From ec84d91bc3f246c2b99d5f8d09b1377073629074 Mon Sep 17 00:00:00 2001
From: josh <josh@joshjacobs.net>
Date: Fri, 22 Sep 2023 20:31:11 +0000
Subject: [PATCH] Integrate Grype for Scanning Fixes #11

---
 .github/workflows/docker-build.yml | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
index 8ba7cc1..9b37e9a 100644
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -35,6 +35,22 @@ jobs:
           push: true
           tags: registry.dangerous.tech/dangeroustech/zerotierbridge:latest
 
+      - name: Generate SBOM
+        uses: anchore/sbom-action@v0
+        id: sbom
+        with:
+          image: registry.dangerous.tech/dangeroustech/zerotierbridge:latest
+          registry-username: ${{ secrets.REGISTRY_USERNAME }}
+          registry-password: ${{ secrets.REGISTRY_PASSWORD }}
+          format: spdx-json
+          output-file: ./sbom.spdx.json
+
+      - name: Scan SBOM
+        uses: anchore/scan-action@v3
+        with:
+          sbom: sbom.spdx.json
+          fail-build: false
+
       - name: Changelog
         uses: TriPSs/conventional-changelog-action@v3
         id: changelog
@@ -48,17 +64,6 @@ jobs:
           release-count: 0 # preserve all versions in changelog
           skip-on-empty: false # otherwise we don't publish fixes
 
-      - name: Generate SBOM
-        uses: anchore/sbom-action@v0
-        id: sbom
-        if: ${{ steps.changelog.outputs.skipped == 'false' }}
-        with:
-          image: registry.dangerous.tech/dangeroustech/zerotierbridge:latest
-          registry-username: ${{ secrets.REGISTRY_USERNAME }}
-          registry-password: ${{ secrets.REGISTRY_PASSWORD }}
-          format: spdx-json
-          output-file: ./sbom.spdx.json
-
       - name: Create Release
         uses: softprops/action-gh-release@v1
         id: release