Add api key and username for nancy commands

2026-01-04 12:14:24 +00:00 · 2025-10-14 11:54:33 -05:00
parent be15eaf023
commit 6fa8895357
2 changed files with 14 additions and 2 deletions
--- a/pipelines/pull-requests/pipeline.yml
+++ b/pipelines/pull-requests/pipeline.yml
@@ -636,6 +636,9 @@ jobs:
              tag: alpine
          inputs:
            - name: pinniped-modules
+          params:
+            SONATYPE_API_KEY: ((sonatype-api-key))
+            SONATYPE_USERNAME: ((sonatype-username))
          run:
            path: 'sh'
            args:
@@ -664,7 +667,10 @@ jobs:

                EOF

-                nancy sleuth --exclude-vulnerability-file=exclusions.txt < pinniped-modules/modules.json
+                cat pinniped-modules/modules.json | nancy sleuth \
+                  --exclude-vulnerability-file=exclusions.txt \
+                  --token ${SONATYPE_API_KEY} \
+                  --username ${SONATYPE_USERNAME}

  - name: run-go-vuln-scan
    on_success: { <<: *pr-status-on-success, params: { <<: *pr-status-on-success-params, context: run-go-vuln-scan } }
--- a/pipelines/security-scan/pipeline.yml
+++ b/pipelines/security-scan/pipeline.yml
@@ -173,6 +173,9 @@ jobs:
              tag: alpine
          inputs:
            - name: pinniped-modules
+          params:
+            SONATYPE_API_KEY: ((sonatype-api-key))
+            SONATYPE_USERNAME: ((sonatype-username))
          run:
            path: 'sh'
            args:
@@ -195,7 +198,10 @@ jobs:
                CVE-2020-8561
                EOF

-                nancy sleuth --exclude-vulnerability-file=exclusions.txt < pinniped-modules/modules.json
+                cat pinniped-modules/modules.json | nancy sleuth \
+                  --exclude-vulnerability-file=exclusions.txt \
+                  --token ${SONATYPE_API_KEY} \
+                  --username ${SONATYPE_USERNAME}

  - name: trivy-release
    public: true # all logs are publicly visible