From 709caeceb6ac0f8ecae2e5037168da4098380d0b Mon Sep 17 00:00:00 2001
From: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Date: Sun, 31 Mar 2024 10:55:27 -0500
Subject: [PATCH] included for registry1 and upstream

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---
 tasks/scanvulnerability.yaml | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/tasks/scanvulnerability.yaml b/tasks/scanvulnerability.yaml
index 86ce591b..16c09532 100644
--- a/tasks/scanvulnerability.yaml
+++ b/tasks/scanvulnerability.yaml
@@ -4,9 +4,12 @@ tasks:
     description: Create a UDS package with configurable flavor and extract the SBOM from all created packages and analyze for vulnerabilities
     actions:
       - cmd: |
-          uds zarf package create . --flavor=upstream --confirm --no-progress -o sbom
-          for file in sbom/*.zst; do
-            uds zarf package inspect "$file" --sbom-out ./sbom --no-progress;
+          flavors=("upstream" "registry1")
+          for flavor in "${flavors[@]}"; do
+            uds zarf package create . --flavor="$flavor" --confirm --no-progress -o sbom
+            for file in sbom/*.zst; do
+              uds zarf package inspect "$file" --sbom-out ./sbom --no-progress;
+            done
           done
           if ! command -v grype &> /dev/null; then
             echo "Grype could not be found, installing..."
@@ -21,3 +24,4 @@ tasks:
             done
           ' sh {} +
           echo "All SBOM files processed and analyzed for vulnerabilities."
+