Skip to content
Snippets Groups Projects
Commit 62341f44 authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

fix(sbom): sbom report's name derives from snapshot image (same as Trivy)

parent 90f3ea7a
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
templates/gitlab-ci-docker.yml
+ 4
4
View file @ 62341f44
...@@ -751,7 +751,7 @@ docker-trivy: ...@@ -751,7 +751,7 @@ docker-trivy:
trivy image --clear-cache trivy image --clear-cache
export TRIVY_USERNAME=${DOCKER_REGISTRY_SNAPSHOT_USER:-${DOCKER_REGISTRY_USER:-$CI_REGISTRY_USER}} export TRIVY_USERNAME=${DOCKER_REGISTRY_SNAPSHOT_USER:-${DOCKER_REGISTRY_USER:-$CI_REGISTRY_USER}}
export TRIVY_PASSWORD=${DOCKER_REGISTRY_SNAPSHOT_PASSWORD:-${DOCKER_REGISTRY_PASSWORD:-$CI_REGISTRY_PASSWORD}} export TRIVY_PASSWORD=${DOCKER_REGISTRY_SNAPSHOT_PASSWORD:-${DOCKER_REGISTRY_PASSWORD:-$CI_REGISTRY_PASSWORD}}
export basename=$(echo "${DOCKER_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g') basename=$(echo "${DOCKER_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g')
mkdir -p ./reports mkdir -p ./reports
if [[ -z "${DOCKER_TRIVY_ADDR}" ]]; then if [[ -z "${DOCKER_TRIVY_ADDR}" ]]; then
log_warn "\\e[93mYou are using Trivy in standalone mode. To get faster scans, consider setting the DOCKER_TRIVY_ADDR variable to the address of a Trivy server. More info here: https://aquasecurity.github.io/trivy/latest/docs/references/modes/client-server/\\e[0m" log_warn "\\e[93mYou are using Trivy in standalone mode. To get faster scans, consider setting the DOCKER_TRIVY_ADDR variable to the address of a Trivy server. More info here: https://aquasecurity.github.io/trivy/latest/docs/references/modes/client-server/\\e[0m"
...@@ -796,9 +796,9 @@ docker-sbom: ...@@ -796,9 +796,9 @@ docker-sbom:
dependencies: [] dependencies: []
script: script:
- mkdir -p -m 777 reports - mkdir -p -m 777 reports
- dockerfile_hash=$(md5sum "$DOCKER_FILE" | cut -d" " -f1) - basename=$(echo "${DOCKER_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g')
- /syft packages ${TRACE+-vv} $DOCKER_SNAPSHOT_IMAGE $DOCKER_SBOM_OPTS -o cyclonedx-json=reports/docker-sbom-${dockerfile_hash}.cyclonedx.json - /syft packages ${TRACE+-vv} $DOCKER_SNAPSHOT_IMAGE $DOCKER_SBOM_OPTS -o cyclonedx-json=reports/docker-sbom-${basename}.cyclonedx.json
- chmod a+r reports/docker-sbom-${dockerfile_hash}.cyclonedx.json - chmod a+r reports/docker-sbom-${basename}.cyclonedx.json
artifacts: artifacts:
name: "SBOM for docker from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" name: "SBOM for docker from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
expire_in: 1 week expire_in: 1 week
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment