show vuln output

Author: anthony-nhs

.github/workflows/build_multi_arch_image.yml

@@ -115,10 +115,11 @@ jobs:
         if: always()
         run: |
           echo "Scan output for ghcr.io/nhsdigital/eps-devcontainers/base:${DOCKER_TAG}-${ARCHITECTURE}"
-          if [ -f .out/scan_results_docker.txt ]; then
-            cat .out/scan_results_docker.txt
+          if [ -f ".grype_out/grype_${CONTAINER_NAME}_${IMAGE_TAG}.txt" ]; then
+            cat ".grype_out/grype_${CONTAINER_NAME}_${IMAGE_TAG}.txt"
           fi
         env:
+          CONTAINER_NAME: '${{ inputs.container_name }}'
           ARCHITECTURE: '${{ matrix.arch }}'
           DOCKER_TAG: '${{ inputs.docker_tag }}'
       - name: Push tagged image and rebuild for github actions

Makefile

@@ -98,7 +98,8 @@ build-githubactions-image: guard-BASE_IMAGE_NAME guard-BASE_IMAGE_TAG guard-IMAG
 scan-image: guard-CONTAINER_NAME guard-BASE_FOLDER guard-IMAGE_TAG
 	grype "${CONTAINER_PREFIX}$${CONTAINER_NAME}:$${IMAGE_TAG}" \
 		--scope all-layers \
-		--sort-by severity 
+		--sort-by severity \
+		--file ".grype_out/grype_${CONTAINER_NAME}_${IMAGE_TAG}.txt"
 
 scan-image-json: guard-CONTAINER_NAME guard-BASE_FOLDER guard-IMAGE_TAG
 	grype "${CONTAINER_PREFIX}$${CONTAINER_NAME}:$${IMAGE_TAG}" \