change base

Author: mchmarny

.version

@@ -1 +1 @@
-v0.2.11
+v0.2.14

Dockerfile

@@ -1,7 +1,7 @@
 FROM golang:buster AS build-env
 WORKDIR /src/
 COPY . /src/
-ARG VERSION v0.2.0-dirty
+ARG VERSION v0.2.14-dirty
 ARG COMMIT c3536e5
 ARG DATE 2023-03-09T18:52:01Z
 ENV VERSION ${VERSION}
@@ -15,6 +15,8 @@ RUN CGO_ENABLED=0 go build -trimpath -ldflags="\
     -a -mod vendor -o vulctl cmd/vulctl/main.go
 
 # chainguard's static seems to bring list of vulnerabilities
+# gogole/distroless: 13.3 MB, 18 vulnerabilities (all low)
+# chainguard/static: 4.7 MB, 0 vulnerabilities
 FROM cgr.dev/chainguard/static:latest
 COPY --from=build-env /src/vulctl /
 ENTRYPOINT ["/vulctl"]

examples/github-actions/README.md

@@ -17,10 +17,10 @@ none
 
 Below example, shows how to import vulnerabilities from previously generated report.
 
-> Make sure to use the latest tag release (e.g. `v0.2.10`)
+> Make sure to use the latest tag release (e.g. `v0.2.14`)
 
 ```yaml
-uses: mchmarny/[email protected].10
+uses: mchmarny/[email protected].14
 with:
   project: ${{ env.PROJECT_ID }}
   digest: ${{ steps.build.outputs.digest }}