From 5e1bc35f67984f87a4662424b85e0f8225ce2cd0 Mon Sep 17 00:00:00 2001 From: Zain Nasir Date: Mon, 13 Jan 2025 10:48:29 -0500 Subject: [PATCH 1/2] Log docker scout reports in circleci steps --- .circleci/config.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 3d0dfeba7e8..30872672ebe 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -435,11 +435,15 @@ jobs: IMAGE=$BASE_REPO:master-web-shenandoah docker pull $IMAGE docker-scout cves $IMAGE --format sbom | jq -r "[.vulnerabilities[].vulnerabilities[] | $OUTPUT_FORMAT] | $SORT" > master_report.sbom + echo "Docker Scout Report for Master" + cat master_report.sbom | jq - run: name: Run Docker Scout on PR command: | IMAGE=$DEV_REPO:$CIRCLE_SHA1-web-shenandoah docker-scout cves $IMAGE --format sbom | jq -r "[.vulnerabilities[].vulnerabilities[] | $OUTPUT_FORMAT] | $SORT" > pr_report.sbom + echo "Docker Scout Report for PR" + cat pr_report.sbom | jq - run: name: Analyze and report results command: | From 003fd14279fe131629209d6dac9ab30e0d694a07 Mon Sep 17 00:00:00 2001 From: Zain Nasir Date: Mon, 13 Jan 2025 10:52:53 -0500 Subject: [PATCH 2/2] save docker scout reports as artifacts --- .circleci/config.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 30872672ebe..04637a5e1ae 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -455,8 +455,13 @@ jobs: exit 1 else echo "No new vulnerabilities found!" + echo "Individual reports for master and pr have been saved under the Artifacts tab." exit 0 fi + - store_artifacts: + path: /tmp/repos/master_report.sbom + - store_artifacts: + path: /tmp/repos/pr_report.sbom workflows: end_to_end_tests: