From 326dd3513faa13c95a543e3faaf9462f43f558fe Mon Sep 17 00:00:00 2001 From: Sayanta Banerjee Date: Thu, 26 Mar 2026 13:13:56 +0530 Subject: [PATCH 1/9] Create pipeline demo-pipeline1 --- .../Exploratory/pipelines/demopipeline1.yaml | 62 +++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 .harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml diff --git a/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml b/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml new file mode 100644 index 0000000..2760f6a --- /dev/null +++ b/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml @@ -0,0 +1,62 @@ +pipeline: + name: demo-pipeline1 + identifier: demopipeline1 + projectIdentifier: Exploratory + orgIdentifier: SSCA + tags: {} + properties: + ci: + codebase: + connectorRef: Sayanta66 + repoName: ProtectedPDF2Doc.git + build: <+input> + stages: + - stage: + name: demo-build + identifier: demobuild + description: "" + type: CI + spec: + cloneCodebase: true + caching: + enabled: true + override: false + buildIntelligence: + enabled: true + platform: + os: Linux + arch: Amd64 + runtime: + type: Cloud + spec: + size: small + imageSpec: + imageName: ubuntu-latest + execution: + steps: + - step: + type: Run + name: Run_1 + identifier: Run_1 + spec: + shell: Sh + command: |- + syft dir:. -o json > sbom.json + cp /path/to/sbom.json ./sbom.json + - step: + type: SscaOrchestration + name: SBOM Orchestration_1 + identifier: SBOMOrchestration_1 + spec: + mode: ingestion + ingestion: + file: sbom.json + source: + type: local + spec: + artifact_name: sbom-local + version: "1.0" + resources: + limits: + memory: 500Mi + cpu: "0.5" From e7da5f4efa52995864287bea1d0151065739d6cd Mon Sep 17 00:00:00 2001 From: Sayanta Banerjee Date: Thu, 26 Mar 2026 13:17:46 +0530 Subject: [PATCH 2/9] Update pipeline demo-pipeline1 --- .../projects/Exploratory/pipelines/demopipeline1.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml b/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml index 2760f6a..bdc54e1 100644 --- a/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml +++ b/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml @@ -41,6 +41,16 @@ pipeline: spec: shell: Sh command: |- + # Install syft + curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh + + # Move binary to PATH + mv ./bin/syft /usr/local/bin/ + + # Verify + syft version + + # Generate SBOM syft dir:. -o json > sbom.json cp /path/to/sbom.json ./sbom.json - step: From 51e4f5b1598a68a6a72489aab200f8672adf8c6d Mon Sep 17 00:00:00 2001 From: Sayanta Banerjee Date: Thu, 26 Mar 2026 13:22:56 +0530 Subject: [PATCH 3/9] Update pipeline demo-pipeline1 --- .../projects/Exploratory/pipelines/demopipeline1.yaml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml b/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml index bdc54e1..fdbdf36 100644 --- a/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml +++ b/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml @@ -41,18 +41,10 @@ pipeline: spec: shell: Sh command: |- - # Install syft curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh - - # Move binary to PATH mv ./bin/syft /usr/local/bin/ - - # Verify syft version - - # Generate SBOM syft dir:. -o json > sbom.json - cp /path/to/sbom.json ./sbom.json - step: type: SscaOrchestration name: SBOM Orchestration_1 From 9a0aabf77df45730d8b14d24fe8b5699ecfd1140 Mon Sep 17 00:00:00 2001 From: Sayanta Banerjee Date: Thu, 9 Apr 2026 20:14:31 +0530 Subject: [PATCH 4/9] Update pipeline demo-pipeline1 --- .../Exploratory/pipelines/demopipeline1.yaml | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml b/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml index fdbdf36..bef6fc1 100644 --- a/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml +++ b/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml @@ -62,3 +62,25 @@ pipeline: limits: memory: 500Mi cpu: "0.5" + - step: + type: SscaOrchestration + name: SBOM Orchestration_2 + identifier: SBOMOrchestration_2 + spec: + mode: ingestion + ingestion: + file: sbom.json + source: + type: repository + spec: + url: https://github.com/Sayanta66/ProtectedPDF2Doc.git + variant_type: branch + variant: main + sbom_drift: + base: repository + spec: + variant: main + resources: + limits: + memory: 500Mi + cpu: "0.5" From 47503c56f89d3da97620743bddaa82586f378dd3 Mon Sep 17 00:00:00 2001 From: Sayanta Banerjee Date: Thu, 9 Apr 2026 20:20:57 +0530 Subject: [PATCH 5/9] Update pipeline demo-pipeline1 --- .../orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml b/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml index bef6fc1..1d43b47 100644 --- a/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml +++ b/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml @@ -44,7 +44,7 @@ pipeline: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh mv ./bin/syft /usr/local/bin/ syft version - syft dir:. -o json > sbom.json + syft dir:. -o cyclonedx-json > /harness/output/sbom.json - step: type: SscaOrchestration name: SBOM Orchestration_1 From fdec04f9de1b7083b16b9b895bb8b26c80ddf852 Mon Sep 17 00:00:00 2001 From: Sayanta Banerjee Date: Thu, 9 Apr 2026 20:29:13 +0530 Subject: [PATCH 6/9] Update pipeline demo-pipeline1 --- .../orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml b/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml index 1d43b47..53bf7be 100644 --- a/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml +++ b/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml @@ -44,7 +44,7 @@ pipeline: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh mv ./bin/syft /usr/local/bin/ syft version - syft dir:. -o cyclonedx-json > /harness/output/sbom.json + syft dir:. -o spdx-json > /harness/output/sbom.json - step: type: SscaOrchestration name: SBOM Orchestration_1 From 4d73995f6a46d23cbff54fe13d3295b5a4fea3bd Mon Sep 17 00:00:00 2001 From: Sayanta Banerjee Date: Thu, 9 Apr 2026 20:34:06 +0530 Subject: [PATCH 7/9] Update pipeline demo-pipeline1 --- .../SSCA/projects/Exploratory/pipelines/demopipeline1.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml b/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml index 53bf7be..8a02a39 100644 --- a/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml +++ b/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml @@ -44,7 +44,14 @@ pipeline: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh mv ./bin/syft /usr/local/bin/ syft version + + # THIS LINE WAS MISSING + mkdir -p /harness/output + syft dir:. -o spdx-json > /harness/output/sbom.json + + # Always verify + ls -R /harness/output - step: type: SscaOrchestration name: SBOM Orchestration_1 From 7e2960d4be448e9dc8dbd941d716de658fd206bc Mon Sep 17 00:00:00 2001 From: Sayanta Banerjee Date: Thu, 9 Apr 2026 20:44:00 +0530 Subject: [PATCH 8/9] Update pipeline demo-pipeline1 --- .../Exploratory/pipelines/demopipeline1.yaml | 22 ------------------- 1 file changed, 22 deletions(-) diff --git a/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml b/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml index 8a02a39..6be469a 100644 --- a/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml +++ b/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml @@ -69,25 +69,3 @@ pipeline: limits: memory: 500Mi cpu: "0.5" - - step: - type: SscaOrchestration - name: SBOM Orchestration_2 - identifier: SBOMOrchestration_2 - spec: - mode: ingestion - ingestion: - file: sbom.json - source: - type: repository - spec: - url: https://github.com/Sayanta66/ProtectedPDF2Doc.git - variant_type: branch - variant: main - sbom_drift: - base: repository - spec: - variant: main - resources: - limits: - memory: 500Mi - cpu: "0.5" From aa06e8d2d80875bb8ee3cd0768479bfa1f7780be Mon Sep 17 00:00:00 2001 From: Sayanta Banerjee Date: Thu, 9 Apr 2026 20:55:04 +0530 Subject: [PATCH 9/9] Update pipeline demo-pipeline1 --- .../projects/Exploratory/pipelines/demopipeline1.yaml | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml b/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml index 6be469a..690c5a3 100644 --- a/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml +++ b/.harness/orgs/SSCA/projects/Exploratory/pipelines/demopipeline1.yaml @@ -44,14 +44,7 @@ pipeline: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh mv ./bin/syft /usr/local/bin/ syft version - - # THIS LINE WAS MISSING - mkdir -p /harness/output - - syft dir:. -o spdx-json > /harness/output/sbom.json - - # Always verify - ls -R /harness/output + syft dir:. -o cyclonedx-json > sbom.json - step: type: SscaOrchestration name: SBOM Orchestration_1