name: "grype" on: push: branches: ['main'] tags: ['v*'] pull_request: jobs: scan-source: name: scan-source runs-on: ubuntu-latest permissions: security-events: write actions: read contents: read steps: - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3 - uses: anchore/scan-action@v3 with: path: "." fail-build: true scan-image: name: scan-image runs-on: ubuntu-latest permissions: security-events: write actions: read contents: read steps: - uses: anchore/scan-action@v3 with: image: "goreleaser/goreleaser:latest" fail-build: true