| 1 | IMAGE ?= ghcr.io/zionboggan/cicd-supply-chain-security:dev |
| 2 | OWNER ?= zionboggan |
| 3 | |
| 4 | .PHONY: build sbom scan sign verify policy-test |
| 5 | |
| 6 | build: |
| 7 | docker build -t $(IMAGE) . |
| 8 | |
| 9 | sbom: |
| 10 | syft $(IMAGE) -o spdx-json=sbom.spdx.json |
| 11 | |
| 12 | scan: |
| 13 | grype $(IMAGE) --fail-on high |
| 14 | |
| 15 | sign: |
| 16 | cosign sign --yes $(IMAGE) |
| 17 | |
| 18 | verify: |
| 19 | OWNER=$(OWNER) ./policy/verify.sh $(IMAGE) |
| 20 | |
| 21 | policy-test: |
| 22 | kyverno apply policy/kyverno-verify-images.yaml --resource policy/test/pods.yaml |