workflow sbom

Author: saiyam1814

.github/workflows/sbom-pipeline.yaml

@@ -0,0 +1,30 @@
+name: Generate SBOM
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  generate-sbom:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v3
+
+      - name: Install Trivy
+        run: |
+          curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh
+          sudo mv bin/trivy /usr/local/bin
+
+      - name: Generate SBOM
+        run: |
+          IMAGE="registry.k8s.io/kube-apiserver:v1.32.0"
+          trivy image --format cyclonedx --output sbom-${{ github.sha }}.json $IMAGE
+
+      - name: Upload SBOM Artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: sbom
+          path: sbom-${{ github.sha }}.json
+

kube-bench/commands.md

@@ -0,0 +1,9 @@
+curl -L https://github.com/aquasecurity/kube-bench/releases/download/v0.9.0/kube-bench_0.9.0_linux_amd64.deb -o kube-bench_0.9.0_linux_amd64.deb
+
+sudo apt install ./kube-bench_0.9.0_linux_amd64.deb -f
+
+kube-bench
+
+docker run --pid=host -v /etc:/etc:ro -v /var:/var:ro -v $(which kubectl):/usr/local/mount-from-host/bin/kubectl -v ~/.kube:/.kube -e KUBECONFIG=/.kube/config -t aquasec/kube-bench:latest run --targets=master
+
+docker run --pid=host -v /etc:/etc:ro -v /var:/var:ro -v $(which kubectl):/usr/local/mount-from-host/bin/kubectl -v ~/.kube:/.kube -e KUBECONFIG=/.kube/config -t aquasec/kube-bench:latest run --targets=node