From f47598f66fda569bb9cb0c0237538eedb7e1089f Mon Sep 17 00:00:00 2001
From: Kovid Goyal <kovid@kovidgoyal.net>
Date: Wed, 24 Sep 2025 10:07:57 +0530
Subject: [PATCH] ...

---
 setup/unix-ci.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/setup/unix-ci.py b/setup/unix-ci.py
index b0676f10dd..dba93b3c4a 100644
--- a/setup/unix-ci.py
+++ b/setup/unix-ci.py
@@ -192,17 +192,17 @@ def install_bundle(dest=SW, which=''):
 
 
 def check_dependencies() -> None:
-    grype = install_grype()
-    with open((gc := os.path.expanduser('~/.grype.yml')), 'w') as f:
-        print('ignore:', file=f)
-        for x in IGNORED_DEPENDENCY_CVES:
-            print('  - vulnerability:', x, file=f)
     dest = os.path.join(SW, LINUX_BUNDLE)
     os.makedirs(dest, exist_ok=True)
     install_bundle(dest, os.path.basename(dest))
     dest = os.path.join(SW, MACOS_BUNDLE)
     os.makedirs(dest, exist_ok=True)
     install_bundle(dest, os.path.basename(dest))
+    grype = install_grype()
+    with open((gc := os.path.expanduser('~/.grype.yml')), 'w') as f:
+        print('ignore:', file=f)
+        for x in IGNORED_DEPENDENCY_CVES:
+            print('  - vulnerability:', x, file=f)
     cmdline = [grype, '--by-cve', '--config', gc, '--fail-on', 'medium', '--only-fixed', '--add-cpes-if-none']
     if (cp := subprocess.run(cmdline + ['dir:' + SW])).returncode != 0:
         raise SystemExit(cp.returncode)