new CI workflow template

Author: patrickmoore-nc

.github/actions/create-sbom-report/action.yaml

@@ -1,5 +1,8 @@
 name: Software Bill of Materials Report
+<<<<<<< HEAD
 description: Generates and uploads an SBOM report for the specified Docker image.
+=======
+>>>>>>> e78d94f (new CI workflow template)
 
 inputs:
   build_datetime:
@@ -8,10 +11,17 @@ inputs:
   build_timestamp:
     description: Build timestamp, set by the CI/CD pipeline workflow
     required: true
+<<<<<<< HEAD
+=======
+  project_name:
+    description: Project Name
+    required: true
+>>>>>>> e78d94f (new CI workflow template)
   image_name:
     description: Docker Image to be scanned
     required: true
 
+<<<<<<< HEAD
 outputs:
   sbom_repository_report:
     value: ${{ steps.report.outputs.sbom_repository_report }}
@@ -31,10 +41,30 @@ runs:
         mkdir sbom
         echo "sbom_repository_report=${SBOM_REPOSITORY_REPORT}" >> ${GITHUB_OUTPUT}
         bash ${GITHUB_WORKSPACE}/templates/scripts/reports/create-sbom-report.sh
+=======
+runs:
+  using: composite
+  env: 
+    BUILD_DATETIME: ${{ inputs.build_datetime }}
+    SBOM_REPOSITORY_REPORT: sbom/sbom-${{ inputs.image_name }}-repository-report
+    CHECK_DOCKER_IMAGE: ${{ inputs.project_name }}-${{ inputs.image_name }}:latest
+    FORCE_USE_DOCKER: true
+  steps:
+    - name: Create SBOM report
+      run: |
+        mkdir sbom
+        echo "sbom_repository_report=${SBOM_REPOSITORY_REPORT}" >> ${GITHUB_OUTPUT}
+        ${GITHUB_WORKSPACE}/templates/scripts/reports/create-sbom-report.sh
+>>>>>>> e78d94f (new CI workflow template)
 
     - name: Upload SBOM report as an artefact
       uses: actions/upload-artifact@v4
       with:
+<<<<<<< HEAD
         name: ${{ inputs.image_name }}-sbom
         path: ${{ inputs.image_name }}-sbom.json
+=======
+        name: sbom-${{ inputs.image_name }}-repository-report.json
+        path: ${{ env.SBOM_REPOSITORY_REPORT }}.json
+>>>>>>> e78d94f (new CI workflow template)
         retention-days: 21

.github/actions/scan-vulnerabilities/action.yaml

@@ -1,5 +1,8 @@
 name: Vulnerabilities Report
+<<<<<<< HEAD
 description: Generates and uploads a vulnerability report from an SBOM for the given image.
+=======
+>>>>>>> e78d94f (new CI workflow template)
 
 inputs:
   build_datetime:
@@ -8,11 +11,18 @@ inputs:
   build_timestamp:
     description: Build timestamp, set by the CI/CD pipeline workflow
     required: true
+<<<<<<< HEAD
+=======
+  project_name:
+    description: Project Name
+    required: true
+>>>>>>> e78d94f (new CI workflow template)
   image_name:
     description: Docker Image to be scanned
     required: true
   sbom_repository_report:
     description: File path of SBOM report
+<<<<<<< HEAD
     required: true
 
 runs:
@@ -28,13 +38,32 @@ runs:
         VULNERABILITIES_REPOSITORY_REPORT: ${{ inputs.image_name }}-vulnerabilities-repository-report
         VULNERABILITIES_SUMMARY_LOGFILE: ${{ inputs.image_name }}-vulnerabilities-summary.txt
         SBOM_REPOSITORY_REPORT: ${{ inputs.sbom_repository_report }}
+=======
+    required: true   
+
+runs:
+  using: composite
+  env: 
+    BUILD_DATETIME: ${{ inputs.build_datetime }}
+    CHECK_DOCKER_IMAGE: ${{ inputs.project_name }}-${{ inputs.image_name }}:latest
+    FORCE_USE_DOCKER: true
+    VULNERABILITIES_REPOSITORY_REPORT: ${{ inputs.image_name }}-vulnerabilities-repository-report
+    VULNERABILITIES_SUMMARY_LOGFILE: ${{ inputs.image_name }}-vulnerabilities-summary.txt
+    SBOM_REPOSITORY_REPORT: {{ inputs.sbom_repository_report }}
+  steps:
+    - name: Create vulnerabilites report
+>>>>>>> e78d94f (new CI workflow template)
       run: |
         mkdir vulnerabilities
         bash -x ${GITHUB_WORKSPACE}/templates/scripts/reports/scan-vulnerabilities.sh
         curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sudo sh -s -- -b /usr/local/bin
+<<<<<<< HEAD
 
         SCAN_RESULTS=$(grype "${CHECK_DOCKER_IMAGE}" --scope all-layers)
         echo "${SCAN_RESULTS}" > "vulnerabilities/${VULNERABILITIES_REPOSITORY_REPORT}.json"
+=======
+        SCAN_RESULTS=$(grype "${{ inputs.image_name }}:latest" --scope all-layers)
+>>>>>>> e78d94f (new CI workflow template)
 
         # ANSI color codes
         RED="\033[0;31m"
@@ -46,6 +75,7 @@ runs:
         for SEVERITY in CRITICAL HIGH MEDIUM; do
           {
             echo
+<<<<<<< HEAD
             echo "${CHECK_DOCKER_IMAGE}: vulnerabilities"
             echo -e "=== ${RED}${SEVERITY}${RESET} Vulnerabilities list ==="
             # If grep finds nothing, we print a fallback message
@@ -60,4 +90,20 @@ runs:
         path: |
           vulnerabilities/${{ inputs.image_name }}-vulnerabilities-repository-report.json
           vulnerabilities/${{ inputs.image_name }}-vulnerabilities-summary.txt
+=======
+            echo "${{ inputs.image_name }}: vulnerabilities"
+            echo -e "=== ${RED}${SEVERITY}${RESET} Vulnerabilities list ==="
+            # If grep finds nothing, we print a fallback message
+            echo "${SCAN_RESULTS}" | grep -i "${SEVERITY}" || echo "No ${SEVERITY} vulnerabilities found."
+          } | tee -a "vunerabilities/${VULNERABILITIES_SUMMARY_LOGFILE}"
+        done
+
+    - name: Upload vulnerabilities report
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ env.VULNERABILITIES_REPOSITORY_REPORT }}.json
+        path: |
+          vulnerabilities/${{ env.VULNERABILITIES_REPOSITORY_REPORT }}.json
+          vulnerabilities/${{ env.VULNERABILITIES_SUMMARY_LOGFILE }}.json
+>>>>>>> e78d94f (new CI workflow template)
         retention-days: 21