tmp test new vdb

cerrussell · cerrussell · commit c1a7dc711fac · 2024-11-12T12:05:27.000-05:00
Signed-off-by: Caroline Russell &lt;caroline@appthreat.dev&gt;
diff --git a/.github/workflows/pythonpublish.yml b/.github/workflows/pythonpublish.yml
@@ -33,37 +33,53 @@ jobs:
       id-token: write
     steps:
       - uses: actions/checkout@v4
+
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
           python-version: '3.11'
+
       - name: Set up Node.js
         uses: actions/setup-node@v3
         with:
           node-version: '20'
+
       - name: Install dependencies
         run: |
           python3 -m pip install --upgrade pip
           python3 -m pip install setuptools wheel twine build
-      - name: Create Release
-        id: create_release
-        if: startsWith(github.ref, 'refs/tags/')
-        uses: softprops/action-gh-release@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Build
         run: |
           python3 -m build
+
       - name: Publish package distributions to PyPI
         if: startsWith(github.ref, 'refs/tags/')
         uses: pypa/gh-action-pypi-publish@release/v1
+
       - name: Setup nydus
         run: |
           curl -LO https://github.com/dragonflyoss/nydus/releases/download/v2.2.4/nydus-static-v2.2.4-linux-amd64.tgz
           tar -xvf nydus-static-v2.2.4-linux-amd64.tgz
           chmod +x nydus-static/*
           mv nydus-static/* /usr/local/bin/
           rm -rf nydus-static-v2.2.4-linux-amd64.tgz nydus-static
+
+      - name: Generate SBOM with cdxgen
+        run: |
+          npm install -g @cyclonedx/cdxgen
+          cdxgen -t python -o bom.json . --profile research
+
+      - name: Create Release
+        id: create_release
+        if: startsWith(github.ref, 'refs/tags/')
+        uses: softprops/action-gh-release@v2
+        with:
+          files: |
+            bom.json
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
@@ -94,6 +110,7 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha,scope=depscan
           cache-to: type=gha,mode=max,scope=depscan
+
       - name: nydusify
         run: |
           nydusify convert --oci --oci-ref --source ghcr.io/owasp-dep-scan/depscan:master --target ghcr.io/owasp-dep-scan/depscan:master-nydus --prefetch-dir /opt/dep-scan
diff --git a/.github/workflows/snapshot_tests.yml b/.github/workflows/snapshot_tests.yml
@@ -32,6 +32,10 @@ jobs:
            python -m venv .venv
            source .venv/bin/activate
            pip install .
+           git clone https://github.com/AppThreat/vulnerability-db.git /home/runner/work/vdb
+           cd /home/runner/work/vdb
+           git checkout feature/cvss4
+           pip install .
 
       - name: Cache vdb
         id: cache-vdb
