Skip to content

Commit 9206a83

Browse files
author
Andre Vieira
committed
chore(actions): cyclonedx sbom
1 parent 05e88d4 commit 9206a83

File tree

1 file changed

+4
-28
lines changed

1 file changed

+4
-28
lines changed

.github/workflows/prereleased.yml

Lines changed: 4 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -101,7 +101,7 @@ jobs:
101101

102102
- name: Copy SBOM to S3
103103
run: |
104-
aws s3 cp ${{ env.SBOM_FILENAME }}.cyclonedx.json s3://repos-sboms/${{ github.event.repository.name }}/${{ env.SBOM_FILENAME }}.cyclonedx.json
104+
aws s3 cp ${{ env.SBOM_FILENAME }}.cyclonedx.json s3://repos-sboms/${{ github.event.repository.name }}/command-${{ env.SBOM_FILENAME }}.cyclonedx.json
105105
106106
- name: Login to Dockerhub Registry
107107
uses: docker/login-action@v3
@@ -151,21 +151,9 @@ jobs:
151151
with:
152152
upload-artifact-retention: 1
153153
image: ${{ steps.docker_build.outputs.imageId }}
154-
format: spdx-json
154+
format: cyclonedx-json
155155
upload-release-assets: false
156-
output-file: ${{ env.SBOM_FILENAME }}.spdx.json
157-
158-
- name: Scan SBOM
159-
id: scan_sbom
160-
uses: anchore/scan-action@v3
161-
with:
162-
sbom: ${{ env.SBOM_FILENAME }}.spdx.json
163-
output-format: sarif
164-
fail-build: false
165-
166-
- name: Determine number of noticiable vulnerabilities
167-
id: count_vulnerabilities
168-
run: echo "value=$(grep -cE "(medium|high|critical) vulnerability" ${{ steps.scan_sbom.outputs.sarif }})" >> $GITHUB_OUTPUT
156+
output-file: ${{ env.SBOM_FILENAME }}.cyclonedx.json
169157

170158
- name: Configure AWS credentials
171159
uses: aws-actions/configure-aws-credentials@v4
@@ -175,19 +163,7 @@ jobs:
175163

176164
- name: Copy SBOM to S3
177165
run: |
178-
aws s3 cp ${{ env.SBOM_FILENAME }}.spdx.json s3://repos-sboms/${{ github.event.repository.name }}/lambda-${{ env.SBOM_FILENAME }}.spdx.json
179-
aws s3 cp ${{ steps.scan_sbom.outputs.sarif }} s3://repos-sboms/${{ github.event.repository.name }}/lambda-${{ env.SBOM_FILENAME }}-scan.sarif
180-
181-
- name: Update Notion Page
182-
uses: ydataai/update-notion-page@v1
183-
env:
184-
STATUS_ICON: ${{ steps.count_vulnerabilities.outputs.value == '0' && '"✅"' || '"⚠️"' }}
185-
STATUS_URL: ${{ steps.count_vulnerabilities.outputs.value == '0' && 'null' || format('{{"url":"https://s3.console.aws.amazon.com/s3/buckets/repos-sboms?region={0}&prefix={1}/{2}-{3}-scan.sarif"}}', env.AWS_S3_REGION, github.event.repository.name, 'lambda', env.SBOM_FILENAME) }}
186-
with:
187-
notion_secret: ${{ secrets.NOTION_SECRET }}
188-
notion_database_id: ${{ env.NOTION_DATABASE_ID }}
189-
notion_database_query_filter: '{ "property": "Repo", "title": { "equals": "${{ github.event.repository.name }}" } }'
190-
notion_page_update_properties: '{ "Docker Scan": { "rich_text": [ { "text": { "content": ${{ env.STATUS_ICON }}, "link": ${{ env.STATUS_URL }} } } ] }, "SBOMS": { "url": "https://s3.console.aws.amazon.com/s3/buckets/repos-sboms?region=${{ env.AWS_S3_REGION }}&prefix=${{ github.event.repository.name }}/" } }'
166+
aws s3 cp ${{ env.SBOM_FILENAME }}.cyclonedx.json s3://repos-sboms/${{ github.event.repository.name }}/lambda-${{ env.SBOM_FILENAME }}.cyclonedx.json
191167
192168
- name: Login to Dockerhub Registry
193169
uses: docker/login-action@v3

0 commit comments

Comments
 (0)