Merge pull request #162 from Cyber4All/main

Merge main to releases
Cyber4All · Oct 12, 2022 · 8ad946b · 8ad946b
2 parents cf13ddd + 3690127
commit 8ad946b
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 52 deletions.
diff --git a/src/jobs/sbom.yml b/src/jobs/sbom.yml
@@ -13,45 +13,25 @@ parameters:
       Language of the repository generating an SBOM for.
       Options: (node, python, go)
 
-  version:
-    type: string
-    description: |
-      The semantic version of the project trying to be deployed
-      https://semver.org/spec/v2.0.0.html
-
   # ---------------------------------------------------------------------------------
   # OPTIONAL PARAMETERS
   # These parameters have reasonable defaults.
   # ---------------------------------------------------------------------------------
-  group-id:
-    type: string
-    default: 61ae65f8-ec5a-4f81-8b85-76516b014ed5
-    description: |
-      Id of the group to be assigned to the shortcut story [Default: Id of Operations]
-
-  project-id:
-    type: integer
-    default: 14743
-    description: |
-      Id of the project to be assigned to the shortcut story [Default: Id of SBOM]
-
   shortcut-token:
     type: env_var_name
     default: SHORTCUT_TOKEN
     description: |
       Environment variable name for API key to make Shortcut API request
 
-  workflow-state-id:
-    type: integer
-    default: 500005737
-    description: |
-      Id of the workflow state to assign the shortcut story to [Default: Id of Ready for Development]
-
 machine:
   image: ubuntu-2004:current
 
 steps:
   - checkout
+  - run:
+      name: Prepare Artifacts Directory
+      command: |
+        mkdir ./artifacts
   - when:
       condition:
         equal: [ "node", << parameters.language >> ]
@@ -95,22 +75,17 @@ steps:
             name: Run CycloneDX-gomod
             command: cyclonedx-gomod mod -output cyclonedx-sbom.json -json=true -std=true
   - run:
-      name: cve-bin-tool SBOM anlaysis
+      name: CVE-BIN-TOOL SBOM anlaysis
       command: |
-        docker run --env BOM_FILE=cyclonedx-sbom.json -v $(pwd):/home/alpine/src --name cve-bin-tool cyber4all/cve-bin-tool:latest || true
-
-        docker cp cve-bin-tool:/home/alpine/output.cve-bin-tool.$(date "+%Y-%m-%d").html .
-  - store_artifacts:
-      path: output.cve-bin-tool.$(date "+%Y-%m-%d").html
+        docker run --env BOM_FILE=cyclonedx-sbom.json -v $(pwd)/artifacts:/home/alpine/src --name cve-bin-tool cyber4all/cve-bin-tool:latest || true
+  - run:
+      name: Copy Output from Container
+      command: |
+        docker cp cve-bin-tool:/home/alpine/output.cve-bin-tool.$(date "+%Y-%m-%d").html ./artifacts
   - store_artifacts:
-      path: cyclonedx-sbom.json
+      path: ./artifacts
   - run:
       name: Create Shortcut Story
-      command: |
-        export VERSION="<< parameters.version >>" >> $BASH_ENV
-        export LANGUAGE="<< parameters.language >>" >> $BASH_ENV
-        export GROUP_ID="<< parameters.group-id >>" >> $BASH_ENV
-        export PROJECT_ID="<< parameters.project-id >>" >> $BASH_ENV
-        export WORKFLOW_STATE_ID="<< parameters.workflow-state-id >>" >> $BASH_ENV
-
-        scripts/create-shortcut-story.py
+      command: <<include(scripts/create-shortcut-story.py)>>
+      environment:
+        LANGUAGE: << parameters.language >>
diff --git a/src/scripts/create-shortcut-story.py b/src/scripts/create-shortcut-story.py
@@ -12,10 +12,10 @@
 SHORTCUT_TOKEN=os.environ['SHORTCUT_TOKEN']
 REPOSITORY=os.environ['CIRCLE_PROJECT_REPONAME']
 LANGUAGE=os.environ['LANGUAGE']
-VERSION=os.environ['VERSION']
-WORKFLOW_STATE_ID=int(os.environ['WORKFLOW_STATE_ID'])
-PROJECT_ID=int(os.environ['PROJECT_ID'])
-GROUP_ID=os.environ['GROUP_ID']
+
+WORKFLOW_STATE_ID=500005737
+PROJECT_ID=14743
+GROUP_ID="61ae65f8-ec5a-4f81-8b85-76516b014ed5"
 
 # -------------------------------------------------------
 # SHORTCUT APIv3 CONFIGURATION
@@ -27,7 +27,7 @@
 
 ## Description
 
-Post deployment or quarterly review of Software Bill of Materials (SBOM) for {REPOSITORY}:{VERSION}. This story will track the vulnerability analysis of the SBOM and any dependency upgrades.
+Post deployment or quarterly review of Software Bill of Materials (SBOM) for {REPOSITORY}. This story will track the vulnerability analysis of the SBOM and any dependency upgrades.
 
 ## Requirements
 
@@ -50,7 +50,7 @@
 # -------------------------------------------------------
 
 DATA = {
-    "name": f"Review {REPOSITORY}:{VERSION} SBOM",
+    "name": f"Review {REPOSITORY} SBOM",
     "workflow_state_id": WORKFLOW_STATE_ID,
     "project_id": PROJECT_ID,
     "group_id": GROUP_ID,
@@ -60,7 +60,7 @@
     "story_type": "chore",
     "tasks": [ 
         {
-            "description": f"Analyze {REPOSITORY}:{VERSION} SBOM for vulnerabilities"
+            "description": f"Analyze {REPOSITORY} SBOM for vulnerabilities"
         },
         {
             "description": "Upgrade dependencies"
@@ -77,11 +77,6 @@
             "color": "#1c70dd",
             "description": "Language",
             "name": LANGUAGE
-        },
-        {
-            "color": "#A020F0",
-            "description": "Version",
-            "name": VERSION
         }
     ]
 }
@@ -98,4 +93,4 @@
     },
     data=json.dumps(DATA)
 )
-res.raise_for_status()
+res.raise_for_status()