59 lines
1.4 KiB
YAML
59 lines
1.4 KiB
YAML
.generate_sbom:
|
|
image: registry.internal.durp.info/nixos/nix:latest
|
|
script:
|
|
# Begin of syft-install.sh
|
|
- |
|
|
#Syft install
|
|
nix-env -iA nixpkgs.syft
|
|
# End of syft-install.sh
|
|
|
|
# Begin of syft-mkdir.sh
|
|
- |
|
|
#mkdir for syft files
|
|
mkdir $CI_PROJECT_DIR/syft
|
|
# End of syft-mkdir.sh
|
|
|
|
# Begin of syft-go.sh
|
|
- |
|
|
#Syft scan for go
|
|
if [ -f "go.mod" ]; then
|
|
syft go.mod -o cyclonedx-json=syft/${CI_PROJECT_NAME}.sbom.json
|
|
fi
|
|
# End of syft-go.sh
|
|
|
|
# Begin of syft-docker.sh
|
|
- |
|
|
#Syft scan for docker
|
|
for i in packages/*.tar.gz;
|
|
do filename=${i%.*.*.*.tar.gz};
|
|
filename="$(basename -- "$filename")"
|
|
syft $i -o cyclonedx-json=syft/$filename.docker.sbom.json;
|
|
done
|
|
# End of syft-docker.sh
|
|
artifacts:
|
|
expire_in: 1 hour
|
|
paths:
|
|
- $CI_PROJECT_DIR/syft
|
|
.generate_cve:
|
|
image: registry.internal.durp.info/nixos/nix:latest
|
|
script:
|
|
# Begin of grype-install.sh
|
|
- |
|
|
#Syft install
|
|
nix-env -iA nixpkgs.grype
|
|
# End of grype-install.sh
|
|
|
|
# Begin of grype.sh
|
|
- |
|
|
#grype scan sboms
|
|
for i in syft/*.sbom.json;
|
|
do filename=${i%*.sbom.json};
|
|
filename=${filename##/};
|
|
grype $i -o json --file $filename.cve.json;
|
|
done
|
|
# End of grype.sh
|
|
artifacts:
|
|
expire_in: 1 hour
|
|
paths:
|
|
- $CI_PROJECT_DIR/syft
|