Skip to content

Commit 0cea2c9

Browse files
corneliusludmanncorneliusludmann
committed
Only scan relevent packages
1 parent 26436b2 commit 0cea2c9

File tree

2 files changed

+30
-2
lines changed

2 files changed

+30
-2
lines changed

.github/workflows/build.yml

+2-2
Original file line numberDiff line numberDiff line change
@@ -340,7 +340,7 @@ jobs:
340340
[[ "${PUBLISH_TO_NPM}" = 'true' ]] && NPM_PUBLISH_TRIGGER=$(date +%s%3N) || NPM_PUBLISH_TRIGGER="false"
341341
342342
sboms_dir=$(mktemp -d)
343-
CI= leeway sbom export --with-dependencies --output-dir "$sboms_dir" \
343+
CI= leeway sbom export components:needs-vuln-scan --with-dependencies --output-dir "$sboms_dir" \
344344
-Dversion=$VERSION \
345345
--docker-build-options network=host \
346346
--max-concurrent-tasks 1 \
@@ -351,7 +351,7 @@ jobs:
351351
-DimageRepoBase=$IMAGE_REPO_BASE
352352
353353
scans_dir=$(mktemp -d)
354-
CI= leeway sbom scan --with-dependencies --output-dir "$scans_dir" \
354+
CI= leeway sbom scan components:needs-vuln-scan --with-dependencies --output-dir "$scans_dir" \
355355
-Dversion=$VERSION \
356356
--docker-build-options network=host \
357357
--max-concurrent-tasks 1 \

components/BUILD.yaml

+28
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ packages:
99
- version
1010
deps:
1111
- :all-docker
12+
- :needs-vuln-scan
1213
- :docker-versions
1314
- :publish-api
1415
- dev:all-app
@@ -95,6 +96,33 @@ packages:
9596
- ["sh", "-c", "echo \"version: ${version}\" >> versions.yaml"]
9697
- ["sh", "-c", "dev-version-manifest--app/version-manifest >> versions.yaml"]
9798
- ["sh", "-c", "rm -r components* dev-*"]
99+
- name: needs-vuln-scan
100+
type: generic
101+
deps:
102+
- components/blobserve:docker
103+
- components/content-service:docker
104+
- components/dashboard:docker
105+
- components/docker-up:docker
106+
- components/ee/agent-smith:docker
107+
- components/gitpod-db:docker
108+
- components/ide-metrics:docker
109+
- components/ide-proxy:docker
110+
- components/ide-service:docker
111+
- components/image-builder-bob:docker
112+
- components/image-builder-mk3:docker
113+
- components/node-labeler:docker
114+
- components/openvsx-proxy:docker
115+
- components/proxy:docker
116+
- components/public-api-server:docker
117+
- components/registry-facade:docker
118+
- components/server:docker
119+
- components/service-waiter:docker
120+
- components/supervisor:docker
121+
- components/workspacekit:docker
122+
- components/ws-daemon:docker
123+
- components/ws-manager-bridge:docker
124+
- components/ws-manager-mk2:docker
125+
- components/ws-proxy:docker
98126
- name: publish-api
99127
type: generic
100128
deps:

0 commit comments

Comments
 (0)