Skip to content

Added a script to perform sbom scanning #1632

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mcasperson merged 1 commit into from
Nov 2, 2025
Merged

Added a script to perform sbom scanning #1632

mcasperson merged 1 commit into from
Nov 2, 2025

Conversation

@mcasperson
Copy link
Contributor

@mcasperson mcasperson commented Nov 2, 2025
edited
Loading

Background

This PR adds a script to scan an SBOM using Trivy.

Pre-requisites

  • Id should be a GUID that is not 00000000-0000-0000-0000-000000000000
    • NOTE If you are modifying an existing step template, please make sure that you do not modify the Id property (updating the Id will break the Library sync functionality in Octopus).
  • Version should be incremented, otherwise the integration with Octopus won't update the step template correctly
  • Parameter names should not start with $
  • Step template parameter names (the ones declared in the JSON, not the script body) should be prefixed with a namespace so that they are less likely to clash with other user-defined variables in Octopus (see this issue). For example, use an abbreviated name of the step template or the category of the step template).
  • LastModifiedBy field must be present, and (optionally) updated with the correct author
  • The best practices documented here have been applied
  • If a new Category has been created:
    • An image with the name {categoryname}.png must be present under the step-templates/logos folder
    • The switch in the humanize function in gulpfile.babel.js must have a case statement corresponding to it

Fixes # . If there is an open issue that this PR fixes add it here, otherwise just remove this line

@github-actions
Copy link

github-actions bot commented Nov 2, 2025

Start Hyponome locally

docker pull ghcr.io/hnrkndrssn/hyponome:main
docker run --rm -p 8000:8080 -it ghcr.io/hnrkndrssn/hyponome:main

Review in Hyponome

@mcasperson mcasperson enabled auto-merge (squash) November 2, 2025 21:51
wlthomson
wlthomson approved these changes Nov 2, 2025
View reviewed changes
Copy link

@wlthomson wlthomson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@mcasperson mcasperson merged commit 06f8e87 into master Nov 2, 2025
3 checks passed
@mcasperson mcasperson deleted the mattc/sbomscan branch November 2, 2025 23:09
robpearson
robpearson reviewed Nov 2, 2025
View reviewed changes
Copy link

@robpearson robpearson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👌 LGTM!

@mcasperson mcasperson mentioned this pull request Nov 3, 2025
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@robpearson robpearson robpearson left review comments

@wlthomson wlthomson wlthomson approved these changes

@harrisonmeister harrisonmeister Awaiting requested review from harrisonmeister

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mcasperson @robpearson @wlthomson