From 1b9e422b87f0ee6faa38716084b2141759dccf45 Mon Sep 17 00:00:00 2001
From: Maxim Kolpakov <84957832+mxgreen29@users.noreply.github.com>
Date: Mon, 23 Mar 2026 17:11:07 +0300
Subject: [PATCH 1/4] [DOP-35061] ADD SCA pipeline

---
 .gitlab-ci.yml | 32 ++++++++++++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c4963b39..90ffaaa0 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,12 +1,40 @@
 stages:
   - security-scan
+  - sbom
 
-## -------------- Security Pipeline ---------------- ##
 
+## -------------- Security Pipeline ---------------- ##
+sbom-creation:
+  stage: sbom
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "web"
+      when: always
+    - if: $CI_COMMIT_REF_NAME =~ $CI_DEFAULT_BRANCH
+      when: always
+    - when: never
+  image:
+    name: ${SBOM_IMAGE}
+    entrypoint: ['']
+  script:
+    - npx @cyclonedx/cyclonedx-npm --ignore-npm-errors --output-file sbom.cyclonedx.json --omit=dev
+  artifacts:
+    paths:
+      - sbom.cyclonedx.json
+    expire_in: 1 days
+    
 security-scan:
+  variables:
+    APPSECHUB_PARENT_PIPELINE_ID: $CI_PIPELINE_ID
+    APPSECHUB_SCA_SBOM_GENERATOR: custom
+    APPSECHUB_SBOM_PATH: sbom.cyclonedx.json
+    APPSECHUB_SBOM_MASK: '*bom*.json'
+    CUSTOM_SBOM_GENERATOR_JOB_NAME: sbom-creation
   rules:
-    - if: $CI_COMMIT_REF_NAME =~ /(develop)/
+    - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
+      when: always
+    - if: $CI_PIPELINE_SOURCE == "web"
       when: always
+    - when: never
   stage: security-scan
   trigger:
     include:

From a54d576e2f9c36122fcf44222eaf4eb32b064593 Mon Sep 17 00:00:00 2001
From: Maxim Kolpakov <84957832+mxgreen29@users.noreply.github.com>
Date: Mon, 23 Mar 2026 18:25:23 +0300
Subject: [PATCH 2/4] [DOP-35061] ADD SCA pipeline

---
 .gitlab-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 90ffaaa0..aa6f7fcb 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,6 +1,6 @@
 stages:
-  - security-scan
   - sbom
+  - security-scan
 
 
 ## -------------- Security Pipeline ---------------- ##

From e188a8a2d04072f7ee3e46617402a2aaa9a0f6bd Mon Sep 17 00:00:00 2001
From: Maxim Kolpakov <84957832+mxgreen29@users.noreply.github.com>
Date: Tue, 24 Mar 2026 10:51:02 +0300
Subject: [PATCH 3/4] [DOP-35061] ADD SCA pipeline

---
 .gitlab-ci.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index aa6f7fcb..12d0532d 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -9,13 +9,14 @@ sbom-creation:
   rules:
     - if: $CI_PIPELINE_SOURCE == "web"
       when: always
-    - if: $CI_COMMIT_REF_NAME =~ $CI_DEFAULT_BRANCH
+    - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
       when: always
     - when: never
   image:
     name: ${SBOM_IMAGE}
     entrypoint: ['']
   script:
+    - npm install
     - npx @cyclonedx/cyclonedx-npm --ignore-npm-errors --output-file sbom.cyclonedx.json --omit=dev
   artifacts:
     paths:

From 2d69eac6fdcce086be870c2268f8b691fb3edf56 Mon Sep 17 00:00:00 2001
From: Maxim Kolpakov <84957832+mxgreen29@users.noreply.github.com>
Date: Tue, 24 Mar 2026 14:20:41 +0300
Subject: [PATCH 4/4] [DOP-35061] ADD SCA pipeline

---
 .gitlab-ci.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 12d0532d..67967e07 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -16,8 +16,8 @@ sbom-creation:
     name: ${SBOM_IMAGE}
     entrypoint: ['']
   script:
-    - npm install
-    - npx @cyclonedx/cyclonedx-npm --ignore-npm-errors --output-file sbom.cyclonedx.json --omit=dev
+    - yarn config set npmRegistryServer $NPM_REGISTRY
+    - yarn dlx @cyclonedx/yarn-plugin-cyclonedx --output-file sbom.cyclonedx.json
   artifacts:
     paths:
       - sbom.cyclonedx.json