Skip to content
Snippets Groups Projects
Commit 92a0dfca authored by Cédric OLIVIER's avatar Cédric OLIVIER
Browse files

Merge branch 'fix/sbom-component-name' into 'master'

fix: add component name to sbom

Closes #50

See merge request to-be-continuous/python!85
parents 3eef1b3b 6cb27197
Branches
Tags
No related merge requests found
...@@ -243,6 +243,7 @@ It is bound to the `test` stage, and uses the following variables: ...@@ -243,6 +243,7 @@ It is bound to the `test` stage, and uses the following variables:
| --------------------- | -------------------------------------- | ----------------- | | --------------------- | -------------------------------------- | ----------------- |
| `PYTHON_SBOM_DISABLED` | Set to `true` to disable this job | _none_ | | `PYTHON_SBOM_DISABLED` | Set to `true` to disable this job | _none_ |
| `PYTHON_SBOM_SYFT_URL` | Url to the `tar.gz` package for `linux_amd64` of Syft to use (ex: `https://github.com/anchore/syft/releases/download/v0.62.3/syft_0.62.3_linux_amd64.tar.gz`)<br/>_When unset, the latest version will be used_ | _none_ | | `PYTHON_SBOM_SYFT_URL` | Url to the `tar.gz` package for `linux_amd64` of Syft to use (ex: `https://github.com/anchore/syft/releases/download/v0.62.3/syft_0.62.3_linux_amd64.tar.gz`)<br/>_When unset, the latest version will be used_ | _none_ |
| `PYTHON_SBOM_NAME` | Component name of the emitted SBOM | `$CI_PROJECT_PATH/$PYTHON_PROJECT_DIR` |
| `PYTHON_SBOM_OPTS` | Options for syft used for SBOM analysis | `--catalogers python-index-cataloger` | | `PYTHON_SBOM_OPTS` | Options for syft used for SBOM analysis | `--catalogers python-index-cataloger` |
In addition to logs in the console, this job produces the following reports, kept for one week: In addition to logs in the console, this job produces the following reports, kept for one week:
......
...@@ -161,6 +161,12 @@ ...@@ -161,6 +161,12 @@
"description": "Url to the `tar.gz` package for `linux_amd64` of Syft to use\n\n_When unset, the latest version will be used_", "description": "Url to the `tar.gz` package for `linux_amd64` of Syft to use\n\n_When unset, the latest version will be used_",
"advanced": true "advanced": true
}, },
{
"name": "PYTHON_SBOM_NAME",
"description": "Component name of the emitted SBOM",
"default": "$CI_PROJECT_PATH/$PYTHON_PROJECT_DIR",
"advanced": true
},
{ {
"name": "PYTHON_SBOM_OPTS", "name": "PYTHON_SBOM_OPTS",
"description": "Options for syft used for SBOM analysis", "description": "Options for syft used for SBOM analysis",
......
...@@ -92,6 +92,7 @@ variables: ...@@ -92,6 +92,7 @@ variables:
PYTHON_TRIVY_IMAGE: "registry.hub.docker.com/aquasec/trivy:latest" PYTHON_TRIVY_IMAGE: "registry.hub.docker.com/aquasec/trivy:latest"
PYTHON_TRIVY_ARGS: "--vuln-type library" PYTHON_TRIVY_ARGS: "--vuln-type library"
PYTHON_SBOM_NAME: "$CI_PROJECT_PATH/$PYTHON_PROJECT_DIR"
PYTHON_SBOM_OPTS: "--catalogers python-index-cataloger" PYTHON_SBOM_OPTS: "--catalogers python-index-cataloger"
PYTHON_RELEASE_NEXT: "minor" PYTHON_RELEASE_NEXT: "minor"
...@@ -849,7 +850,7 @@ py-sbom: ...@@ -849,7 +850,7 @@ py-sbom:
mkdir -p $PIP_CACHE_DIR mkdir -p $PIP_CACHE_DIR
mv ./syft $python_sbom_syft mv ./syft $python_sbom_syft
fi fi
- $python_sbom_syft dir:. $PYTHON_SBOM_OPTS -o cyclonedx-json > reports/py-sbom.cyclonedx.json - $python_sbom_syft dir:. --source-name $PYTHON_SBOM_NAME $PYTHON_SBOM_OPTS -o cyclonedx-json > reports/py-sbom.cyclonedx.json
- chmod a+r reports/py-sbom.cyclonedx.json - chmod a+r reports/py-sbom.cyclonedx.json
artifacts: artifacts:
name: "Python SBOM from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" name: "Python SBOM from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment