Skip to content
Create SBOM

final patches #19

Sign in to view logs

final patches

final patches #19

Workflow file for this run

.github/workflows/actions.yml at bfa75aa
# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python
name: Create SBOM
on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
jobs:
create_sbom:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Python 3.11
uses: actions/setup-python@v3
with:
python-version: 3.11
- name: Install dependencies
run: |
sudo apt-get install jq
python -m pip install --upgrade pip
pip install owasp-depscan
pip install sbomgen
- name: Generate SBOM
run: |
sbomgen -p ${{ github.workspace }}/ -f json
# jq . ${{ github.workspace }}/sbom.json
depscan --bom ${{ github.workspace }}/sbom.json -o ${{ github.workspace }}/vulRep.html
- name: Upload SBOM
uses: actions/upload-artifact@v4
with:
name: sbom-${{ github.run_id }}-${{ github.run_number }}.json
path: ${{ github.workspace }}/sbom.json
- name: Upload vdr
uses: actions/upload-artifact@v4
with:
name: vulRep-${{ github.run_id }}-${{ github.run_number }}.vdr.json
path: ${{ github.workspace }}/sbom.vdr.json
- name: Upload html
uses: actions/upload-artifact@v4
with:
name: vulRep-${{ github.run_id }}-${{ github.run_number }}.html
path: ${{ github.workspace }}/vulRep.html
- name: Debug File Paths
run: ls -lah ${{ github.workspace }}/
- name: Current Date and Time
id: date
run: echo "current_date=$(date +'%Y-%m-%d %H:%M:%S %Z')" >> $GITHUB_OUTPUT
- name: Mail Notification
uses: dawidd6/action-send-mail@v3
with:
server_address: smtp.gmail.com
server_port: 587
username: ${{ secrets.GMAIL_USERNAME }}
password: ${{ secrets.GMAIL_PASSWORD }}
to: divyanshbisht2005@gmail.com
from: divyanshbisht2005@gmail.com
subject: "Security Report Generated: ${{ github.repository }} - Run #${{ github.run_number }}"
html_body: |
<html>
<body style="font-family: Arial, sans-serif; line-height: 1.6;">
<p>Hello,</p>
<p>A new security report has been generated for the repository: <strong><code>${{ github.repository }}</code></strong>.</p>
<h3>Details:</h3>
<ul>
<li><strong>Workflow Run ID:</strong> <code>${{ github.run_id }}</code></li>
<li><strong>Workflow Run Number:</strong> <code>${{ github.run_number }}</code></li>
<li><strong>Commit SHA:</strong> <code>${{ github.sha }}</code></li>
<li><strong>Branch:</strong> <code>${{ github.ref_name }}</code></li>
<li><strong>Generated At:</strong><code>${{ steps.date.outputs.current_date }}</code></li>
</ul>
<p>The following artifacts have been uploaded to this workflow run and can
be downloaded from the "Summary" tab of the workflow run on GitHub:</p>
<ul>
<li><strong>SBOM (Software Bill of Materials):</strong> <code>sbom-${{ github.run_id }}-${{ github.run_number }}.json</code></li>
<li><strong>Vulnerability Disclosure Report (if generated):</strong> <code>vulRep-${{ github.run_id }}-${{ github.run_number }}.vdr.json</code></li>
<li><strong>HTML Vulnerability Report:</strong> <code>vulRep-${{ github.run_id }}-${{ github.run_number }}.html</code></li>
</ul>
<p>Please log in to SBOMGen or <a href="https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}">GitHub</a> to review the generated reports.</p>
<p>Best regards,<br>
Team SBOMGen</p>
</body>
</html>
# - name: Install Dependency
# run: |
# sudo apt-get install -y wkhtmltopdf
# - name: Generate PDFs
# run: |
# if [ -f "${{ github.workspace }}/sbom.json" ]; then
# cat ${{ github.workspace }}/sbom.json | jq '.' > ${{ github.workspace }}/sbom_pretty.json
# echo "<html><body><pre>$(cat ${{ github.workspace }}/sbom_pretty.json)</pre></body></html>" > ${{ github.workspace }}/sbom.html
# # Removed --enable-local-file-access as it's just a local file
# wkhtmltopdf "${{ github.workspace }}/sbom.html" "${{ github.workspace }}/sbom.pdf"
# else
# echo "sbom.json not found, skipping SBOM PDF generation."
# fi
# if [ -f "${{ github.workspace }}/sbom.vdr.json" ]; then
# cat ${{ github.workspace }}/sbom.vdr.json | jq '.' > ${{ github.workspace }}/sbomv_pretty.json
# echo "<html><body><pre>$(cat ${{ github.workspace }}/sbomv_pretty.json)</pre></body></html>" > ${{ github.workspace }}/sbomv.html
# wkhtmltopdf "${{ github.workspace }}/sbomv.html" "${{ github.workspace }}/sbomv.pdf"
# else
# echo "sbom.vdr.json not found, skipping VDR PDF generation."
# touch ${{ github.workspace }}/sbomv.pdf
# fi
# if [ -f "${{ github.workspace }}/vulRep.html" ]; then
# wkhtmltopdf --disable-javascript --enable-local-file-access "${{ github.workspace }}/vulRep.html" "${{ github.workspace }}/vulRep.pdf"
# else
# echo "vulRep.html not found, skipping HTML report PDF generation."
# touch ${{ github.workspace }}/vulRep.pdf
# fi
# - name: Mail Reports
# uses: dawidd6/action-send-mail@v3
# with:
# server_address: smtp.gmail.com
# server_port: 587
# username: ${{ secrets.GMAIL_USERNAME }}
# password: ${{ secrets.GMAIL_PASSWORD }}
# to: divijs75@gmail.com, divyanshbisht2005@gmail.com, akashsah2003@gmail.com
# from: divyanshbisht2005@gmail.com
# subject: "Latest security reports"
# body: Please find the latest security reports
# attachments: ${{ github.workspace }}/sbom.pdf, ${{ github.workspace }}/sbomv.pdf, ${{ github.workspace }}/vulRep.pdf