From a28dc9f2f35abf1c8dbefd711588d85d84c2090d Mon Sep 17 00:00:00 2001
From: Atanas Janeshliev <atanas.janeshliev@proton.ch>
Date: Thu, 2 May 2024 10:59:43 +0000
Subject: [PATCH] fix(BRIDGE-49): Configure gitleaks baseline and grype config

---
 .gitlab-ci.yml | 5 +++--
 .grype.yaml    | 2 ++
 2 files changed, 5 insertions(+), 2 deletions(-)
 create mode 100644 .grype.yaml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1b3f40a7..b269d9c6 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -44,8 +44,9 @@ include:
   - local: ci/build.yml
   - component: gitlab.protontech.ch/proton/devops/cicd-components/devsecops/gitleaks/scan-repository@~latest
     inputs: 
-      stage: analyse 
-  - component: gitlab.protontech.ch/proton/devops/cicd-components/devsecops/grype/scan-code@0.0.12
+      stage: analyse
+      cli-args: "--baseline-path $GITLEAKS_BASELINE"
+  - component: gitlab.protontech.ch/proton/devops/cicd-components/devsecops/grype/scan-code@~latest
     inputs:
       stage: analyse
 
diff --git a/.grype.yaml b/.grype.yaml
new file mode 100644
index 00000000..795fc025
--- /dev/null
+++ b/.grype.yaml
@@ -0,0 +1,2 @@
+# Check out for configuration details: https://github.com/anchore/grype?tab=readme-ov-file#configuration
+fail-on-severity: "medium"
\ No newline at end of file