fix

Author: anthony-nhs

.gitignore

@@ -28,3 +28,4 @@ _site/
 vendor
 .cfn_guard_out/
 .trivy_out/
+.sbom/

.grype.yaml

@@ -0,0 +1,3 @@
+ignore:
+  # path-to-regexp - dependency of aws-sdk-client-mock
+  - vulnerability: GHSA-j3q9-mxjg-w52f

.pre-commit-config.yaml

@@ -23,6 +23,14 @@ repos:
 
   - repo: local
     hooks:
+      - id: grype-scan-local
+        name: Grype scan local changes
+        entry: make
+        args: ["grype-scan-local"]
+        language: system
+        pass_filenames: false
+        always_run: true
+
       - id: check-commit-signing
         name: Check commit signing
         description: Ensures that commits are GPG signed