From 689402c8e9a9e9b3fe60d39d28dbac647c2ac1f0 Mon Sep 17 00:00:00 2001
From: Wolfgang Hottgenroth <w.hottgenroth@krohne.com>
Date: Thu, 27 Mar 2025 16:24:23 +0100
Subject: [PATCH] add scan in ci

---
 .woodpecker.yml | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/.woodpecker.yml b/.woodpecker.yml
index 660cdca..332b0bb 100644
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -28,3 +28,38 @@ steps:
       dockerfile: Dockerfile
     when:
       - event: [tag]
+  scan:
+    image: quay.io/wollud1969/woodpecker-helper:0.5.1
+    environment:
+      TRIVY_TOKEN:
+        from_secret: trivy_token
+      TRIVY_URL:
+        from_secret: trivy_url
+      DTRACK_API_KEY:
+        from_secret: dtrack_api_key
+      DTRACK_API_URL:
+        from_secret: dtrack_api_url
+    commands:
+      - HOME=/home/`id -nu`
+      - IMAGE=quay.io/wollud1969/exim-docker:$CI_COMMIT_TAG
+      - |
+        trivy image \
+              --server $TRIVY_URL \
+              --token $TRIVY_TOKEN \
+              --format cyclonedx \
+              --scanners license \
+              --output /tmp/sbom.xml \
+              $IMAGE
+      - cat /tmp/sbom.xml
+      - |
+        curl -X "POST" \
+             -H "Content-Type: multipart/form-data" \
+             -H "X-Api-Key: $DTRACK_API_KEY" \
+             -F "autoCreate=true" \
+             -F "projectName=$CI_REPO" \
+             -F "projectVersion=$CI_COMMIT_TAG" \
+             -F "bom=@/tmp/sbom.xml"\
+             "$DTRACK_API_URL/api/v1/bom"        
+    when:
+      - event: [tag]
+