update

2026-05-07 16:00:31 -05:00 · 2024-05-05 09:43:42 -05:00 · 2024-05-05 09:43:42 -05:00 · db6054d437
commit db6054d437
parent 668906398d
6 changed files with 53 additions and 2 deletions
--- a/pipeline.yml
+++ b/pipeline.yml
@ -5,6 +5,8 @@ stages:
 variables:
  GO_VERSION: "1.22"
  GOLANGCI_LINT_VERISON: "v1.58.0"
  SYFT_VERSION: "v1.3.0"
  GRYPE_VERSION: "v0.77.2"
 gitlab_generic_package:
  stage: deploy
--- a/pipelines/golang.yml
+++ b/pipelines/golang.yml
@ -1,6 +1,5 @@
 stages:
  - build
  - package
  - validate
  - publish 
@ -38,6 +37,18 @@ golang-lint:
      exists:
        - "go.mod"  
 generate_sbom:
  extends: .generate_sbom
  stage: validate
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID
 generate_cve:
  extends: .generate_cve
  stage: validate
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID
 version:
  extends: .version
  stage: .pre
@ -63,7 +74,6 @@ docker-build:
    - job: version
      optional: true
      artifacts: true        
  rules:
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ '/^release/' || $CI_MERGE_REQUEST_IID
      exists:
--- a/scripts/scanner/grype.sh
+++ b/scripts/scanner/grype.sh
@ -0,0 +1,9 @@
 #!/usr/bin/env bash
 #%%MULTILINE_YAML_START
 #grype scan sboms
 for i in syft/*.sbom.json;
 do filename=${i%*.sbom.json};
  filename=${filename##/};
  grype syft/$i -o json --file syft/$filename.cve.json;
 done
--- a/scripts/scanner/syft-go.sh
+++ b/scripts/scanner/syft-go.sh
@ -0,0 +1,7 @@
 #!/usr/bin/env bash
 #%%MULTILINE_YAML_START
 #Syft scan for go
 if [ -f "go.mod" ]; then
    syft go.mod -o cyclonedx-json=syft/${CI_PROJECT_NAME}.sbom.json
 fi
--- a/scripts/scanner/syft-mkdir.sh
+++ b/scripts/scanner/syft-mkdir.sh
@ -0,0 +1,5 @@
 #!/usr/bin/env bash
 #%%MULTILINE_YAML_START
 #mkdir for syft files
 mkdir $CI_PROJECT_DIR/syft
--- a/templates/codescan.tpl.yml
+++ b/templates/codescan.tpl.yml
@ -0,0 +1,18 @@
 .generate_sbom:
  image: registry.internal.durp.info/anchore/syft:${SYFT_VERSION}
  script:
    - ./scripts/scanner/syft-mkdir.sh
    - ./scripts/scanner/syft-go.sh
  artifacts:
    expire_in: 1 hour
    paths:
      - $CI_PROJECT_DIR/syft
 .generate_cve:
  image: registry.internal.durp.info/anchore/grype:${GRYPE_VERSION}
  script:
    - ./scripts/scanner/grype.sh
  artifacts:
    expire_in: 1 hour
    paths:
      - $CI_PROJECT_DIR/syft