From 640017ad06b205e28d1c3a9e7481e7e8f7b03722 Mon Sep 17 00:00:00 2001 From: Ubbo Veentjer <veentjer@sub.uni-goettingen.de> Date: Mon, 25 Jul 2022 11:54:59 +0200 Subject: [PATCH 1/2] ci: generate and upload sbom --- .gitlab-ci.yml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 017c166..e460666 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -2,6 +2,7 @@ include: - template: Dependency-Scanning.gitlab-ci.yml - template: Security/Container-Scanning.gitlab-ci.yml - template: Security/Secret-Detection.gitlab-ci.yml + - remote: https://gitlab.gwdg.de/dariah-de/gitlab-templates/-/raw/main/templates/SBOM-Upload.gitlab-ci.yml variables: CONTAINER_IMAGE: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA @@ -39,6 +40,17 @@ build: - main - postgres-image +generate-sbom: + stage: test + image: python:3.9-slim-bullseye + needs: [] + script: + - pip install cyclonedx-bom + - cyclonedx-bom -ri requirements/production.txt --format json -o bom.json + artifacts: + paths: + - 'bom.json' + tag-dev-image: image: name: gcr.io/go-containerregistry/crane:debug @@ -66,7 +78,6 @@ tag-release-image: only: - tags - build_postgres-image: image: name: gcr.io/kaniko-project/executor:debug -- GitLab From 40426fb8b0a0b79fa2c16da6779a231ab5702dea Mon Sep 17 00:00:00 2001 From: Ubbo Veentjer <veentjer@sub.uni-goettingen.de> Date: Mon, 25 Jul 2022 12:07:06 +0200 Subject: [PATCH 2/2] ci: remove broken gemnasium dependency scanning --- .gitlab-ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e460666..9b78015 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,4 @@ include: - - template: Dependency-Scanning.gitlab-ci.yml - template: Security/Container-Scanning.gitlab-ci.yml - template: Security/Secret-Detection.gitlab-ci.yml - remote: https://gitlab.gwdg.de/dariah-de/gitlab-templates/-/raw/main/templates/SBOM-Upload.gitlab-ci.yml -- GitLab