install grype

.github/workflows/build_and_publish.yaml

@@ -66,6 +66,10 @@ jobs:
     - name: Generate SBOM
       run: syft ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} -o json > sbom.json
 
+    - name: Install Grype
+      run: |
+        curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
+  
     - name: Scan SBOM with Grype
       run: grype sbom:sbom.json --output sarif > grype-report.sarif