From 6fa8895357967f6cfbf4ad230cdb64baff169ae5 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 14 Oct 2025 11:54:33 -0500 Subject: [PATCH] Add api key and username for nancy commands --- pipelines/pull-requests/pipeline.yml | 8 +++++++- pipelines/security-scan/pipeline.yml | 8 +++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/pipelines/pull-requests/pipeline.yml b/pipelines/pull-requests/pipeline.yml index 09fd58790..08084a505 100644 --- a/pipelines/pull-requests/pipeline.yml +++ b/pipelines/pull-requests/pipeline.yml @@ -636,6 +636,9 @@ jobs: tag: alpine inputs: - name: pinniped-modules + params: + SONATYPE_API_KEY: ((sonatype-api-key)) + SONATYPE_USERNAME: ((sonatype-username)) run: path: 'sh' args: @@ -664,7 +667,10 @@ jobs: EOF - nancy sleuth --exclude-vulnerability-file=exclusions.txt < pinniped-modules/modules.json + cat pinniped-modules/modules.json | nancy sleuth \ + --exclude-vulnerability-file=exclusions.txt \ + --token ${SONATYPE_API_KEY} \ + --username ${SONATYPE_USERNAME} - name: run-go-vuln-scan on_success: { <<: *pr-status-on-success, params: { <<: *pr-status-on-success-params, context: run-go-vuln-scan } } diff --git a/pipelines/security-scan/pipeline.yml b/pipelines/security-scan/pipeline.yml index 146a157ac..6facb0201 100644 --- a/pipelines/security-scan/pipeline.yml +++ b/pipelines/security-scan/pipeline.yml @@ -173,6 +173,9 @@ jobs: tag: alpine inputs: - name: pinniped-modules + params: + SONATYPE_API_KEY: ((sonatype-api-key)) + SONATYPE_USERNAME: ((sonatype-username)) run: path: 'sh' args: @@ -195,7 +198,10 @@ jobs: CVE-2020-8561 EOF - nancy sleuth --exclude-vulnerability-file=exclusions.txt < pinniped-modules/modules.json + cat pinniped-modules/modules.json | nancy sleuth \ + --exclude-vulnerability-file=exclusions.txt \ + --token ${SONATYPE_API_KEY} \ + --username ${SONATYPE_USERNAME} - name: trivy-release public: true # all logs are publicly visible