File tree Expand file tree Collapse file tree 1 file changed +29
-1
lines changed Expand file tree Collapse file tree 1 file changed +29
-1
lines changed Original file line number Diff line number Diff line change 2626
2727permissions :
2828 id-token : write
29- contents : read
29+ contents : write
3030 packages : read
3131
3232
@@ -164,3 +164,31 @@ jobs:
164164 git config user.name "Azory YData Bot"
165165 git commit -a -m "chore(bump): [CI] [DEV] bump ${{ env.COMPONENT }} to $VERSION"
166166 git push origin master
167+
168+
169+ static-analysis :
170+ name : Static Analysis
171+ runs-on :
172+ # - self-hosted
173+ # - large
174+ - ubuntu-22.04
175+
176+ steps :
177+ - uses : actions/checkout@v4
178+
179+ - name : Create SBOM
180+ uses : anchore/sbom-action@v0
181+ with :
182+ upload-artifact-retention : 1
183+ format : cyclonedx-json
184+ output-file : package-sbom.cyclonedx.json
185+
186+ - name : Configure AWS credentials
187+ uses : aws-actions/configure-aws-credentials@v4
188+ with :
189+ role-to-assume : ${{ secrets.AWS_S3_SBOMS_ROLE_ARN }}
190+ aws-region : ${{ env.AWS_S3_REGION }}
191+
192+ - name : Copy SBOM to S3
193+ run : |
194+ aws s3 cp package-sbom.cyclonedx.json s3://repos-sboms/${{ github.event.repository.name }}/package-sbom.cyclonedx.json
You can’t perform that action at this time.
0 commit comments