@@ -182,54 +182,64 @@ jobs:
182182 severity : " CRITICAL,HIGH"
183183 scanners : " license"
184184 format : " table"
185- output : " license_scan.txt"
185+ output : " license_scan_python.txt"
186+ exit-code : " 1"
187+ list-all-pkgs : " false"
188+ trivy-config : trivy.yaml
189+ - name : Check node licenses
190+ uses : aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
191+ if : ${{ steps.check_languages.outputs.uses_node == 'true' }}
192+ with :
193+ scan-type : " fs"
194+ scan-ref : " package-lock.json"
195+ severity : " CRITICAL,HIGH"
196+ scanners : " license"
197+ format : " table"
198+ output : " license_scan_node.txt"
199+ exit-code : " 1"
200+ list-all-pkgs : " false"
201+ trivy-config : trivy.yaml
202+ - name : Check go licenses
203+ uses : aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
204+ if : ${{ steps.check_languages.outputs.uses_go == 'true' }}
205+ with :
206+ scan-type : " fs"
207+ scan-ref : " src/go.mod"
208+ severity : " CRITICAL,HIGH"
209+ scanners : " license"
210+ format : " table"
211+ output : " license_scan_go.txt"
212+ exit-code : " 1"
213+ list-all-pkgs : " false"
214+ trivy-config : trivy.yaml
215+ - name : Check java licenses
216+ uses : aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
217+ if : ${{ steps.check_languages.outputs.uses_java == 'true' }}
218+ with :
219+ scan-type : " fs"
220+ scan-ref : " pom.xml"
221+ severity : " CRITICAL,HIGH"
222+ scanners : " license"
223+ format : " table"
224+ output : " license_scan_java.txt"
186225 exit-code : " 1"
187226 list-all-pkgs : " false"
188227 trivy-config : trivy.yaml
189- version : " v0.68.2"
190- # - name: Check node licenses
191- # uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
192- # if: ${{ steps.check_languages.outputs.uses_node == 'true' }}
193- # with:
194- # scan-type: "fs"
195- # scan-ref: "package-lock.json"
196- # severity: "CRITICAL,HIGH"
197- # scanners: "license"
198- # format: "table"
199- # output: "license_scan_node.txt"
200- # exit-code: "1"
201- # list-all-pkgs: "false"
202- # trivy-config: trivy.yaml
203- # - name: Check go licenses
204- # uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
205- # if: ${{ steps.check_languages.outputs.uses_go == 'true' }}
206- # with:
207- # scan-type: "fs"
208- # scan-ref: "src/go.mod"
209- # severity: "CRITICAL,HIGH"
210- # scanners: "license"
211- # format: "table"
212- # output: "license_scan_go.txt"
213- # exit-code: "1"
214- # list-all-pkgs: "false"
215- # trivy-config: trivy.yaml
216- # - name: Check java licenses
217- # uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
218- # if: ${{ steps.check_languages.outputs.uses_java == 'true' }}
219- # with:
220- # scan-type: "fs"
221- # scan-ref: "pom.xml"
222- # severity: "CRITICAL,HIGH"
223- # scanners: "license"
224- # format: "table"
225- # output: "license_scan_java.txt"
226- # exit-code: "1"
227- # list-all-pkgs: "false"
228- # trivy-config: trivy.yaml
229228 - name : Show license scan output
230229 if : always()
231230 run : |
232- cat license_scan.txt
231+ if [ -f license_scan_python.txt ]; then
232+ cat license_scan_python.txt
233+ fi
234+ if [ -f license_scan_node.txt ]; then
235+ cat license_scan_node.txt
236+ fi
237+ if [ -f license_scan_go.txt ]; then
238+ cat license_scan_go.txt
239+ fi
240+ if [ -f license_scan_java.txt ]; then
241+ cat license_scan_java.txt
242+ fi
233243
234244name : Run code lint
235245 run : make lint
@@ -249,57 +259,68 @@ jobs:
249259name : Run unit tests
250260 run : make test
251261
252- - name : Generate and check SBOMs
262+ - name : Generate and check python SBOMs
253263 if : ${{ steps.check_languages.outputs.uses_poetry == 'true' }}
254264 uses : aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
255265 with :
256266 scan-type : " fs"
257- scan-ref : " . "
267+ scan-ref : " poetry.lock "
258268 severity : " CRITICAL,HIGH"
259269 scanners : " vuln"
260270 format : " table"
261- output : " dependency_results.txt"
271+ output : " dependency_results_python.txt"
272+ exit-code : " 1"
273+ trivy-config : trivy.yaml
274+ - name : Generate and check node SBOMs
275+ if : ${{ steps.check_languages.outputs.uses_node == 'true' }}
276+ uses : aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
277+ with :
278+ scan-type : " fs"
279+ scan-ref : " package-lock.json"
280+ severity : " CRITICAL,HIGH"
281+ scanners : " vuln"
282+ format : " table"
283+ output : " dependency_results_node.txt"
284+ exit-code : " 1"
285+ trivy-config : trivy.yaml
286+ - name : Generate and check java SBOMs
287+ if : ${{ steps.check_languages.outputs.uses_java == 'true' }}
288+ uses : aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
289+ with :
290+ scan-type : " fs"
291+ scan-ref : " pom.xml"
292+ severity : " CRITICAL,HIGH"
293+ scanners : " vuln"
294+ format : " table"
295+ output : " dependency_results_java.txt"
296+ exit-code : " 1"
297+ - name : Generate and check golang SBOMs
298+ if : ${{ steps.check_languages.outputs.uses_go == 'true' }}
299+ uses : aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
300+ with :
301+ scan-type : " fs"
302+ scan-ref : " src/go.mod"
303+ severity : " CRITICAL,HIGH"
304+ scanners : " vuln"
305+ format : " table"
306+ output : " dependency_results_go.txt"
262307 exit-code : " 1"
263308 trivy-config : trivy.yaml
264- # - name: Generate and check node SBOMs
265- # if: ${{ steps.check_languages.outputs.uses_node == 'true' }}
266- # uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
267- # with:
268- # scan-type: "fs"
269- # scan-ref: "package-lock.json"
270- # severity: "CRITICAL,HIGH"
271- # scanners: "vuln"
272- # format: "table"
273- # output: "dependency_results_node.txt"
274- # exit-code: "1"
275- # trivy-config: trivy.yaml
276- # - name: Generate and check java SBOMs
277- # if: ${{ steps.check_languages.outputs.uses_java == 'true' }}
278- # uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
279- # with:
280- # scan-type: "fs"
281- # scan-ref: "pom.xml"
282- # severity: "CRITICAL,HIGH"
283- # scanners: "vuln"
284- # format: "table"
285- # output: "dependency_results_java.txt"
286- # exit-code: "1"
287- # - name: Generate and check golang SBOMs
288- # if: ${{ steps.check_languages.outputs.uses_go == 'true' }}
289- # uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
290- # with:
291- # scan-type: "fs"
292- # scan-ref: "src/go.mod"
293- # severity: "CRITICAL,HIGH"
294- # scanners: "vuln"
295- # format: "table"
296- # output: "dependency_results_go.txt"
297- # exit-code: "1"
298- # trivy-config: trivy.yaml
299309 - name : Show scan output
300310 if : always()
301311 run : |
302- cat dependency_results.txt
312+ if [ -f dependency_results_python.txt ]; then
313+ cat dependency_results_python.txt
314+ fi
315+ if [ -f dependency_results_node.txt ]; then
316+ cat dependency_results_node.txt
317+ fi
318+ if [ -f dependency_results_java.txt ]; then
319+ cat dependency_results_java.txt
320+ fi
321+ if [ -f dependency_results_go.txt ]; then
322+ cat dependency_results_go.txt
323+ fi
303324name : " check is SONAR_TOKEN exists"
304325 env :
305326 super_secret : ${{ secrets.SONAR_TOKEN }}
0 commit comments