anchore · Jun 27, 2023 · Jul 6, 2023 · Jul 13, 2023 · Jul 13, 2023 · Aug 28, 2023
diff --git a/.github/workflows/oss-project-board-add.yaml b/.github/workflows/oss-project-board-add.yaml
@@ -0,0 +1,16 @@
+name: Add to OSS board
+
+on:
+  issues:
+    types:
+      - opened
+      - reopened
+      - transferred
+      - labeled
+
+jobs:
+
+  run:
+    uses: "anchore/workflows/.github/workflows/oss-project-board-add.yaml@main"
+    secrets:
+      token: ${{ secrets.OSS_PROJECT_GH_TOKEN }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -1,14 +1,19 @@
 name: "Tests"
 
-on: [push, pull_request]
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches:
+      - main
 
 jobs:
   build: # make sure build/ci work properly and there is no faked build ncc built scripts
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
       - run: npm ci
-      - run: npm audit --production
+      - run: npm run audit
       - run: npm run build
       - run: git status --porcelain
       - run: git diff
@@ -36,5 +41,5 @@ jobs:
             docker buildx imagetools inspect localhost:5000/match-coverage/$distro:latest
           done
       - run: npm ci
-      - run: npm audit --production
+      - run: npm run audit
       - run: npm test
diff --git a/.nsprc b/.nsprc
@@ -0,0 +1,10 @@
+{
+  "1092310": {
+    "active": true,
+    "notes": "Ignored since we don't use the vulnerable regex method"
+  },
+  "1092460": {
+    "active": true,
+    "notes": "We are not using untrusted user data for any regexes in scan-action"
+  }
+}
diff --git a/GrypeVersion.js b/GrypeVersion.js
@@ -1 +1 @@
-exports.GRYPE_VERSION = "v0.63.0";
+exports.GRYPE_VERSION = "v0.73.3";
diff --git a/README.md b/README.md
@@ -44,10 +44,10 @@ The simplest workflow for scanning a `localbuild/testimage` container:
 
 ```yaml
 - name: Set up Docker Buildx
-  uses: docker/setup-buildx-action@v1
+  uses: docker/setup-buildx-action@v2
 
 - name: build local container
-  uses: docker/build-push-action@v2
+  uses: docker/build-push-action@v4
   with:
     tags: localbuild/testimage:latest
     push: false
@@ -130,6 +130,7 @@ The inputs `image`, `path`, and `sbom` are mutually exclusive to specify the sou
 | `severity-cutoff`   | Optionally specify the minimum vulnerability severity to trigger a failure. Valid choices are "negligible", "low", "medium", "high" and "critical". Any vulnerability with a severity less than this value will lead to a "warning" result. Default is "medium". | `medium`      |
 | `only-fixed`        | Specify whether to only report vulnerabilities that have a fix available.                                                                                                                                                                                        | `false`       |
 | `add-cpes-if-none`  | Specify whether to autogenerate missing CPEs.                                                                                                                                                                                                                    | `false`       |
+| `by-cve`            | Specify whether to orient results by CVE rather than GHSA.                                                                                                                                                                                                       | `false`       |
 
 ### Action Outputs
 

diff --git a/action.yml b/action.yml
@@ -33,6 +33,10 @@ inputs:
     description: "Specify whether to autogenerate missing CPEs.  Default is false."
     required: false
     default: "false"
+  by-cve:
+    description: "Specify whether to orient results by CVE rather than GHSA.  Default is false."
+    required: false
+    default: "false"
 outputs:
   sarif:
     description: "Path to a SARIF report file for the image"
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		exports.GRYPE_VERSION = "v0.63.0";
		exports.GRYPE_VERSION = "v0.73.3";