update

pipelines/go-build.yml

@@ -10,30 +10,11 @@ include:
     file: 
       - 'jobs/golang.yml'
       - 'jobs/version.yml'
-      - 'jobs/sonarqube.yml'
       - 'jobs/golang.yml'
       - 'jobs/docker.yml'
-      - 'jobs/codescan.yml'
       - 'rules/rules.yml'
+      - 'pipelines/templates/security'
 
-generate_sbom:
-  extends: .generate_sbom
-  stage: build
-  needs:
-    - job: docker-build
-      optional: true
-      artifacts: true
-  rules:
-    - !reference [.mr_only_rules, rules]
-
-generate_cve:
-  extends: .generate_cve
-  stage: build
-  needs:
-    - job: generate_sbom
-      artifacts: true
-  rules:
-    - !reference [.mr_only_rules, rules]
 
 version:
   extends: .version
@@ -41,19 +22,6 @@ version:
   rules:
     - !reference [.default_rules, rules]
 
-secret_detection:
-  stage: validate
-  rules:
-    - !reference [.mr_only_rules, rules]
-  allow_failure: false
-
-sonarqube:
-  extends: .sonarcloud-check
-  stage: validate
-  allow_failure: true
-  rules:
-    - !reference [.sonarqube_rules, rules]
-
 golang-lint:
   extends: .golang-lint
   stage: validate

pipelines/templates/security.yml

@@ -0,0 +1,43 @@
+stages:
+  - build
+
+include:
+  - template: Security/Secret-Detection.gitlab-ci.yml
+  - project: 'developerdurp/yml'
+    ref: 'main'
+    file: 
+      - 'jobs/codescan.yml'
+      - 'jobs/sonarqube.yml'
+      - 'rules/rules.yml'
+
+secret_detection:
+  stage: validate
+  rules:
+    - !reference [.mr_only_rules, rules]
+  allow_failure: false
+
+generate_sbom:
+  extends: .generate_sbom
+  stage: build
+  needs:
+    - job: docker-build
+      optional: true
+      artifacts: true
+  rules:
+    - !reference [.mr_only_rules, rules]
+
+generate_cve:
+  extends: .generate_cve
+  stage: build
+  needs:
+    - job: generate_sbom
+      artifacts: true
+  rules:
+    - !reference [.mr_only_rules, rules]
+
+sonarqube:
+  extends: .sonarcloud-check
+  stage: validate
+  allow_failure: true
+  rules:
+    - !reference [.sonarqube_rules, rules]

scripts/scanner/syft-docker.sh

@@ -3,8 +3,8 @@
 #Syft scan for docker
 
 for i in packages/*.tar.gz;
-do filename=${i%.*.tar.gz};
+do filename=${i%.*.*.*.tar.gz};
   filename="$(basename -- "$filename")"
   syft $i -o cyclonedx-json=syft/$filename.docker.sbom.json;
 done
-
+${version%.*.*.*.tar.gz}