From 197ba79ac7178e85254256e335896f1f4fc02c60 Mon Sep 17 00:00:00 2001
From: Maxim Kolpakov <84957832+mxgreen29@users.noreply.github.com>
Date: Tue, 10 Mar 2026 15:05:23 +0300
Subject: [PATCH 1/2] [DOP-25330]

Add SCA pipeline
---
 .gitlab-ci.yml | 33 ++++++++++++++++++++++++++++-----
 1 file changed, 28 insertions(+), 5 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 93c8a332..dc47bec1 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,18 +1,41 @@
 stages:
+  - sbom
   - security-scan
 
 ## -------------- Security Pipeline ---------------- ##
 
-security-scan:
+sbom-creation:
+  stage: sbom
   rules:
-    - if: $CI_COMMIT_REF_NAME =~ /(develop)/
+    - if: $CI_PIPELINE_SOURCE == "web"
+      when: manual
+    - if: $CI_COMMIT_REF_NAME =~ $CI_DEFAULT_BRANCH
       when: always
+  image:
+    name: ${DEFAULT_IMAGE}:develop
+    entrypoint: [""]
+  script:
+    - uv pip install cyclonedx-bom
+    - uv export --all-extras --no-dev --no-group test --no-group docs --link-mode=copy --format requirements.txt | cyclonedx-py requirements - > sbom.cyclonedx.json
+  artifacts:
+    paths:
+      - sbom.cyclonedx.json
+    expire_in: 1 days
+
+security-scan:
   stage: security-scan
+  needs:
+    - sbom-creation
   trigger:
     include:
-      - project: devsecops3000Pro/public/pipelines/security-pipeline
-        file: security_pipeline.yaml
-        ref: master
+      - project: $SECURITY_PIPELINE_PROJECT
+        file: 'security_pipeline.yaml'
+        ref: $SECURITY_PIPELINE_REF
     forward:
       pipeline_variables: true
       yaml_variables: true
+  rules:
+    - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
+      when: always
+    - if: '$CI_PIPELINE_SOURCE == "web"'
+      when: always

From be27fe583e09525fc80d371446eec2911adcc37a Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Tue, 10 Mar 2026 12:12:25 +0000
Subject: [PATCH 2/2] [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci
---
 .gitlab-ci.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index dc47bec1..cc72fe96 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -13,7 +13,7 @@ sbom-creation:
       when: always
   image:
     name: ${DEFAULT_IMAGE}:develop
-    entrypoint: [""]
+    entrypoint: ['']
   script:
     - uv pip install cyclonedx-bom
     - uv export --all-extras --no-dev --no-group test --no-group docs --link-mode=copy --format requirements.txt | cyclonedx-py requirements - > sbom.cyclonedx.json
@@ -29,7 +29,7 @@ security-scan:
   trigger:
     include:
       - project: $SECURITY_PIPELINE_PROJECT
-        file: 'security_pipeline.yaml'
+        file: security_pipeline.yaml
         ref: $SECURITY_PIPELINE_REF
     forward:
       pipeline_variables: true
@@ -37,5 +37,5 @@ security-scan:
   rules:
     - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
       when: always
-    - if: '$CI_PIPELINE_SOURCE == "web"'
+    - if: $CI_PIPELINE_SOURCE == "web"
       when: always