From 9ab0e6a82237cb73964776ceec3c09299e448c0f Mon Sep 17 00:00:00 2001
From: DeveloperDurpBot <DeveloperDurp@durp.info>
Date: Sun, 5 May 2024 14:44:15 +0000
Subject: [PATCH] ci: render

Rendered by https://gitlab.com/developerdurp/yml/-/pipelines/1279052932
---
 jobs/codescan.yml | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 jobs/codescan.yml

diff --git a/jobs/codescan.yml b/jobs/codescan.yml
new file mode 100644
index 0000000..66852c4
--- /dev/null
+++ b/jobs/codescan.yml
@@ -0,0 +1,36 @@
+.generate_sbom:
+  image: registry.internal.durp.info/anchore/syft:${SYFT_VERSION}
+  script:
+    # Begin of syft-mkdir.sh
+    - |
+      #mkdir for syft files
+      mkdir $CI_PROJECT_DIR/syft
+    # End of syft-mkdir.sh
+
+    # Begin of syft-go.sh
+    - |
+      #Syft scan for go
+      if [ -f "go.mod" ]; then
+          syft go.mod -o cyclonedx-json=syft/${CI_PROJECT_NAME}.sbom.json
+      fi
+    # End of syft-go.sh
+  artifacts:
+    expire_in: 1 hour
+    paths:
+      - $CI_PROJECT_DIR/syft
+.generate_cve:
+  image: registry.internal.durp.info/anchore/grype:${GRYPE_VERSION}
+  script:
+    # Begin of grype.sh
+    - |
+      #grype scan sboms
+      for i in syft/*.sbom.json;
+      do filename=${i%*.sbom.json};
+        filename=${filename##/};
+        grype syft/$i -o json --file syft/$filename.cve.json;
+      done
+    # End of grype.sh
+  artifacts:
+    expire_in: 1 hour
+    paths:
+      - $CI_PROJECT_DIR/syft