| `vex` | Specify a list of VEX documents to consider when producing scanning results. | `false` |

| `cache-db` | Cache the Grype DB in GitHub action cache and restore before checking for updates | `false` |

| `grype-version` | An optional Grype version to download, defaults to the pinned version in [GrypeVersion.js](GrypeVersion.js). | |

| `config` | Optional Grype configuration files (newline-separated). Setting this will disable auto-detection of configuration files (e.g. .grype.yaml) - only the specified files will be loaded.. | |

### Action Outputs

by-cve:

description: "Specify whether to orient results by CVE rather than GHSA. Default is false."

required: false

default: "false"

default: "false"

grype-version:

description: "A specific version of Grype to install"

required: false

vex:

description: "Specify a list of VEX documents to consider when producing scanning results."

required: false

config:

description: "Specify one or more Grype configuration files (newline-separated). Setting this will disable auto-detection of configuration files (e.g. .grype.yaml) - only the specified files will be loaded."

required: false

cache-db:

description: "Cache the Grype DB in GitHub action cache and restore before checking for updates"

required: false

const addCpesIfNone = core.getInput("add-cpes-if-none") || "false";

const byCve = core.getInput("by-cve") || "false";

const vex = core.getInput("vex") || "";

const configFile = core.getInput("config") || "";

const cacheDb = core.getInput("cache-db") || "false";

const outputFile = core.getInput("output-file") || "";

const out = await runScan({

addCpesIfNone,

byCve,

vex,

configFile,

cacheDb,

});

Object.keys(out).map((key) => {

addCpesIfNone,

byCve,

vex,

configFile,

cacheDb,

}) {

const out = {};

cmdArgs.push("--vex");

cmdArgs.push(vex);

}

if (configFile) {

const configFiles = configFile

.split("\n")

.map((f) => f.trim())

.filter((f) => f);

for (const cf of configFiles) {

cmdArgs.push("-c");

cmdArgs.push(cf);

}

}

cmdArgs.push(source);

const { exitCode } = await runCommand(grypeCommand, cmdArgs, env);

const addCpesIfNone = core.getInput("add-cpes-if-none") || "false";

const byCve = core.getInput("by-cve") || "false";

const vex = core.getInput("vex") || "";

const configFile = core.getInput("config") || "";

const cacheDb = core.getInput("cache-db") || "false";

const outputFile = core.getInput("output-file") || "";

const out = await runScan({

addCpesIfNone,

byCve,

vex,

configFile,

cacheDb,

});

Object.keys(out).map((key) => {

addCpesIfNone,

byCve,

vex,

configFile,

cacheDb,

}) {

const out = {};

cmdArgs.push("--vex");

cmdArgs.push(vex);

}

if (configFile) {

const configFiles = configFile

.split("\n")

.map((f) => f.trim())

.filter((f) => f);

for (const cf of configFiles) {

cmdArgs.push("-c");

cmdArgs.push(cf);

}

}

cmdArgs.push(source);

const { exitCode } = await runCommand(grypeCommand, cmdArgs, env);

"dir:asdf",

]);

});

it("adds single config file if specified", async () => {

const args = await mockRun({

image: "asdf",

"fail-build": "false",

"output-file": "the-output-file",

"output-format": "json",

"severity-cutoff": "low",

"only-fixed": "false",

"add-cpes-if-none": "false",

"by-cve": "false",

config: ".grype-custom.yaml",

});

expect(args).toEqual([

"-v",

"-o",

"json",

"--file",

"the-output-file",

"--fail-on",

"low",

"-c",

".grype-custom.yaml",

"asdf",

]);

});

it("adds multiple config files if specified", async () => {

const args = await mockRun({

image: "asdf",

"fail-build": "false",

"output-file": "the-output-file",

"output-format": "json",

"severity-cutoff": "low",

"only-fixed": "false",

"add-cpes-if-none": "false",

"by-cve": "false",

config: "base.yaml\noverrides.yaml",

});

expect(args).toEqual([

"-v",

"-o",

"json",

"--file",

"the-output-file",

"--fail-on",

"low",

"-c",

"base.yaml",

"-c",

"overrides.yaml",

"asdf",

]);

});

});

async function mockRun(inputs) {