From f5fb1fdbac95d844cf32c599958e97460c332f86 Mon Sep 17 00:00:00 2001
From: s013k <serg@hayduk.ru>
Date: Tue, 1 Apr 2025 12:06:39 +0000
Subject: [PATCH 1/2] 123123123123

---
 .gitlab-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e2e41be..be73bf6 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -42,7 +42,7 @@ generate-sbom:
   image: python:3.12-slim
   script:
     - pip install cyclonedx-bom
-    - pip install -r requirements.txt
+    - pip install -r app/requirements.txt
     - cyclonedx-py -r -o sbom.xml .
     - cyclonedx-py -r -o sbom.json --format json .
   artifacts:
-- 
GitLab


From c601dc3ec6c91051ddac99fd528b7ed30436dc4d Mon Sep 17 00:00:00 2001
From: s013k <serg@hayduk.ru>
Date: Tue, 1 Apr 2025 12:10:44 +0000
Subject: [PATCH 2/2] 5432

---
 .gitlab-ci.yml | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index be73bf6..649b6d7 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -36,12 +36,13 @@ semgrep-sast:
     - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
   allow_failure: true
 
-# Р“РµРЅРµСЂР°С†РёСЏ SBOM С„Р°Р№Р»Р° СЃ РёСЃРїРѕР»СЊР·РѕРІР°РЅРёРµРј CycloneDX
+# Р“РµРЅРµСЂР°С†РёСЏ SBOM С„Р°Р№Р»Р°
 generate-sbom:
   stage: build
-  image: python:3.12-slim
+  image: python:2.7-slim
   script:
-    - pip install cyclonedx-bom
+    - pip install -U pip
+    - pip install cyclonedx-bom==0.4.3  # РџРѕСЃР»РµРґРЅСЏСЏ РІРµСЂСЃРёСЏ, РїРѕРґРґРµСЂР¶РёРІР°СЋС‰Р°СЏ Python 2.7
     - pip install -r app/requirements.txt
     - cyclonedx-py -r -o sbom.xml .
     - cyclonedx-py -r -o sbom.json --format json .
@@ -71,11 +72,12 @@ dependency-check:
 # Р—Р°РіСЂСѓР·РєР° SBOM РІ Dependency Track РґР»СЏ Р°РЅР°Р»РёР·Р°
 dependency-track:
   stage: security
-  image: python:3.12-slim
+  image: python:2.7-slim
   variables:
     DEPENDENCY_TRACK_URL: "http://your-dependency-track-url"
     DEPENDENCY_TRACK_API_KEY: ${DEPENDENCY_TRACK_API_KEY}
   script:
+    - pip install -U pip
     - pip install requests
     - |
       cat > upload_sbom.py << 'EOF'
@@ -97,7 +99,7 @@ dependency-track:
           }
           
           payload = {
-              'project': 'my-python-flask-project',
+              'project': 'vulnerable-flask-app',
               'bom': sbom_data.decode('utf-8')
           }
           
@@ -108,7 +110,7 @@ dependency-track:
               with open('dependency-track-upload-response.json', 'w') as f:
                   json.dump(response.json(), f)
           else:
-              print(f"РћС€РёР±РєР° РїСЂРё Р·Р°РіСЂСѓР·РєРµ SBOM: {response.status_code}")
+              print("РћС€РёР±РєР° РїСЂРё Р·Р°РіСЂСѓР·РєРµ SBOM: %s" % response.status_code)
               print(response.text)
               sys.exit(1)
               
@@ -117,12 +119,12 @@ dependency-track:
       EOF
     - python upload_sbom.py
     - |
-      python -c "
+      cat > get_report.py << 'EOF'
       import requests
       import os
       import json
       
-      url = os.environ.get('DEPENDENCY_TRACK_URL') + '/api/v1/finding/project/my-python-flask-project'
+      url = os.environ.get('DEPENDENCY_TRACK_URL') + '/api/v1/finding/project/vulnerable-flask-app'
       api_key = os.environ.get('DEPENDENCY_TRACK_API_KEY')
       headers = {'X-API-Key': api_key}
       
@@ -130,7 +132,8 @@ dependency-track:
       
       with open('dependency-track-report.json', 'w') as f:
           json.dump(response.json(), f)
-      "
+      EOF
+    - python get_report.py
   artifacts:
     paths:
       - dependency-track-upload-response.json
@@ -139,3 +142,5 @@ dependency-track:
     when: always
   rules:
     - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
+  needs:
+    - generate-sbom
\ No newline at end of file
-- 
GitLab