Action continues on non-vulnerability failures #390
Description
The action should not continue if there is some failure when executing Grype which is caused by something other than vulnerability results. For example, a user reported issues on Discourse which were caused by specifying an SBOM file location that Grype was unable to find; this did not fail the build:
/opt/hostedtoolcache/grype/0.82.1/x64/grype -o sarif --fail-on critical sbom:poke-cli-sbom-v0.6.2.spdx.json
failed to catalog: unable to open file poke-cli-sbom-v0.6.2.spdx.json: open poke-cli-sbom-v0.6.2.spdx.json: no such file or directory
Warning: Failed minimum severity level. Found vulnerabilities with level 'critical' or higher