Anchore Container Scan

Version updated for https://github.com/anchore/scan-action to version v7.3.0.

• This publisher is shown as ‘verified’ by GitHub.
• This action is used across all versions by 8,600 repositories.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action leverages the Grype vulnerability scanner to detect security vulnerabilities in container images, file directories, or software bill of materials (SBOMs). It automates the process of scanning software components during CI/CD workflows, enabling developers to identify vulnerabilities before deployment or merging code. Key capabilities include local scanning without external dependencies, configurable failure thresholds based on vulnerability severity, and support for various package types and Linux distributions.

Release notes

New in scan-action v7.3.0

⬆️ Dependencies

• chore(deps): bump @actions/tool-cache from 2.0.2 to 3.0.0 (#567) [@dependabot]
• chore(deps): bump @actions/cache from 5.0.1 to 5.0.2 (#568) [@dependabot]
• chore(deps): bump @actions/core from 2.0.1 to 2.0.2 (#569) [@dependabot]
• chore(deps-dev): bump tar from 7.5.2 to 7.5.3 (#574) [@dependabot]
• chore(deps): update Grype to v0.105.0 (#572) [@anchore-actions-token-generator[bot]]

• anchore
• GitHub Actions