chore: disable Grype for now

dervoeti · dervoeti · commit 415fede84327 · 2024-11-13T23:38:08.000+01:00
diff --git a/stack_scanner/main.py b/stack_scanner/main.py
@@ -182,29 +182,31 @@ def scan_image(
     print(" ".join(cmd))
     subprocess.run(cmd)
 
+    # Disabled Grype on 2024-11-13: Grype generates it's own package-ids in Purls, which results in problem with component matching
+    # This causes "Observation not found in latest scan" messages in SecObserve, which are false positives
     # Run Grype
-    env["FURTHER_PARAMETERS"] = "--by-cve"
-    env["GRYPE_DB_CACHE_DIR"] = "/tmp/grype_db_cache"
-    env["REPORT_NAME"] = "grype.json"
-
-    cmd = [
-        "docker",
-        "run",
-        "--entrypoint",
-        "/entrypoints/entrypoint_grype_" + mode + ".sh",
-        "-v",
-        "/tmp/stackable:/tmp",
-        "-v",
-        "/var/run/docker.sock:/var/run/docker.sock",
-    ]
-
-    for key, value in env.items():
-        cmd.append("-e")
-        cmd.append(f"{key}={value}")
-
-    cmd.append("oci.stackable.tech/sandbox/secobserve-scanners:latest")
-
-    subprocess.run(cmd)
+    # env["FURTHER_PARAMETERS"] = "--by-cve"
+    # env["GRYPE_DB_CACHE_DIR"] = "/tmp/grype_db_cache"
+    # env["REPORT_NAME"] = "grype.json"
+
+    # cmd = [
+    #     "docker",
+    #     "run",
+    #     "--entrypoint",
+    #     "/entrypoints/entrypoint_grype_" + mode + ".sh",
+    #     "-v",
+    #     "/tmp/stackable:/tmp",
+    #     "-v",
+    #     "/var/run/docker.sock:/var/run/docker.sock",
+    # ]
+
+    # for key, value in env.items():
+    #     cmd.append("-e")
+    #     cmd.append(f"{key}={value}")
+
+    # cmd.append("oci.stackable.tech/sandbox/secobserve-scanners:latest")
+
+    # subprocess.run(cmd)
 
 
 if __name__ == "__main__":
