[feature] Add input grype-version

.github/workflows/demo.yml

@@ -10,7 +10,6 @@ jobs:
       - uses: ./
         with:
           image: "alpine:latest"
-          debug: true
           fail-build: false
 
   test-directory:
@@ -20,7 +19,6 @@ jobs:
       - uses: ./
         with:
           path: "tests/fixtures/npm-project"
-          debug: true
           severity-cutoff: "negligible"
           fail-build: false
 
@@ -31,5 +29,4 @@ jobs:
       - uses: ./
         with:
           sbom: tests/fixtures/test_sbom.spdx.json
-          debug: true
           fail-build: false

.github/workflows/sarifdemo.yml

@@ -8,13 +8,11 @@ jobs:
     steps:
       - name: Checkout the code
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
       - name: Run the local Scan Action with SARIF generation enabled
         id: scan
         uses: ./
         with:
           image: "debian:8"
-          debug: true
           fail-build: false
           #severity-cutoff: "Medium"
 
@@ -33,13 +31,11 @@ jobs:
     steps:
       - name: Checkout the code
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
       - name: Run the local Scan Action with SARIF generation enabled
         id: scan
         uses: ./
         with:
           path: "tests/fixtures/npm-project"
-          debug: true
           fail-build: false
           #severity-cutoff: "Medium"
 

.github/workflows/test.yml

@@ -43,3 +43,29 @@ jobs:
       - run: npm ci
       - run: npm run audit
       - run: npm test
+
+  test-as-action: # run actions to test some scenarios
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          path: ./
+
+      - name: "Donwload Grype v0.54.0"
+        uses: ./download-grype # anchore/scan-action/download-grype
+        with:
+          grype-version: v0.54.0
+
+      - name: "Check Grype version before scan-action"
+        run: grype version | egrep "^Version:.*0.54.0$"
+
+      - name: "Scan test image"
+        uses: ./
+        with:
+          image: "alpine:latest"
+          grype-version: v0.54.0 # set the same version to test that current Grype binary wasn't overwritten by the latest version
+          fail-build: false # to prevent fail due to vuln:s on test image
+
+      - name: "Check Grype version after scan-action"
+        run: grype version | egrep "^Version:.*0.54.0$"

action.yml

@@ -36,7 +36,10 @@ inputs:
   by-cve:
     description: "Specify whether to orient results by CVE rather than GHSA.  Default is false."
     required: false
-    default: "false"
+    default: "false"  
+  grype-version:
+    description: "A specific version of Grype to install"
+    required: false
 outputs:
   sarif:
     description: "Path to a SARIF report file for the image"