Skip to content
Snippets Groups Projects
Commit 90064d7b authored by Cédric OLIVIER's avatar Cédric OLIVIER
Browse files

Merge branch '69-syft-packages-is-now-deprecated' into 'master'

Resolve "Syft packages is now deprecated"

Closes #69 and #70

See merge request to-be-continuous/docker!103
parents 663806d0 63a98503
No related branches found
No related tags found
No related merge requests found
...@@ -398,7 +398,7 @@ It is bound to the `package-test` stage, and uses the following variables: ...@@ -398,7 +398,7 @@ It is bound to the `package-test` stage, and uses the following variables:
| --------------------- | -------------------------------------- | ----------------- | | --------------------- | -------------------------------------- | ----------------- |
| `DOCKER_SBOM_DISABLED` | Set to `true` to disable this job | _none_ | | `DOCKER_SBOM_DISABLED` | Set to `true` to disable this job | _none_ |
| `DOCKER_SBOM_IMAGE` | The docker image used to emit SBOM | `registry.hub.docker.com/anchore/syft:debug` | | `DOCKER_SBOM_IMAGE` | The docker image used to emit SBOM | `registry.hub.docker.com/anchore/syft:debug` |
| `DOCKER_SBOM_OPTS` | Options for syft used for SBOM analysis | `--catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger,alpmdb-cataloger,apkdb-cataloger,dpkgdb-cataloger` | | `DOCKER_SBOM_OPTS` | Options for syft used for SBOM analysis | `--override-default-catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger` |
### `docker-publish` job ### `docker-publish` job
......
...@@ -210,7 +210,7 @@ ...@@ -210,7 +210,7 @@
{ {
"name": "DOCKER_SBOM_OPTS", "name": "DOCKER_SBOM_OPTS",
"description": "Options for syft used for SBOM analysis", "description": "Options for syft used for SBOM analysis",
"default": "--catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger,alpmdb-cataloger,apkdb-cataloger,dpkgdb-cataloger", "default": "--override-default-catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger",
"advanced": true "advanced": true
} }
] ]
......
...@@ -86,7 +86,7 @@ variables: ...@@ -86,7 +86,7 @@ variables:
# SBOM genenration image and arguments # SBOM genenration image and arguments
DOCKER_SBOM_IMAGE: "registry.hub.docker.com/anchore/syft:debug" DOCKER_SBOM_IMAGE: "registry.hub.docker.com/anchore/syft:debug"
DOCKER_SBOM_OPTS: "--catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger,alpmdb-cataloger,apkdb-cataloger,dpkgdb-cataloger" DOCKER_SBOM_OPTS: "--override-default-catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger"
# default: one-click publish # default: one-click publish
DOCKER_PROD_PUBLISH_STRATEGY: manual DOCKER_PROD_PUBLISH_STRATEGY: manual
...@@ -803,7 +803,7 @@ docker-sbom: ...@@ -803,7 +803,7 @@ docker-sbom:
script: script:
- mkdir -p -m 777 reports - mkdir -p -m 777 reports
- basename=$(echo "${DOCKER_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g') - basename=$(echo "${DOCKER_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g')
- /syft packages ${TRACE+-vv} $DOCKER_SNAPSHOT_IMAGE $DOCKER_SBOM_OPTS -o cyclonedx-json=reports/docker-sbom-${basename}.cyclonedx.json - /syft scan ${TRACE+-vv} $DOCKER_SNAPSHOT_IMAGE $DOCKER_SBOM_OPTS -o cyclonedx-json=reports/docker-sbom-${basename}.cyclonedx.json
- chmod a+r reports/docker-sbom-${basename}.cyclonedx.json - chmod a+r reports/docker-sbom-${basename}.cyclonedx.json
artifacts: artifacts:
name: "SBOM for docker from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" name: "SBOM for docker from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment