Skip to content

Update anchore/scan-action action to v7 #502

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update anchore/scan-action action to v7 #502

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Sep 16, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
anchore/scan-action action major v2.0.0v7.3.1

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

anchore/scan-action (anchore/scan-action)

v7.3.1

Compare Source

v7.3.1
⬆️ Dependencies

v7.3.0

Compare Source

New in scan-action v7.3.0

⬆️ Dependencies

v7.2.3

Compare Source

New in scan-action v7.2.3

v7.2.2

Compare Source

New in scan-action v7.2.2

v7.2.1

Compare Source

New in scan-action v7.2.1

v7.2.0

Compare Source

New in scan-action v7.2.0

v7.1.0

Compare Source

New in scan-action v7.1.0

v7.0.2

Compare Source

New in scan-action v7.0.2

v7.0.1

Compare Source

scan-action v7.0.1

v7.0.0

Compare Source

New in scan-action v7.0.0

  • chore(deps): update Grype to v0.100.0 (#​516)

v6.5.1

Compare Source

New in scan-action v6.5.1
  • Update Grype to v0.97.1 (#​495)

v6.5.0

Compare Source

New in scan-action v6.5.0

v6.4.0

Compare Source

New in scan-action v6.4.0
  • Update Grype to v0.95.0 (#​486)
  • chore(deps-dev): bump eslint from 9.30.0 to 9.30.1 (#​485)
  • chore(deps-dev): bump lint-staged from 16.1.0 to 16.1.2 (#​476)
  • chore(deps-dev): bump jest from 30.0.0 to 30.0.3 (#​481)
  • chore(deps-dev): bump prettier from 3.5.3 to 3.6.2 (#​483)
  • chore(deps-dev): bump eslint from 9.28.0 to 9.30.0 (#​484)

v6.3.0

Compare Source

New in scan-action v6.3.0
  • Update Grype to v0.94.0 (#​470)

v6.2.0

Compare Source

New in scan-action v6.2.0

v6.1.0

Compare Source

New in scan-action v6.1.0

v6.0.0

Compare Source

New in scan-action v6.0.0

Breaking Change
  • feat: add output-file option, default to random directory output in temp (#​346) [kzantow]

The action no longer generates files in your working directory by default, instead you should use the action outputs: ${{ steps.<id>.outputs.sarif }} where the <id> needs to match the id you configured to reference the scan-action, e.g.:

      - uses: anchore/scan-action@v6
        id: scan
        ...
      - uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: ${{ steps.scan.outputs.sarif }}
Other Changes

v5.3.0

Compare Source

New in scan-action v5.3.0

v5.2.1

Compare Source

New in scan-action v5.2.1

v5.2.0

Compare Source

New in scan-action v5.2.0

v5.1.0

Compare Source

New in scan-action v5.1.0

v5.0.1

Compare Source

New in scan-action v5.0.1

v5.0.0

Compare Source

New in scan-action v5.0.0

🚀 Features

  • feat: short-lived grype-db cache (#​348) [kzantow]
    Note: with this release grype is no longer installed on $PATH. We suspect the changes here could break a number of users of the action who have learned to expect Grype be installed on $PATH.

v4.1.2

Compare Source

New in scan-action v4.1.2

v4.1.1

Compare Source

New in scan-action v4.1.1

v4.1.0

Compare Source

New in scan-action v4.1.0

v4.0.0

Compare Source

New in scan-action v4.0.0

v3.6.4

Compare Source

New in scan-action v3.6.4

v3.6.3

Compare Source

New in scan-action v3.6.3
  • chore: migrate action to use node v20.11.0 (Iron) FROM node v16.x.x (#​278) [spiffcs]

v3.6.2

Compare Source

New in scan-action v3.6.2

v3.6.1

Compare Source

New in scan-action v3.6.1

v3.6.0

Compare Source

New in scan-action v3.6.0

v3.5.0

Compare Source

New in scan-action v3.5.0

v3.4.0

Compare Source

New in scan-action v3.4.0

v3.3.8

Compare Source

New in scan-action v3.3.8

v3.3.7

Compare Source

New in scan-action v3.3.7
🐛 Bug Fixes

v3.3.6

Compare Source

New in scan-action v3.3.6

v3.3.5

Compare Source

New in scan-action v3.3.5

v3.3.4

Compare Source

New in scan-action v3.3.4
  • Update Grype to v0.56.0 (#​205)

v3.3.3

Compare Source

New in scan-action v3.3.3

v3.3.2

Compare Source

New in scan-action v3.3.2

v3.3.1

Compare Source

New in scan-action v3.3.1

v3.3.0

Compare Source

New in scan-action v3.3.0

v3.2.5

Compare Source

New in scan-action v3.2.5

v3.2.4

Compare Source

New in scan-action v3.2.4

  • Update Grype to v0.34.7 (#​163)
  • More closely align parameters with sbom-action (#​158)

v3.2.3

Compare Source

New in scan-action v3.2.3

v3.2.2

Compare Source

New in scan-action v3.2.2

  • Add sub-action to download Grype (#​152)
  • Update Grype to 0.34.4 to fix a nil pointer in SARIF generation (#​151)

v3.2.1

Compare Source

New in scan-action v3.2.1

  • Remove SARIF processing (#​148)

v3.2.0

Compare Source

New in scan-action v3.2.0

  • Update Grype to 0.27.3 (#​136)
  • Output Grype stderr to action logs (#​137)
  • Readme should point to CONTRIBUTING.md (#​126)
  • Improve documentation (#​125)

v3.1.0

Compare Source

New in scan-action v3.1.0

  • Update Grype to 0.22.0 - this includes the ability to ignore vulnerability matches (#​121)

v3.0.0

Compare Source

New in scan-action v3.0.0

  • Upgrade to Grype to 0.17.0 and add tests #​102 (#​112) (#​118)
  • Improve SARIF output #​114 (#​115)
  • Change default behavior so action fails on medium (and higher) severities (#​86)
  • Respect verbosity from action to call Grype (#​82)

v2.0.4

Compare Source

New in scan-action v2.0.4

  • bump grype to 0.7.0 (#​81)

v2.0.3

Compare Source

New in scan-action 2.0.3

  • bump grype to 0.6.1 (#​79)
  • Halt execution when invalid options are provided (#​76)
  • bump grype to 0.5.0 (#​75)

v2.0.2

Compare Source

Minor bug-fix release:

v2.0.1

Compare Source

Minor bug-fix release.

Fixes:

  • Removes unnecessary constraint in deduplication for SARIF reporting
  • Allows defining and referencing the location of the SARIF report file
  • Fixes multiple instances where undefined items in the reporting would break scanning

Configuration

📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/anchore-scan-action-7.x branch 2 times, most recently from 85d45be to dd83a12 Compare October 16, 2025 22:32
@renovate renovate bot force-pushed the renovate/anchore-scan-action-7.x branch from dd83a12 to dfdea2e Compare October 25, 2025 07:16
@renovate renovate bot force-pushed the renovate/anchore-scan-action-7.x branch 2 times, most recently from 563a511 to 64ae04a Compare November 24, 2025 18:31
@renovate renovate bot force-pushed the renovate/anchore-scan-action-7.x branch from 64ae04a to 86dd5bd Compare December 10, 2025 03:52
@renovate renovate bot force-pushed the renovate/anchore-scan-action-7.x branch from 86dd5bd to e103243 Compare January 8, 2026 18:17
@renovate renovate bot force-pushed the renovate/anchore-scan-action-7.x branch from e103243 to c485bfe Compare January 21, 2026 21:01
@renovate renovate bot force-pushed the renovate/anchore-scan-action-7.x branch from c485bfe to bbd37cb Compare January 27, 2026 18:47
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 27, 2026

Quality Gate Failed Quality Gate failed

Failed conditions
1 Security Hotspot

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

java dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants