run new checks

Author: anthony-nhs

.devcontainer/devcontainer.json

@@ -6,7 +6,11 @@
     "args": {
       "DOCKER_GID": "${env:DOCKER_GID:}",
       "IMAGE_NAME": "node_24_python_3_14",
+<<<<<<< Updated upstream
       "IMAGE_VERSION": "pr-68-7f136dd",
+=======
+      "IMAGE_VERSION": "pr-69-0337303",
+>>>>>>> Stashed changes
       "USER_UID": "${localEnv:USER_ID:}",
       "USER_GID": "${localEnv:GROUP_ID:}"
     },

.github/workflows/quality-checks-devcontainer.yml

@@ -122,14 +122,7 @@ jobs:
           fi
       - name: Check licenses
         run: |
-          make trivy-license-check
-
-      - name: Show license scan output
-        if: always()
-        run: |
-          if [ -f license_scan.txt ]; then
-            cat .trivy_out/license_scan.txt
-          fi
+          make grant-scan
       - name: Run code lint
         run: |
           make lint
@@ -141,51 +134,19 @@ jobs:
       - name: Run unit tests
         run: |
           make test
-      - name: make generate sbom
+      - name: Generate sbom
         run: |
-          make trivy-generate-sbom
+          make syft-generate-sbom-dev-dependencies
       - name: Upload sbom
         uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
         with:
-          name: sbom.cdx.json
-          path: .trivy_out/sbom.cdx.json
+          name: sbom.dev.cdx.json
+          path: .sbom/sbom.dev.cdx.json
 
-      - name: Check python vulnerabilities
-        if: ${{ steps.check_languages.outputs.uses_poetry == 'true' }}
-        continue-on-error: ${{ github.actor == 'dependabot[bot]' }}
+      - name: Check vulnerabilities
         run: |
-          make trivy-scan-python
+          make grype-scan-dev-dependencies
 
-      - name: Check node vulnerabilities
-        if: ${{ steps.check_languages.outputs.uses_node == 'true' }}
-        continue-on-error: ${{ github.actor == 'dependabot[bot]' }}
-        run: |
-          make trivy-scan-node
-      - name: Check go vulnerabilities
-        if: ${{ steps.check_languages.outputs.uses_go == 'true' }}
-        continue-on-error: ${{ github.actor == 'dependabot[bot]' }}
-        run: |
-          make trivy-scan-go
-      - name: Check java vulnerabilities
-        if: ${{ steps.check_languages.outputs.uses_java == 'true' }}
-        continue-on-error: ${{ github.actor == 'dependabot[bot]' }}
-        run: |
-          make trivy-scan-java
-      - name: Show vulnerability output
-        if: always()
-        run: |
-          if [ -f .trivy_out/dependency_results_python.txt ]; then
-            cat .trivy_out/dependency_results_python.txt
-          fi
-          if [ -f .trivy_out/dependency_results_node.txt ]; then
-            cat .trivy_out/dependency_results_node.txt
-          fi
-          if [ -f .trivy_out/dependency_results_java.txt ]; then
-            cat .trivy_out/dependency_results_java.txt
-          fi
-          if [ -f .trivy_out/dependency_results_go.txt ]; then
-            cat .trivy_out/dependency_results_go.txt
-          fi
       - name: "check is SONAR_TOKEN exists"
         env:
           super_secret: ${{ secrets.SONAR_TOKEN }}
@@ -311,17 +272,7 @@ jobs:
       - name: Check docker vulnerabilities
         continue-on-error: ${{ github.actor == 'dependabot[bot]' }}
         run: |
-          make trivy-scan-docker
-        env:
-          DOCKER_IMAGE: ${{ matrix.docker_image }}
-
-      - name: Show docker vulnerability output
-        if: always()
-        run: |
-          echo "Scan output for ${DOCKER_IMAGE}"
-          if [ -f .trivy_out/dependency_results_docker.txt ]; then
-            cat .trivy_out/dependency_results_docker.txt
-          fi
+          make grype-scan-docker-image
         env:
           DOCKER_IMAGE: ${{ matrix.docker_image }}