update
This commit is contained in:
@@ -5,6 +5,8 @@ stages:
|
||||
variables:
|
||||
GO_VERSION: "1.22"
|
||||
GOLANGCI_LINT_VERISON: "v1.58.0"
|
||||
SYFT_VERSION: "v1.3.0"
|
||||
GRYPE_VERSION: "v0.77.2"
|
||||
|
||||
gitlab_generic_package:
|
||||
stage: deploy
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
stages:
|
||||
- build
|
||||
- package
|
||||
- validate
|
||||
- publish
|
||||
|
||||
@@ -38,6 +37,18 @@ golang-lint:
|
||||
exists:
|
||||
- "go.mod"
|
||||
|
||||
generate_sbom:
|
||||
extends: .generate_sbom
|
||||
stage: validate
|
||||
rules:
|
||||
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID
|
||||
|
||||
generate_cve:
|
||||
extends: .generate_cve
|
||||
stage: validate
|
||||
rules:
|
||||
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID
|
||||
|
||||
version:
|
||||
extends: .version
|
||||
stage: .pre
|
||||
@@ -63,7 +74,6 @@ docker-build:
|
||||
- job: version
|
||||
optional: true
|
||||
artifacts: true
|
||||
rules:
|
||||
rules:
|
||||
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID
|
||||
exists:
|
||||
|
||||
9
scripts/scanner/grype.sh
Normal file
9
scripts/scanner/grype.sh
Normal file
@@ -0,0 +1,9 @@
|
||||
#!/usr/bin/env bash
|
||||
#%%MULTILINE_YAML_START
|
||||
#grype scan sboms
|
||||
|
||||
for i in syft/*.sbom.json;
|
||||
do filename=${i%*.sbom.json};
|
||||
filename=${filename##/};
|
||||
grype syft/$i -o json --file syft/$filename.cve.json;
|
||||
done
|
||||
7
scripts/scanner/syft-go.sh
Normal file
7
scripts/scanner/syft-go.sh
Normal file
@@ -0,0 +1,7 @@
|
||||
#!/usr/bin/env bash
|
||||
#%%MULTILINE_YAML_START
|
||||
#Syft scan for go
|
||||
|
||||
if [ -f "go.mod" ]; then
|
||||
syft go.mod -o cyclonedx-json=syft/${CI_PROJECT_NAME}.sbom.json
|
||||
fi
|
||||
5
scripts/scanner/syft-mkdir.sh
Normal file
5
scripts/scanner/syft-mkdir.sh
Normal file
@@ -0,0 +1,5 @@
|
||||
#!/usr/bin/env bash
|
||||
#%%MULTILINE_YAML_START
|
||||
#mkdir for syft files
|
||||
|
||||
mkdir $CI_PROJECT_DIR/syft
|
||||
18
templates/codescan.tpl.yml
Normal file
18
templates/codescan.tpl.yml
Normal file
@@ -0,0 +1,18 @@
|
||||
.generate_sbom:
|
||||
image: registry.internal.durp.info/anchore/syft:${SYFT_VERSION}
|
||||
script:
|
||||
- ./scripts/scanner/syft-mkdir.sh
|
||||
- ./scripts/scanner/syft-go.sh
|
||||
artifacts:
|
||||
expire_in: 1 hour
|
||||
paths:
|
||||
- $CI_PROJECT_DIR/syft
|
||||
|
||||
.generate_cve:
|
||||
image: registry.internal.durp.info/anchore/grype:${GRYPE_VERSION}
|
||||
script:
|
||||
- ./scripts/scanner/grype.sh
|
||||
artifacts:
|
||||
expire_in: 1 hour
|
||||
paths:
|
||||
- $CI_PROJECT_DIR/syft
|
||||
Reference in New Issue
Block a user