sagarwal@progress.com>
@sandhi18 sandhi18 force-pushed the sandhi/add-hab-path branch from b3c6e36 to ffd4dd6 Compare March 20, 2026 09:50
@karunesh-tech karunesh-tech merged commit e3a6fff into main Mar 20, 2026
5 checks passed
@karunesh-tech karunesh-tech deleted the sandhi/add-hab-path branch March 20, 2026 09:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brianLoomis brianLoomis Awaiting requested review from brianLoomis brianLoomis is a code owner

@sean-sype-simmons sean-sype-simmons Awaiting requested review from sean-sype-simmons sean-sype-simmons is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sandhi18 @karunesh-tech