diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 017c1662b2c50b55cc270b9bb8ecfbcea85e0363..9b78015793306091eb17f93e686ff70a8237fb03 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,7 +1,7 @@ include: - - template: Dependency-Scanning.gitlab-ci.yml - template: Security/Container-Scanning.gitlab-ci.yml - template: Security/Secret-Detection.gitlab-ci.yml + - remote: https://gitlab.gwdg.de/dariah-de/gitlab-templates/-/raw/main/templates/SBOM-Upload.gitlab-ci.yml variables: CONTAINER_IMAGE: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA @@ -39,6 +39,17 @@ build: - main - postgres-image +generate-sbom: + stage: test + image: python:3.9-slim-bullseye + needs: [] + script: + - pip install cyclonedx-bom + - cyclonedx-bom -ri requirements/production.txt --format json -o bom.json + artifacts: + paths: + - 'bom.json' + tag-dev-image: image: name: gcr.io/go-containerregistry/crane:debug @@ -66,7 +77,6 @@ tag-release-image: only: - tags - build_postgres-image: image: name: gcr.io/kaniko-project/executor:debug