From 0356e9dcee453167b08e9c78f2edf8b6c56c0b20 Mon Sep 17 00:00:00 2001 From: Wolfgang Hottgenroth Date: Mon, 3 Feb 2025 17:14:11 +0100 Subject: [PATCH] sbon --- .woodpecker.yml | 36 +++++++++++++++++++++++------------- 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/.woodpecker.yml b/.woodpecker.yml index cacd992..5567a64 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -14,28 +14,38 @@ steps: when: - event: [push, tag] - scan: - image: quay.io/wollud1969/woodpecker-helper:0.5.1 + generate_sbom: + image: aquasec/trivy:latest environment: TRIVY_TOKEN: from_secret: trivy_token TRIVY_URL: from_secret: trivy_url + args: + - "fs" + - "--server" + - "${TRIVY_URL}" + - "--token" + - "${TRIVY_TOKEN}" + - "--format" + - "cyclonedx" + - "--scanners" + - "license" + - "--output" + - "sbom.xml" + - "." + when: + - event: [push, tag] + + upload_sbom: + image: quay.io/wollud1969/woodpecker-helper:0.5.1 + environment: DTRACK_API_KEY: from_secret: dtrack_api_key DTRACK_API_URL: from_secret: dtrack_api_url commands: - - HOME=/home/`id -nu` - - | - trivy fs \ - --server $TRIVY_URL \ - --token $TRIVY_TOKEN \ - --format cyclonedx \ - --scanners license \ - --output /tmp/sbom.xml \ - . - - cat /tmp/sbom.xml + - cat sbom.xml - | curl -X "POST" \ -H "Content-Type: multipart/form-data" \ @@ -43,7 +53,7 @@ steps: -F "autoCreate=true" \ -F "projectName=$CI_REPO" \ -F "projectVersion=$CI_COMMIT_SHA" \ - -F "bom=@/tmp/sbom.xml"\ + -F "bom=@sbom.xml"\ "$DTRACK_API_URL/api/v1/bom" when: - event: [push, tag]