Merge branch 'feat/change-hash-source' into 'master'

  script:

    - autoconfig_hadolint

    - mkdir -p -m 777 reports

    - dockerfile_hash=$(md5sum "$DOCKER_FILE" | cut -d" " -f1)

    - dockerfile_hash=$(echo "$DOCKER_FILE" | md5sum | cut -d" " -f1)

    # Output in Code Climate format (GitLab integration)

    - hadolint --no-fail -f gitlab_codeclimate $DOCKER_HADOLINT_ARGS $hadolint_config_opts "$DOCKER_FILE" > "reports/docker-hadolint-${dockerfile_hash}.codeclimate.json"

    # Output in JSON format

    trivy image --clear-cache

    export TRIVY_USERNAME=${DOCKER_REGISTRY_SNAPSHOT_USER:-${DOCKER_REGISTRY_USER:-$CI_REGISTRY_USER}}

    export TRIVY_PASSWORD=${DOCKER_REGISTRY_SNAPSHOT_PASSWORD:-${DOCKER_REGISTRY_PASSWORD:-$CI_REGISTRY_PASSWORD}}

    export basename=$(echo "${DOCKER_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g')

    basename=$(echo "${DOCKER_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g')

    mkdir -p ./reports

    if [[ -z "${DOCKER_TRIVY_ADDR}" ]]; then

      log_warn "\\e[93mYou are using Trivy in standalone mode. To get faster scans, consider setting the DOCKER_TRIVY_ADDR variable to the address of a Trivy server. More info here: https://aquasecurity.github.io/trivy/latest/docs/references/modes/client-server/\\e[0m"

  dependencies: []

  script:

    - mkdir -p -m 777 reports

    - dockerfile_hash=$(md5sum "$DOCKER_FILE" | cut -d" " -f1)

    - /syft packages ${TRACE+-vv} $DOCKER_SNAPSHOT_IMAGE $DOCKER_SBOM_OPTS -o cyclonedx-json=reports/docker-sbom-${dockerfile_hash}.cyclonedx.json

    - chmod a+r reports/docker-sbom-${dockerfile_hash}.cyclonedx.json

    - basename=$(echo "${DOCKER_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g')

    - /syft packages ${TRACE+-vv} $DOCKER_SNAPSHOT_IMAGE $DOCKER_SBOM_OPTS -o cyclonedx-json=reports/docker-sbom-${basename}.cyclonedx.json

    - chmod a+r reports/docker-sbom-${basename}.cyclonedx.json

  artifacts:

    name: "SBOM for docker from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"

    expire_in: 1 week