Pushing bitbucket pipelines.

ForAllSecure · Nov 25, 2024 · 8833f99 · 8833f99
1 parent 6589886
commit 8833f99
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 10 deletions.
diff --git a/pipelines/bitbucket/api/mayhem.yml b/pipelines/bitbucket/api/mayhem.yml
@@ -2,9 +2,9 @@
 
 pipelines:
   custom:
-    api-testing:
+    api-mayhem:
       - step:
-          name: 'API Security Testing'
+          name: 'API Testing with Mayhem'
           script:
             # Install the Mayhem CLI
             - curl -O https://app.mayhem.security/cli/mapi/linux-musl/latest/mapi && chmod +x ./mapi

diff --git a/pipelines/bitbucket/sbom/trivy_mayhem.yml b/pipelines/bitbucket/sbom/trivy_mayhem.yml
@@ -0,0 +1,24 @@
+# Scan a docker image -> get a SBOM/SCA report with Trivy + Mayhem
+
+pipelines:
+  custom:
+    dynamic-sbom-sca-trivy-mayhem:
+      - step:
+          name: 'Dynamic SBOM'
+          image: ethan42/mdsbom:1
+          script:
+            - sleep 5  # wait for docker daemon to come up
+            - docker ps
+            - echo -e '[sync]\n    api_token = "'$MAYHEM_TOKEN'"\n    upstream_url = "https://app.mayhem.security"\n    workspace = "forallsecure"\n' > /etc/mdsbom/config.toml
+            - mdsbom --version
+            # Login to Mayhem
+            - mdsbom login $MAYHEM_URL $MAYHEM_TOKEN
+            # Run the target image for 10 seconds
+            - timeout -s 2 10 docker run --rm $TARGET_IMAGE
+            - sleep 30
+            # Generate Dynamic SBOM/SCA reports
+            - mdsbom trivy $TARGET_IMAGE --workspace forallsecure --sca-summary-csv dynamic_sbom_sca_trivy_mayhem.csv --sbom-summary-csv dynamic_sbom_sca_trivy.csv
+          artifacts:
+            - dynamic_sbom_sca_trivy_mayhem.csv
+            - dynamic_sbom_sca_trivy.csv
+
diff --git a/pipelines/gitlab/sbom/trivy_mayhem.yml b/pipelines/gitlab/sbom/trivy_mayhem.yml
@@ -20,20 +20,20 @@ sbom-sca-trivy-mayhem:
         # Allow service to start
         - sleep 5
         # Generate Trivy report
-        - trivy image --format template --template "@gitlab.tpl" -o trivy.json redis:latest
+        - trivy image --format template --template "@gitlab.tpl" -o trivy.json $TARGET_IMAGE
         # Login to Mayhem
         - mdsbom login $MAYHEM_URL $MAYHEM_TOKEN
-        # Run redis service
+        # Run the target image for 10 seconds
         - timeout -s 2 10 docker run --rm $TARGET_IMAGE
         - sleep 30
         # Generate Dynamic SBOM/SCA reports
-        - mdsbom trivy $TARGET_IMAGE --workspace forallsecure --sca-summary-csv dynamic_sca_trivy.csv --sbom-summary-csv dynamic_sbom_trivy.csv
+        - mdsbom trivy $TARGET_IMAGE --workspace forallsecure --sca-summary-csv dynamic_sbom_sca_trivy_mayhem.csv --sbom-summary-csv dynamic_sbom_sca_trivy.csv
         # Postprocess Trivy report to mark remediated vulnerabilities
-        - ./postprocess.py trivy.json dynamic_sca_trivy.csv gl-container-scanning-report.json
+        - ./postprocess.py trivy.json dynamic_sbom_sca_trivy_mayhem.csv gl-sbom-sca-trivy-mayhem-report.json
     artifacts:
         paths:
-            - dynamic_sca_trivy.csv
-            - dynamic_sbom_trivy.csv
-            - gl-container-scanning-report.json
+            - dynamic_sbom_sca_trivy_mayhem.csv
+            - dynamic_sbom_sca_trivy.csv
+            - gl-sbom-sca-trivy-mayhem-report.json
         reports:
-            container_scanning: gl-container-scanning-report.json
+            container_scanning: gl-sbom-sca-trivy-mayhem-report.json