fix: sbom-generate - inclure node_modules pour SBOM complet
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Retirer l'exclusion des node_modules permet a Syft de scanner les paquets reellement installes (transitifs inclus). Seuls les artefacts de build sont exclus (build/, .next/, out/). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
syoul
@@ -87,7 +87,7 @@ steps:
|
||||
- apk add --no-cache curl
|
||||
- curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin latest
|
||||
- mkdir -p .reports
|
||||
- syft dir:. --exclude './node_modules' --exclude './radar-app/node_modules' --exclude './.next' --exclude './build' -o cyclonedx-json --file .reports/sbom-radar.cyclonedx.json
|
||||
- syft dir:. --exclude './build' --exclude './radar-app/.next' --exclude './radar-app/out' -o cyclonedx-json --file .reports/sbom-radar.cyclonedx.json
|
||||
- echo "SBOM genere $(wc -c < .reports/sbom-radar.cyclonedx.json) octets"
|
||||
|
||||
# Etape 3b : Scan CVE (Trivy) depuis le SBOM Syft
|
||||
|
||||
Reference in New Issue
Block a user