update

scripts/scanner/syft-docker.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+#%%MULTILINE_YAML_START
+#Syft scan for go
+
+for i in packages/*.tar.gz;
+do filename=${i%.*.tar.gz};
+  filename=${filename##/};
+  syft $i -o cyclonedx-json=$filename.docker.sbom.json;
+done
+

templates/codescan.tpl.yml

@@ -4,6 +4,7 @@
     - ./scripts/scanner/syft-install.sh
     - ./scripts/scanner/syft-mkdir.sh
     - ./scripts/scanner/syft-go.sh
+    - ./scripts/scanner/syft-docker.sh
   artifacts:
     expire_in: 1 hour
     paths: