{{- define "template.scan-syft-grype" -}}
- name: scan-syft-grype
  inputs:
    parameters:
      - name: working-dir
  container:
    image: {{ .Values.images.syftGrype | quote }}
    command:
      - sh
      - -c
    args:
      - |
        set -eu
        mkdir -p /workspace/reports
        syft scan dir:/workspace/{{ `{{inputs.parameters.working-dir}}` }} -o cyclonedx-json=/workspace/reports/sbom.json || true
        grype sbom:/workspace/reports/sbom.json -o sarif=/workspace/reports/grype.sarif || true
    volumeMounts:
      - name: workspace
        mountPath: /workspace
{{- end }}