@greenarmor/ges-cicd-generator 0.6.0 → 0.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/index.d.ts +1 -0
  2. package/dist/index.js +56 -0
  3. package/package.json +2 -2
package/dist/index.d.ts CHANGED
@@ -7,4 +7,5 @@ export declare function generateComplianceWorkflow(config: ProjectConfig): Workf
7
7
  export declare function generateSecurityWorkflow(config: ProjectConfig): WorkflowFile;
8
8
  export declare function generateDependencyScanWorkflow(config: ProjectConfig): WorkflowFile;
9
9
  export declare function generateSecretScanWorkflow(config: ProjectConfig): WorkflowFile;
10
+ export declare function generateSbomWorkflow(config: ProjectConfig): WorkflowFile;
10
11
  export declare function generateAllWorkflows(config: ProjectConfig): WorkflowFile[];
package/dist/index.js CHANGED
@@ -157,11 +157,67 @@ jobs:
157
157
  `,
158
158
  };
159
159
  }
160
+ export function generateSbomWorkflow(config) {
161
+ return {
162
+ filePath: path.join(".github", "workflows", "sbom-scan.yml"),
163
+ content: `name: SBOM Generation & Scan
164
+
165
+ on:
166
+ push:
167
+ branches: [main, develop]
168
+ pull_request:
169
+ branches: [main]
170
+ schedule:
171
+ - cron: '0 6 * * 1'
172
+
173
+ jobs:
174
+ sbom:
175
+ runs-on: ubuntu-latest
176
+ steps:
177
+ - uses: actions/checkout@v4
178
+
179
+ - name: Generate SBOM with Syft
180
+ uses: anchore/sbom-action@v0
181
+ with:
182
+ image: ""
183
+ path: .
184
+ format: cyclonedx-json
185
+ output-file: sbom.json
186
+ fail-build: false
187
+
188
+ - name: Scan SBOM for vulnerabilities with Grype
189
+ uses: anchore/scan-action@v6
190
+ with:
191
+ sbom: sbom.json
192
+ fail-build: true
193
+ severity-cutoff: high
194
+
195
+ - name: Generate SBOM with Trivy
196
+ uses: aquasecurity/trivy-action@master
197
+ with:
198
+ scan-type: 'fs'
199
+ scan-ref: '.'
200
+ format: 'cyclonedx'
201
+ output: 'trivy-sbom.json'
202
+
203
+ - name: Upload SBOM artifacts
204
+ if: always()
205
+ uses: actions/upload-artifact@v4
206
+ with:
207
+ name: sbom-artifacts
208
+ path: |
209
+ sbom.json
210
+ trivy-sbom.json
211
+ retention-days: 90
212
+ `,
213
+ };
214
+ }
160
215
  export function generateAllWorkflows(config) {
161
216
  return [
162
217
  generateComplianceWorkflow(config),
163
218
  generateSecurityWorkflow(config),
164
219
  generateDependencyScanWorkflow(config),
165
220
  generateSecretScanWorkflow(config),
221
+ generateSbomWorkflow(config),
166
222
  ];
167
223
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@greenarmor/ges-cicd-generator",
3
- "version": "0.6.0",
3
+ "version": "0.6.2",
4
4
  "type": "module",
5
5
  "description": "GESF CI/CD Generator - GitHub Actions workflow generation",
6
6
  "main": "./dist/index.js",
@@ -12,7 +12,7 @@
12
12
  }
13
13
  },
14
14
  "dependencies": {
15
- "@greenarmor/ges-core": "0.6.0"
15
+ "@greenarmor/ges-core": "0.6.2"
16
16
  },
17
17
  "devDependencies": {
18
18
  "typescript": "^6.0.0",