From 640017ad06b205e28d1c3a9e7481e7e8f7b03722 Mon Sep 17 00:00:00 2001
From: Ubbo Veentjer <veentjer@sub.uni-goettingen.de>
Date: Mon, 25 Jul 2022 11:54:59 +0200
Subject: [PATCH 1/2] ci: generate and upload sbom

---
 .gitlab-ci.yml | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 017c166..e460666 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -2,6 +2,7 @@ include:
   - template: Dependency-Scanning.gitlab-ci.yml
   - template: Security/Container-Scanning.gitlab-ci.yml
   - template: Security/Secret-Detection.gitlab-ci.yml
+  - remote: https://gitlab.gwdg.de/dariah-de/gitlab-templates/-/raw/main/templates/SBOM-Upload.gitlab-ci.yml
 
 variables:
   CONTAINER_IMAGE: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA
@@ -39,6 +40,17 @@ build:
     - main
     - postgres-image
 
+generate-sbom:
+  stage: test
+  image: python:3.9-slim-bullseye
+  needs: []
+  script:
+    - pip install cyclonedx-bom
+    - cyclonedx-bom -ri requirements/production.txt --format json -o bom.json
+  artifacts:
+    paths:
+      - 'bom.json'
+
 tag-dev-image:
   image:
     name: gcr.io/go-containerregistry/crane:debug
@@ -66,7 +78,6 @@ tag-release-image:
   only:
     - tags
 
-
 build_postgres-image:
   image:
     name: gcr.io/kaniko-project/executor:debug
-- 
GitLab


From 40426fb8b0a0b79fa2c16da6779a231ab5702dea Mon Sep 17 00:00:00 2001
From: Ubbo Veentjer <veentjer@sub.uni-goettingen.de>
Date: Mon, 25 Jul 2022 12:07:06 +0200
Subject: [PATCH 2/2] ci: remove broken gemnasium dependency scanning

---
 .gitlab-ci.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e460666..9b78015 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,5 +1,4 @@
 include:
-  - template: Dependency-Scanning.gitlab-ci.yml
   - template: Security/Container-Scanning.gitlab-ci.yml
   - template: Security/Secret-Detection.gitlab-ci.yml
   - remote: https://gitlab.gwdg.de/dariah-de/gitlab-templates/-/raw/main/templates/SBOM-Upload.gitlab-ci.yml
-- 
GitLab