From bc330dfaeaa706f3a462e48c32288ca9ea066993 Mon Sep 17 00:00:00 2001 From: borislavr Date: Tue, 18 Feb 2025 16:00:33 +0300 Subject: [PATCH 1/3] feat: Add CDXGen workflow template for SBOM generation and vulnerability scanning --- workflow-templates/cdxgen.json | 20 ++++++++++++++++++++ workflow-templates/cdxgen.yaml | 24 ++++++++++++++++++++++++ 2 files changed, 44 insertions(+) create mode 100644 workflow-templates/cdxgen.json create mode 100644 workflow-templates/cdxgen.yaml diff --git a/workflow-templates/cdxgen.json b/workflow-templates/cdxgen.json new file mode 100644 index 0000000..3e5ae81 --- /dev/null +++ b/workflow-templates/cdxgen.json @@ -0,0 +1,20 @@ +{ + "name": "CDXGen", + "description": "Generate SBOM file by CDXGen and vulnerability Scan report by CyclonDX.", + "categories": [ + "Go", + "Maven", + "Pthon", + "Docker", + "Automation", + "utilities" + ], + "filePatterns": [ + "*/**/go.mod", + "*/**/pom.xml", + "*/**/requirements.txt", + "*/**/Dockerfile", + "*/**/pyproject.toml" + ], + "labels": [ "preview"] + } \ No newline at end of file diff --git a/workflow-templates/cdxgen.yaml b/workflow-templates/cdxgen.yaml new file mode 100644 index 0000000..c8a3969 --- /dev/null +++ b/workflow-templates/cdxgen.yaml @@ -0,0 +1,24 @@ +--- + +# Please provide the project_type as a parameter to the action +# The project_type can be one of the following: +# - docker (not supported yet) +# - go +# - maven +# - python + +name: 'CDXGen' +on: + workflow_dispatch: + push: + branches: + - 'main' + +jobs: + cdxgen: + runs-on: ubuntu-latest + steps: + - name: "cdxgen" + uses: netcracker/qubership-workflow-hub/actions/cdxgen@main + with: + project_type: "" \ No newline at end of file From 2ac080149356f44d185fd14f053ab7f757420eda Mon Sep 17 00:00:00 2001 From: Boris Lavrishchev Date: Tue, 18 Feb 2025 16:46:54 +0300 Subject: [PATCH 2/3] chore: Update cdxgen.yaml docker -> dockerfile --- workflow-templates/cdxgen.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/workflow-templates/cdxgen.yaml b/workflow-templates/cdxgen.yaml index c8a3969..df51261 100644 --- a/workflow-templates/cdxgen.yaml +++ b/workflow-templates/cdxgen.yaml @@ -2,7 +2,7 @@ # Please provide the project_type as a parameter to the action # The project_type can be one of the following: -# - docker (not supported yet) +# - dockerfile # - go # - maven # - python @@ -21,4 +21,4 @@ jobs: - name: "cdxgen" uses: netcracker/qubership-workflow-hub/actions/cdxgen@main with: - project_type: "" \ No newline at end of file + project_type: "" From 961825dbcb48edb993712d83e548cf9280253711 Mon Sep 17 00:00:00 2001 From: borislavr Date: Wed, 19 Feb 2025 11:06:36 +0300 Subject: [PATCH 3/3] docs: Update CDXGen workflow template with usage instructions and trigger details --- workflow-templates/cdxgen.yaml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/workflow-templates/cdxgen.yaml b/workflow-templates/cdxgen.yaml index df51261..695a443 100644 --- a/workflow-templates/cdxgen.yaml +++ b/workflow-templates/cdxgen.yaml @@ -1,11 +1,9 @@ --- -# Please provide the project_type as a parameter to the action -# The project_type can be one of the following: -# - dockerfile -# - go -# - maven -# - python +# The workflow will generate the SBOM file for the repository +# and vulerability scan report for the SBOM file using CycloneDX +# The workflow will run on push to main branch and manually triggered workflows +# The results will be stored in the action artifacts name: 'CDXGen' on: @@ -20,5 +18,3 @@ jobs: steps: - name: "cdxgen" uses: netcracker/qubership-workflow-hub/actions/cdxgen@main - with: - project_type: ""