@@ -2,15 +2,15 @@ name: Generate ORT package-file.yml with ScanCode.io and load into ORT
22
33# This workflow:
44# 1. Analyze a Docker image using ScanCode.io
5- # 1 . Generates an ORT `package-file.yml` from the project results
6- # 2 . Generates an ORT `analyzer-result.yml` using create-analyzer-result-from-package-list
7- # 3 . Run the ORT report on `analyzer-result.yml` to generate a CycloneDX and SpdxDocument
5+ # 2 . Generates an ORT `package-file.yml` from the SCIO project results
6+ # 3 . Generates an ORT `analyzer-result.yml` using create-analyzer-result-from-package-list
7+ # 4 . Run the ORT report on `analyzer-result.yml` to generate a CycloneDX and SpdxDocument
88
99on :
1010 workflow_dispatch :
11- # schedule:
12- # # Run once a week (every 7 days) at 00:00 UTC on Sunday
13- # - cron: "0 0 * * 0"
11+ schedule :
12+ # Run once a week (every 7 days) at 00:00 UTC on Sunday
13+ - cron : " 0 0 * * 0"
1414 pull_request :
1515 push :
1616 branches :
6262 --output-dir /data/results/ \
6363 --report-formats CycloneDX,SpdxDocument
6464
65- name : DEBUG
66- run : ls -la ${GITHUB_WORKSPACE}/ort-data/results
67-
6865name : Upload SBOMs as GitHub Artifact
6966 uses : actions/upload-artifact@v4
7067 with :
7168 name : ort-report
7269 path : " ${GITHUB_WORKSPACE}/ort-data/results"
7370 retention-days : 20
74-
75- - name : Import SBOM into ScanCode.io
76- uses : aboutcode-org/scancode-action@main
77- with :
78- pipelines : " load_sbom"
79- inputs-path : " ${GITHUB_WORKSPACE}/ort-data/results/bom.cyclonedx.json"
80- scancodeio-repo-branch : " main"
81-
82- - name : Verify SBOM Analysis Results in ScanCode.io
83- shell : bash
84- run : |
85- scanpipe shell --command "from scanpipe.models import DiscoveredPackage, DiscoveredDependency; package_manager = DiscoveredPackage.objects; print(package_manager.count()); print(package_manager.vulnerable().count()); print(DiscoveredDependency.objects.count())"
0 commit comments