Skip to content
Snippets Groups Projects
Commit 52a720ff authored by Cédric OLIVIER's avatar Cédric OLIVIER
Browse files

Merge branch 'feat/sbom-go-image' into 'master'

feat: use go image for sbom job

Closes #42

See merge request to-be-continuous/golang!79
parents 61e72657 9b7e4ee0
No related branches found
No related tags found
No related merge requests found
...@@ -257,7 +257,7 @@ It is bound to the `test` stage, and uses the following variables: ...@@ -257,7 +257,7 @@ It is bound to the `test` stage, and uses the following variables:
| --------------------- | -------------------------------------- | ----------------- | | --------------------- | -------------------------------------- | ----------------- |
| `sbom-disabled` / `GO_SBOM_DISABLED` | Set to `true` to disable this job | _none_ | | `sbom-disabled` / `GO_SBOM_DISABLED` | Set to `true` to disable this job | _none_ |
| `TBC_SBOM_MODE` | Controls when SBOM reports are generated (`onrelease`: only on `$INTEG_REF`, `$PROD_REF` and `$RELEASE_REF` pipelines; `always`: any pipeline).<br/>:warning: `sbom-disabled` / `GO_SBOM_DISABLED` takes precedence | `onrelease` | | `TBC_SBOM_MODE` | Controls when SBOM reports are generated (`onrelease`: only on `$INTEG_REF`, `$PROD_REF` and `$RELEASE_REF` pipelines; `always`: any pipeline).<br/>:warning: `sbom-disabled` / `GO_SBOM_DISABLED` takes precedence | `onrelease` |
| `sbom-image` / `GO_SBOM_IMAGE` | Image of cyclonedx-gomod used for SBOM analysis | `registry.hub.docker.com/cyclonedx/cyclonedx-gomod:latest` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-GO_SBOM_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-GO_SBOM_IMAGE) | | `sbom-image` / `GO_SBOM_IMAGE` | Specific Docker image used to run cyclonedx-gomod | `$GO_IMAGE` |
| `sbom-opts` / `GO_SBOM_OPTS` | [@cyclonedx/cyclonedx-gomod options](https://github.com/CycloneDX/cyclonedx-gomod#usage) used for SBOM analysis | `-main .` | | `sbom-opts` / `GO_SBOM_OPTS` | [@cyclonedx/cyclonedx-gomod options](https://github.com/CycloneDX/cyclonedx-gomod#usage) used for SBOM analysis | `-main .` |
:warning: if you don't have your main class located at the root of your `GO_PROJECT_DIR`, then you will need to override the `-main` option in `GO_SBOM_OPTS` and define your real main class location. :warning: if you don't have your main class located at the root of your `GO_PROJECT_DIR`, then you will need to override the `-main` option in `GO_SBOM_OPTS` and define your real main class location.
......
...@@ -150,7 +150,9 @@ ...@@ -150,7 +150,9 @@
}, },
{ {
"name": "GO_SBOM_IMAGE", "name": "GO_SBOM_IMAGE",
"default": "registry.hub.docker.com/cyclonedx/cyclonedx-gomod:latest" "description": "Specific Docker image used to run cyclonedx-gomod",
"advanced": true,
"default": "$GO_IMAGE"
}, },
{ {
"name": "GO_SBOM_OPTS", "name": "GO_SBOM_OPTS",
......
...@@ -109,7 +109,8 @@ spec: ...@@ -109,7 +109,8 @@ spec:
type: boolean type: boolean
default: false default: false
sbom-image: sbom-image:
default: registry.hub.docker.com/cyclonedx/cyclonedx-gomod:latest description: Specific Docker image used to run cyclonedx-gomod
default: '$GO_IMAGE'
sbom-opts: sbom-opts:
description: '[@cyclonedx/cyclonedx-gomod options](https://github.com/CycloneDX/cyclonedx-gomod#usage) used for SBOM analysis' description: '[@cyclonedx/cyclonedx-gomod options](https://github.com/CycloneDX/cyclonedx-gomod#usage) used for SBOM analysis'
default: -main . default: -main .
...@@ -807,7 +808,7 @@ go-sbom: ...@@ -807,7 +808,7 @@ go-sbom:
image: image:
name: $GO_SBOM_IMAGE name: $GO_SBOM_IMAGE
entrypoint: [""] entrypoint: [""]
# manage separate GitLab cache to prevent permission denied error (this image being rootless, it can't rewrite Go cache - owned by root) # manage separate GitLab cache to prevent permission denied error (cyclonedx-gomod image being rootless, it can't rewrite Go cache - owned by root)
# see: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/29663 # see: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/29663
cache: cache:
key: "$CI_COMMIT_REF_SLUG-golang-sbom" key: "$CI_COMMIT_REF_SLUG-golang-sbom"
...@@ -817,10 +818,10 @@ go-sbom: ...@@ -817,10 +818,10 @@ go-sbom:
dependencies: [] dependencies: []
needs: [] needs: []
script: script:
- command -v cyclonedx-gomod > /dev/null || go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest
- mkdir -p -m 777 reports - mkdir -p -m 777 reports
- go_mode=$(go_build_mode) - go_mode=$(go_build_mode)
- | - cyclonedx-gomod "${go_mode:0:3}" -json -output reports/go-sbom.cyclonedx.json $GO_SBOM_OPTS
cyclonedx-gomod "${go_mode:0:3}" -json -output reports/go-sbom.cyclonedx.json $GO_SBOM_OPTS
- chmod a+r reports/go-sbom.cyclonedx.json - chmod a+r reports/go-sbom.cyclonedx.json
artifacts: artifacts:
name: "SBOM for golang from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" name: "SBOM for golang from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment