RobotControlApps/.github/workflows/sbom-python-apps.yml at master · CommonplaceRobotics/RobotControlApps · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
name: Generate SBOMs for python apps

on:
  push:
    branches: [ "master", "v14-006-7" ]
  pull_request:
    branches: [ "master", "v14-006-7" ]

permissions:
  contents: read

jobs:
  build:

    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v6
    - name: Set up Python 3.x
      uses: actions/setup-python@v6
      with:
        python-version: "3.x"
    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install cyclonedx-bom
    - name: Create output directory
      run: |
        mkdir ~/output

    - name: MathTools - Generate SBOM
      working-directory: ./MathTools
      run: |
        python -m cyclonedx_py requirements > ~/output/MathTools.json

    - name: PositionLogger - Generate SBOM
      working-directory: ./PositionLogger
      run: |
        python -m cyclonedx_py requirements > ~/output/PositionLogger.json

    - name: ControlApp - Generate SBOM
      working-directory: ./control_python
      run: |
        python -m cyclonedx_py requirements > ~/output/control_python.json

    - name: MinimalApp - Generate SBOM
      working-directory: ./minimal_python
      run: |
        python -m cyclonedx_py requirements > ~/output/minimal_python.json

    - name: MonitorApp - Generate SBOM
      working-directory: ./monitor_python
      run: |
        python -m cyclonedx_py requirements > ~/output/monitor_python.json

    # export
    - uses: actions/upload-artifact@v6
      with:
        name: SBOMs
        path: ~/output/

    # Scan SBOMs for vulnerabilities
    - name: MathTools - Scan for vulnerabilities
      uses: anchore/scan-action@v7
      with:
        sbom: ~/output/MathTools.json

    - name: PositionLogger - Scan for vulnerabilities
      uses: anchore/scan-action@v7
      with:
        sbom: ~/output/PositionLogger.json

    - name: ControlApp - Scan for vulnerabilities
      uses: anchore/scan-action@v7
      with:
        sbom: ~/output/control_python.json

    - name: MinimalApp - Scan for vulnerabilities
      uses: anchore/scan-action@v7
      with:
        sbom: ~/output/minimal_python.json

    - name: MonitorApp - Scan for vulnerabilities
      uses: anchore/scan-action@v7
      with:
        sbom: ~/output/monitor_python.json