From 945ac257a15ac7be4cab41d690e34038f6c0df3a Mon Sep 17 00:00:00 2001
From: DeveloperDurp <DeveloperDurp@durp.info>
Date: Mon, 6 May 2024 06:15:47 -0500
Subject: [PATCH] update

---
 pipelines/go-build.yml           | 34 +------------------------
 pipelines/templates/security.yml | 43 ++++++++++++++++++++++++++++++++
 scripts/scanner/syft-docker.sh   |  4 +--
 3 files changed, 46 insertions(+), 35 deletions(-)
 create mode 100644 pipelines/templates/security.yml

diff --git a/pipelines/go-build.yml b/pipelines/go-build.yml
index e8eb0a3..30f5fe5 100644
--- a/pipelines/go-build.yml
+++ b/pipelines/go-build.yml
@@ -10,30 +10,11 @@ include:
     file: 
       - 'jobs/golang.yml'
       - 'jobs/version.yml'
-      - 'jobs/sonarqube.yml'
       - 'jobs/golang.yml'
       - 'jobs/docker.yml'
-      - 'jobs/codescan.yml'
       - 'rules/rules.yml'
+      - 'pipelines/templates/security'
 
-generate_sbom:
-  extends: .generate_sbom
-  stage: build
-  needs:
-    - job: docker-build
-      optional: true
-      artifacts: true
-  rules:
-    - !reference [.mr_only_rules, rules]
-
-generate_cve:
-  extends: .generate_cve
-  stage: build
-  needs:
-    - job: generate_sbom
-      artifacts: true
-  rules:
-    - !reference [.mr_only_rules, rules]
 
 version:
   extends: .version
@@ -41,19 +22,6 @@ version:
   rules:
     - !reference [.default_rules, rules]
 
-secret_detection:
-  stage: validate
-  rules:
-    - !reference [.mr_only_rules, rules]
-  allow_failure: false
-
-sonarqube:
-  extends: .sonarcloud-check
-  stage: validate
-  allow_failure: true
-  rules:
-    - !reference [.sonarqube_rules, rules]
-
 golang-lint:
   extends: .golang-lint
   stage: validate
diff --git a/pipelines/templates/security.yml b/pipelines/templates/security.yml
new file mode 100644
index 0000000..28835de
--- /dev/null
+++ b/pipelines/templates/security.yml
@@ -0,0 +1,43 @@
+stages:
+  - build
+
+include:
+  - template: Security/Secret-Detection.gitlab-ci.yml
+  - project: 'developerdurp/yml'
+    ref: 'main'
+    file: 
+      - 'jobs/codescan.yml'
+      - 'jobs/sonarqube.yml'
+      - 'rules/rules.yml'
+
+secret_detection:
+  stage: validate
+  rules:
+    - !reference [.mr_only_rules, rules]
+  allow_failure: false
+
+generate_sbom:
+  extends: .generate_sbom
+  stage: build
+  needs:
+    - job: docker-build
+      optional: true
+      artifacts: true
+  rules:
+    - !reference [.mr_only_rules, rules]
+
+generate_cve:
+  extends: .generate_cve
+  stage: build
+  needs:
+    - job: generate_sbom
+      artifacts: true
+  rules:
+    - !reference [.mr_only_rules, rules]
+
+sonarqube:
+  extends: .sonarcloud-check
+  stage: validate
+  allow_failure: true
+  rules:
+    - !reference [.sonarqube_rules, rules]
diff --git a/scripts/scanner/syft-docker.sh b/scripts/scanner/syft-docker.sh
index 66254f7..ef18120 100644
--- a/scripts/scanner/syft-docker.sh
+++ b/scripts/scanner/syft-docker.sh
@@ -3,8 +3,8 @@
 #Syft scan for docker
 
 for i in packages/*.tar.gz;
-do filename=${i%.*.tar.gz};
+do filename=${i%.*.*.*.tar.gz};
   filename="$(basename -- "$filename")"
   syft $i -o cyclonedx-json=syft/$filename.docker.sbom.json;
 done
-
+${version%.*.*.*.tar.gz}