allineamento workflow

pluribus-one · Mar 29, 2024 · 0f62312 · 0f62312
1 parent f0986d9
commit 0f62312
Showing 1 changed file with 72 additions and 72 deletions.
diff --git a/.github/workflows/vuln_man.yml b/.github/workflows/vuln_man.yml
@@ -1,4 +1,4 @@
-name: SBOM generation
+name: SBOM generation final
 
 on:
   workflow_dispatch:
@@ -31,74 +31,74 @@ jobs:
           retention-days: 5
           if-no-files-found: error
 
-  # sbom-docker:
-  #   name: Generate docker SBOM
-  #   runs-on: ubuntu-latest
-  #   container: quay.io/pluribus_one/sbom_vex_scanner:latest
-  #   strategy:
-  #     fail-fast: false
-  #     matrix:
-  #       project: ["dvna", "vulnado"]
-
-  #   steps:
-  #     - name: Checkout Repository
-  #       uses: actions/checkout@v4
-
-  #     - name: Set up Docker Buildx
-  #       uses: docker/setup-buildx-action@v3
-
-  #     - name: Build Docker image
-  #       id: build-image
-  #       uses: docker/build-push-action@v5
-  #       with:
-  #         context: "${{ github.workspace }}/vuln_apps/${{ matrix.project }}"
-  #         push: false
-  #         load: true
-  #         tags: ${{ matrix.project }}:latest
-
-  #     - name: Generate docker SBOMs
-  #       run: |
-  #         cdxgen --type docker
-
-  #     - name: upload Artifacts
-  #       uses: actions/upload-artifact@v4
-  #       with:
-  #         name: sbom-${{matrix.project}}-docker
-  #         path: "/path/to/output/bom.json"
-  #         retention-days: 5
-  #         if-no-files-found: error
-
-  # merge-sbom:
-  #   name: Merge previously generated SBOM
-  #   runs-on: ubuntu-latest
-  #   needs: ["sbom", "sbom-docker"]
-  #   container: cyclonedx/container:tag
-  #   strategy:
-  #     fail-fast: false
-  #     matrix:
-  #       project: ["dvna", "vulnado"]
-
-  #   steps:
-  #     - name: Download artifact sbom
-  #       uses: actions/download-artifact@v4
-  #       with:
-  #         name: sbom-${{matrix.project}}
-  #         path: ./sboms-${{matrix.project}}
-
-  #     - name: Download artifact sbom-docker
-  #       uses: actions/download-artifact@v4
-  #       with:
-  #         name: sbom-${{matrix.project}}-docker
-  #         path: ./sboms-${{matrix.project}}
-
-  #     - name: Merge previously generated sboms
-  #       run: |
-  #         cyclonedx merge --input-files sboms-${{matrix.project}}/file_in_1.json sboms-${{matrix.project}}/file_in_2.json --output-file file_out.json --hierarchical --name ${{ matrix.project }} --version ${{ github.run_number }}
-
-  #     - name: upload Artifacts
-  #       uses: actions/upload-artifact@v4
-  #       with:
-  #         name: sbom-${{matrix.project}}-merged
-  #         path: "path/to/file_out.json"
-  #         retention-days: 5
-  #         if-no-files-found: error
+  sbom-docker:
+    name: Generate docker SBOM
+    runs-on: ubuntu-latest
+    container: quay.io/pluribus_one/sbom_vex_scanner:latest
+    strategy:
+      fail-fast: false
+      matrix:
+        project: ["dvna", "vulnado"]
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build Docker image
+        id: build-image
+        uses: docker/build-push-action@v5
+        with:
+          context: "${{ github.workspace }}/vuln_apps/${{ matrix.project }}"
+          push: false
+          load: true
+          tags: ${{ matrix.project }}:latest
+
+      - name: Generate docker SBOMs
+        run: |
+          cdxgen --type docker -o "${{ matrix.project }}-docker_bom.json" ${{ matrix.project }}:latest
+
+      - name: upload Artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: sbom-${{matrix.project}}-docker
+          path: ${{ matrix.project }}-docker_bom.json
+          retention-days: 5
+          if-no-files-found: error
+
+  merge-sbom:
+    name: Merge previously generated SBOM
+    runs-on: ubuntu-latest
+    needs: ["sbom", "sbom-docker"]
+    container: cyclonedx/cyclonedx-cli:0.25.0
+    strategy:
+      fail-fast: false
+      matrix:
+        project: ["dvna", "vulnado"]
+
+    steps:
+      - name: Download artifact sbom
+        uses: actions/download-artifact@v4
+        with:
+          name: sbom-${{matrix.project}}
+          path: ./sboms-${{matrix.project}}
+
+      - name: Download artifact sbom-docker
+        uses: actions/download-artifact@v4
+        with:
+          name: sbom-${{matrix.project}}-docker
+          path: ./sboms-${{matrix.project}}
+
+      - name: Merge previously generated sboms
+        run: |
+          cyclonedx merge --input-files sboms-${{matrix.project}}/${{ matrix.project }}_bom.json sboms-${{matrix.project}}/${{ matrix.project }}-docker_bom.json --output-file ${{ matrix.project }}_merged_sbom.json --hierarchical --name ${{ matrix.project }} --version ${{ github.run_number }} --group devsecops-exercises
+
+      - name: upload Artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: sbom-${{matrix.project}}-merged
+          path: ${{ matrix.project }}_merged_sbom.json
+          retention-days: 5
+          if-no-files-found: error