Skip to content

Commit ccaad71

Browse files
anthony-nhsanthony-nhs
committed
single job for sbom
1 parent cf701fc commit ccaad71

File tree

1 file changed

+39
-50
lines changed

1 file changed

+39
-50
lines changed

.github/workflows/quality-checks.yml

Lines changed: 39 additions & 50 deletions
Original file line numberDiff line numberDiff line change
@@ -249,68 +249,57 @@ jobs:
249249
- name: Run unit tests
250250
run: make test
251251

252-
- name: Generate and check python SBOMs
252+
- name: Generate and check SBOMs
253253
if: ${{ steps.check_languages.outputs.uses_poetry == 'true' }}
254254
uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
255255
with:
256256
scan-type: "fs"
257-
scan-ref: "poetry.lock"
258-
severity: "CRITICAL,HIGH"
259-
scanners: "vuln"
260-
format: "table"
261-
output: "dependency_results_python.txt"
262-
exit-code: "1"
263-
trivy-config: trivy.yaml
264-
- name: Generate and check node SBOMs
265-
if: ${{ steps.check_languages.outputs.uses_node == 'true' }}
266-
uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
267-
with:
268-
scan-type: "fs"
269-
scan-ref: "package-lock.json"
270-
severity: "CRITICAL,HIGH"
271-
scanners: "vuln"
272-
format: "table"
273-
output: "dependency_results_node.txt"
274-
exit-code: "1"
275-
trivy-config: trivy.yaml
276-
- name: Generate and check java SBOMs
277-
if: ${{ steps.check_languages.outputs.uses_java == 'true' }}
278-
uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
279-
with:
280-
scan-type: "fs"
281-
scan-ref: "pom.xml"
282-
severity: "CRITICAL,HIGH"
283-
scanners: "vuln"
284-
format: "table"
285-
output: "dependency_results_java.txt"
286-
exit-code: "1"
287-
- name: Generate and check golang SBOMs
288-
if: ${{ steps.check_languages.outputs.uses_go == 'true' }}
289-
uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
290-
with:
291-
scan-type: "fs"
292-
scan-ref: "src/go.mod"
257+
scan-ref: "."
293258
severity: "CRITICAL,HIGH"
294259
scanners: "vuln"
295260
format: "table"
296-
output: "dependency_results_go.txt"
261+
output: "dependency_results.txt"
297262
exit-code: "1"
298263
trivy-config: trivy.yaml
264+
# - name: Generate and check node SBOMs
265+
# if: ${{ steps.check_languages.outputs.uses_node == 'true' }}
266+
# uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
267+
# with:
268+
# scan-type: "fs"
269+
# scan-ref: "package-lock.json"
270+
# severity: "CRITICAL,HIGH"
271+
# scanners: "vuln"
272+
# format: "table"
273+
# output: "dependency_results_node.txt"
274+
# exit-code: "1"
275+
# trivy-config: trivy.yaml
276+
# - name: Generate and check java SBOMs
277+
# if: ${{ steps.check_languages.outputs.uses_java == 'true' }}
278+
# uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
279+
# with:
280+
# scan-type: "fs"
281+
# scan-ref: "pom.xml"
282+
# severity: "CRITICAL,HIGH"
283+
# scanners: "vuln"
284+
# format: "table"
285+
# output: "dependency_results_java.txt"
286+
# exit-code: "1"
287+
# - name: Generate and check golang SBOMs
288+
# if: ${{ steps.check_languages.outputs.uses_go == 'true' }}
289+
# uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
290+
# with:
291+
# scan-type: "fs"
292+
# scan-ref: "src/go.mod"
293+
# severity: "CRITICAL,HIGH"
294+
# scanners: "vuln"
295+
# format: "table"
296+
# output: "dependency_results_go.txt"
297+
# exit-code: "1"
298+
# trivy-config: trivy.yaml
299299
- name: Show scan output
300300
if: always()
301301
run: |
302-
if [ -f dependency_results_python.txt ]; then
303-
cat dependency_results_python.txt
304-
fi
305-
if [ -f dependency_results_node.txt ]; then
306-
cat dependency_results_node.txt
307-
fi
308-
if [ -f dependency_results_java.txt ]; then
309-
cat dependency_results_java.txt
310-
fi
311-
if [ -f dependency_results_go.txt ]; then
312-
cat dependency_results_go.txt
313-
fi
302+
cat dependency_results.txt
314303
- name: "check is SONAR_TOKEN exists"
315304
env:
316305
super_secret: ${{ secrets.SONAR_TOKEN }}

0 commit comments

Comments
 (0)