Harden grype action supply-chain (#11)

Author: eapache-opslevel

.github/workflows/grype.yml

@@ -22,11 +22,18 @@ jobs:
         GRYPE_INTEGRATION_SECRET: ${{ secrets.GRYPE_INTEGRATION_SECRET }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           token: ${{ secrets.ORG_GITHUB_TOKEN }}
       - name: Scan
+        id: scan
+        uses: anchore/scan-action@df395807f4554463d4455b8047cf58e37b6acaae # v6.5.0
+        with:
+          path: "."
+          only-fixed: true
+          output-format: json
+          fail-build: false
+      - name: Upload results to OpsLevel
         run: |
-          curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
-          grype dir:$(pwd) --only-fixed -o json | jq '{"matches": .matches}' |
-          curl -s -X POST https://upload.opslevel.com/integrations/custom_event/${GRYPE_INTEGRATION_SECRET}?alias=${{ inputs.alias }} -H 'content-type: application/json'  --data-binary @-
+          jq '{"matches": .matches}' "${{ steps.scan.outputs.json }}" |
+          curl -s -X POST "https://upload.opslevel.com/integrations/custom_event/${GRYPE_INTEGRATION_SECRET}?alias=${{ inputs.alias }}" -H 'content-type: application/json' --data-binary @-