scan-action: unable to check for vulnerability database update

Hey everyone,

I have the following problem at the moment which blocks me for scanning for vulnerabilities:

 Executing: grype -o sarif --fail-on medium sbom:action-sandbox-sbom.spdx.json
  [0060] WARN unable to check for vulnerability database update
  
  1 error occurred:
  	* failed to load vulnerability db: vulnerability database is invalid (run db update to correct): database metadata not found: .cache/grype/db/4

Does someone have or had this problem as well?

Thanks for your help.

Best regards,

Erhan

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 15 (15 by maintainers)

Most upvoted comments

Ok, I’m pretty sure I know what the problem is here – we’re providing an environment to the grype command: https://github.com/anchore/scan-action/blob/main/index.js#L109

We need to make sure to pass in at least the HTTPS_PROXY variable from the existing environment.

This should be a pretty simple thing to get fixed 👍

+1
kzantow on Nov 17, 2022
Read more comments on GitHub
← scan-action: Seeing runtime errors intermittently
syft: Build failure for v0.88.0 →