@@ -182,29 +182,31 @@ def scan_image(
182182 print (" " .join (cmd ))
183183 subprocess .run (cmd )
184184
185+ # Disabled Grype on 2024-11-13: Grype generates it's own package-ids in Purls, which results in problem with component matching
186+ # This causes "Observation not found in latest scan" messages in SecObserve, which are false positives
185187 # Run Grype
186- env ["FURTHER_PARAMETERS" ] = "--by-cve"
187- env ["GRYPE_DB_CACHE_DIR" ] = "/tmp/grype_db_cache"
188- env ["REPORT_NAME" ] = "grype.json"
189-
190- cmd = [
191- "docker" ,
192- "run" ,
193- "--entrypoint" ,
194- "/entrypoints/entrypoint_grype_" + mode + ".sh" ,
195- "-v" ,
196- "/tmp/stackable:/tmp" ,
197- "-v" ,
198- "/var/run/docker.sock:/var/run/docker.sock" ,
199- ]
200-
201- for key , value in env .items ():
202- cmd .append ("-e" )
203- cmd .append (f"{ key } ={ value } " )
204-
205- cmd .append ("oci.stackable.tech/sandbox/secobserve-scanners:latest" )
206-
207- subprocess .run (cmd )
188+ # env["FURTHER_PARAMETERS"] = "--by-cve"
189+ # env["GRYPE_DB_CACHE_DIR"] = "/tmp/grype_db_cache"
190+ # env["REPORT_NAME"] = "grype.json"
191+
192+ # cmd = [
193+ # "docker",
194+ # "run",
195+ # "--entrypoint",
196+ # "/entrypoints/entrypoint_grype_" + mode + ".sh",
197+ # "-v",
198+ # "/tmp/stackable:/tmp",
199+ # "-v",
200+ # "/var/run/docker.sock:/var/run/docker.sock",
201+ # ]
202+
203+ # for key, value in env.items():
204+ # cmd.append("-e")
205+ # cmd.append(f"{key}={value}")
206+
207+ # cmd.append("oci.stackable.tech/sandbox/secobserve-scanners:latest")
208+
209+ # subprocess.run(cmd)
208210
209211
210212if __name__ == "__main__" :
0 commit comments