Generate CVE 5 Enrichment Data #114
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Generate CVE 5 Enrichment Data" | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: '05 * * * MON-FRI' | |
| concurrency: | |
| group: generate | |
| cancel-in-progress: true | |
| jobs: | |
| generate: | |
| permissions: | |
| contents: write | |
| name: "Generate legacy Anchore CVE 5 enriched records from vunerability index spec files" | |
| runs-on: ubuntu-latest | |
| container: | |
| image: python:3.13-alpine | |
| steps: | |
| - name: Install OS dependencies | |
| run: apk add --no-cache bash git | |
| - name: Configure git | |
| run: git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
| - name: Install python dependencies | |
| run: pip install check-jsonschema cpe git+https://github.com/anchore/security-cli | |
| - name: Checkout CVE 5 data | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - name: Checkout Vulnerability Index Spec Files | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| repository: anchore/vulnerability-index-spec-files | |
| path: .tmp/vulnerability-index-spec-files | |
| - name: Generate CVE 5 Enrichment Data | |
| run: anchore-security-cli -vvv legacy cve5 generate --spec-path .tmp/vulnerability-index-spec-files/data -o data/anchore | |
| - name: "Verify enrichment record json schema" | |
| run: check-jsonschema --schemafile schema/enrichment_record.schema.json data/**/**/*.json | |
| - name: Commit changes | |
| run: | | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| git config user.name "github-actions[bot]" | |
| ./scripts/commit.sh | |
| git push |