Generate SBOM from Trivy (#2810)

* Fix grype issue * [automation] Auto-update linters version, help and documentation * Downgrade grype * mega-liter-runner ml config * fix test cases * [MegaLinter] Apply linters fixes * trivy sbom * Trivy SBOM * trivy sbom call * trivy SBOM test classes * sbom cyclonedx * Fix call to trivy sbom * JSON output * jscpd * [MegaLinter] Apply linters fixes --------- Co-authored-by: nvuillam <nicolas.vuillamy@ox.security> Co-authored-by: nvuillam <nvuillam@users.noreply.github.com>
oxsecurity · Jul 15, 2023 · f84e76f · f84e76f
1 parent 2e245cd
commit f84e76f
Show file tree

Hide file tree

Showing 45 changed files with 412 additions and 1 deletion.
diff --git a/.automation/generated/linter-links-previews.json b/.automation/generated/linter-links-previews.json
@@ -544,6 +544,11 @@
     "image": null,
     "title": "Redirecting"
   },
+  "trivy-sbom": {
+    "description": "None",
+    "image": null,
+    "title": "Redirecting"
+  },
   "ts-standard": {
     "description": "English \u2022 Espan\u0303ol (Latinoame\u0301rica) \u2022 Franc\u0327ais \u2022 Bahasa Indonesia \u2022 Italiano (Italian) \u2022 \u65e5\u672c\u8a9e (Japanese) \u2022 \u1112\u1161\u11ab\u1100\u116e\u11a8\u110b\u1165 (Korean) \u2022 Portugue\u0302s (Brasil) \u2022 \u7b80\u4f53\u4e2d\u6587 (Simplified Chinese) \u2022 \u7e41\u9ad4\u4e2d\u6587 (Taiwanese Mandarin).",
     "image": null,

diff --git a/.github/linters/.jscpd.json b/.github/linters/.jscpd.json
@@ -24,6 +24,7 @@
     "**/megalinter/tests/test_megalinter/mega_linter*",
     "**/megalinter/tests/test_megalinter/plugins_test.py*",
     "**/megalinter/tests/test_megalinter/config_test.py",
+    "**/repository_trivy_sbom_test.py",
     "**/megalinter/utilstest.py",
     "**/*.test.js",
     "**/CHANGELOG.md",

diff --git a/.github/workflows/deploy-BETA-linters.yml b/.github/workflows/deploy-BETA-linters.yml
@@ -155,6 +155,7 @@ jobs:
             "repository_semgrep",
             "repository_syft",
             "repository_trivy",
+            "repository_trivy_sbom",
             "rst_rst_lint",
             "rst_rstcheck",
             "rst_rstfmt",

diff --git a/.github/workflows/deploy-DEV-linters.yml b/.github/workflows/deploy-DEV-linters.yml
@@ -144,6 +144,7 @@ jobs:
             "repository_semgrep",
             "repository_syft",
             "repository_trivy",
+            "repository_trivy_sbom",
             "rst_rst_lint",
             "rst_rstcheck",
             "rst_rstfmt",

diff --git a/.github/workflows/deploy-RELEASE-linters.yml b/.github/workflows/deploy-RELEASE-linters.yml
@@ -131,6 +131,7 @@ jobs:
             "repository_semgrep",
             "repository_syft",
             "repository_trivy",
+            "repository_trivy_sbom",
             "rst_rst_lint",
             "rst_rstcheck",
             "rst_rstfmt",

diff --git a/Dockerfile b/Dockerfile
@@ -701,6 +701,10 @@ RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh |
 # trivy installation
     && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
 
+# trivy-sbom installation
+# Next line commented because already managed by another linter
+# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
+
 # sfdx-scanner-apex installation
     && sfdx plugins:install @salesforce/sfdx-scanner \
     && npm cache clean --force || true \

diff --git a/docs/descriptors/xml_xmllint.md b/docs/descriptors/xml_xmllint.md
@@ -25,7 +25,7 @@ To apply file formatting you must set `XML_XMLLINT_CLI_LINT_MODE: file` and `XML
 | Variable                                | Description                                                                                                                                                                                                         | Default value      |
 |-----------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------|
 | XML_XMLLINT_AUTOFORMAT                  | If set to `true`, it will reformat and reindent the output                                                                                                                                                          | `false`            |
-| XML_XMLLINT_INDENT                      | The number of indentation spaces when `XML_XMLLINT_AUTOFORMAT` is `true`                                                                                                                                            | `  `               |
+| XML_XMLLINT_INDENT                      | The number of indentation spaces when `XML_XMLLINT_AUTOFORMAT` is `true`                                                                                                                                            | ``                 |
 | XML_XMLLINT_ARGUMENTS                   | User custom arguments to add in linter CLI call<br/>Ex: `-s --foo "bar"`                                                                                                                                            |                    |
 | XML_XMLLINT_FILTER_REGEX_INCLUDE        | Custom regex including filter<br/>Ex: `(src\|lib)`                                                                                                                                                                  | Include every file |
 | XML_XMLLINT_FILTER_REGEX_EXCLUDE        | Custom regex excluding filter<br/>Ex: `(test\|examples)`                                                                                                                                                            | Exclude no file    |

diff --git a/docs/standalone-linters.md b/docs/standalone-linters.md
@@ -84,6 +84,7 @@
 | REPOSITORY_SEMGREP                | oxsecurity/megalinter-only-repository_semgrep:beta                |        ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/oxsecurity/megalinter-only-repository_semgrep/beta)         |
 | REPOSITORY_SYFT                   | oxsecurity/megalinter-only-repository_syft:beta                   |          ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/oxsecurity/megalinter-only-repository_syft/beta)          |
 | REPOSITORY_TRIVY                  | oxsecurity/megalinter-only-repository_trivy:beta                  |         ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/oxsecurity/megalinter-only-repository_trivy/beta)          |
+| REPOSITORY_TRIVY_SBOM             | oxsecurity/megalinter-only-repository_trivy_sbom:beta             |       ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/oxsecurity/megalinter-only-repository_trivy_sbom/beta)       |
 | RST_RST_LINT                      | oxsecurity/megalinter-only-rst_rst_lint:beta                      |           ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/oxsecurity/megalinter-only-rst_rst_lint/beta)            |
 | RST_RSTCHECK                      | oxsecurity/megalinter-only-rst_rstcheck:beta                      |           ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/oxsecurity/megalinter-only-rst_rstcheck/beta)            |
 | RST_RSTFMT                        | oxsecurity/megalinter-only-rst_rstfmt:beta                        |            ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/oxsecurity/megalinter-only-rst_rstfmt/beta)             |

diff --git a/flavors/ci_light/Dockerfile b/flavors/ci_light/Dockerfile
@@ -201,6 +201,10 @@ RUN wget -q -O - https://raw.githubusercontent.com/dotenv-linter/dotenv-linter/m
     && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
 
 
+# trivy-sbom installation
+# Next line commented because already managed by another linter
+# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
+
 #OTHER__END
 
 ################################

diff --git a/flavors/ci_light/flavor.json b/flavors/ci_light/flavor.json
@@ -20,6 +20,7 @@
         "REPOSITORY_GRYPE",
         "REPOSITORY_SECRETLINT",
         "REPOSITORY_TRIVY",
+        "REPOSITORY_TRIVY_SBOM",
         "XML_XMLLINT",
         "YAML_PRETTIER",
         "YAML_YAMLLINT",

diff --git a/flavors/cupcake/Dockerfile b/flavors/cupcake/Dockerfile
@@ -473,6 +473,10 @@ ENV KICS_QUERIES_PATH=/opt/kics/assets/queries KICS_LIBRARIES_PATH=/opt/kics/ass
 RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
 
 
+# trivy-sbom installation
+# Next line commented because already managed by another linter
+# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
+
 # lychee installation
 # Managed with COPY --link --from=lychee /usr/local/bin/lychee /usr/bin/
 

diff --git a/flavors/cupcake/flavor.json b/flavors/cupcake/flavor.json
@@ -69,6 +69,7 @@
         "REPOSITORY_SECRETLINT",
         "REPOSITORY_SEMGREP",
         "REPOSITORY_TRIVY",
+        "REPOSITORY_TRIVY_SBOM",
         "RST_RST_LINT",
         "RST_RSTCHECK",
         "RST_RSTFMT",

diff --git a/flavors/documentation/Dockerfile b/flavors/documentation/Dockerfile
@@ -282,6 +282,10 @@ RUN printf '#!/bin/bash \n\nif [[ -x "$1" ]]; then exit 0; else echo "Error: Fil
     && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
 
 
+# trivy-sbom installation
+# Next line commented because already managed by another linter
+# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
+
 # vale installation
 # Managed with COPY --link --from=vale /bin/vale /bin/vale
 

diff --git a/flavors/documentation/flavor.json b/flavors/documentation/flavor.json
@@ -41,6 +41,7 @@
         "REPOSITORY_SECRETLINT",
         "REPOSITORY_SEMGREP",
         "REPOSITORY_TRIVY",
+        "REPOSITORY_TRIVY_SBOM",
         "SNAKEMAKE_LINT",
         "SNAKEMAKE_SNAKEFMT",
         "SPELL_CSPELL",

diff --git a/flavors/dotnet/Dockerfile b/flavors/dotnet/Dockerfile
@@ -367,6 +367,10 @@ RUN curl --retry 5 --retry-delay 5 -sLO "${ARM_TTK_URI}" \
 # trivy installation
     && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
 
+# trivy-sbom installation
+# Next line commented because already managed by another linter
+# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
+
 # vale installation
 # Managed with COPY --link --from=vale /bin/vale /bin/vale
 

diff --git a/flavors/dotnet/flavor.json b/flavors/dotnet/flavor.json
@@ -55,6 +55,7 @@
         "REPOSITORY_SECRETLINT",
         "REPOSITORY_SEMGREP",
         "REPOSITORY_TRIVY",
+        "REPOSITORY_TRIVY_SBOM",
         "SNAKEMAKE_LINT",
         "SNAKEMAKE_SNAKEFMT",
         "SPELL_CSPELL",

diff --git a/flavors/dotnetweb/Dockerfile b/flavors/dotnetweb/Dockerfile
@@ -387,6 +387,10 @@ RUN curl --retry 5 --retry-delay 5 -sLO "${ARM_TTK_URI}" \
 # trivy installation
     && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
 
+# trivy-sbom installation
+# Next line commented because already managed by another linter
+# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
+
 # vale installation
 # Managed with COPY --link --from=vale /bin/vale /bin/vale
 

diff --git a/flavors/dotnetweb/flavor.json b/flavors/dotnetweb/flavor.json
@@ -61,6 +61,7 @@
         "REPOSITORY_SECRETLINT",
         "REPOSITORY_SEMGREP",
         "REPOSITORY_TRIVY",
+        "REPOSITORY_TRIVY_SBOM",
         "SNAKEMAKE_LINT",
         "SNAKEMAKE_SNAKEFMT",
         "SPELL_CSPELL",

diff --git a/flavors/go/Dockerfile b/flavors/go/Dockerfile
@@ -297,6 +297,10 @@ RUN printf '#!/bin/bash \n\nif [[ -x "$1" ]]; then exit 0; else echo "Error: Fil
     && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
 
 
+# trivy-sbom installation
+# Next line commented because already managed by another linter
+# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
+
 # vale installation
 # Managed with COPY --link --from=vale /bin/vale /bin/vale
 

diff --git a/flavors/go/flavor.json b/flavors/go/flavor.json
@@ -43,6 +43,7 @@
         "REPOSITORY_SECRETLINT",
         "REPOSITORY_SEMGREP",
         "REPOSITORY_TRIVY",
+        "REPOSITORY_TRIVY_SBOM",
         "SNAKEMAKE_LINT",
         "SNAKEMAKE_SNAKEFMT",
         "SPELL_CSPELL",

diff --git a/flavors/java/Dockerfile b/flavors/java/Dockerfile
@@ -358,6 +358,10 @@ RUN wget --quiet https://github.com/pmd/pmd/releases/download/pmd_releases%2F${P
     && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
 
 
+# trivy-sbom installation
+# Next line commented because already managed by another linter
+# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
+
 # vale installation
 # Managed with COPY --link --from=vale /bin/vale /bin/vale
 

diff --git a/flavors/java/flavor.json b/flavors/java/flavor.json
@@ -47,6 +47,7 @@
         "REPOSITORY_SECRETLINT",
         "REPOSITORY_SEMGREP",
         "REPOSITORY_TRIVY",
+        "REPOSITORY_TRIVY_SBOM",
         "SNAKEMAKE_LINT",
         "SNAKEMAKE_SNAKEFMT",
         "SPELL_CSPELL",

diff --git a/flavors/javascript/Dockerfile b/flavors/javascript/Dockerfile
@@ -299,6 +299,10 @@ RUN printf '#!/bin/bash \n\nif [[ -x "$1" ]]; then exit 0; else echo "Error: Fil
     && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
 
 
+# trivy-sbom installation
+# Next line commented because already managed by another linter
+# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
+
 # vale installation
 # Managed with COPY --link --from=vale /bin/vale /bin/vale
 

diff --git a/flavors/javascript/flavor.json b/flavors/javascript/flavor.json
@@ -47,6 +47,7 @@
         "REPOSITORY_SECRETLINT",
         "REPOSITORY_SEMGREP",
         "REPOSITORY_TRIVY",
+        "REPOSITORY_TRIVY_SBOM",
         "SNAKEMAKE_LINT",
         "SNAKEMAKE_SNAKEFMT",
         "SPELL_CSPELL",

diff --git a/flavors/php/Dockerfile b/flavors/php/Dockerfile
@@ -324,6 +324,10 @@ RUN curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh |
     && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
 
 
+# trivy-sbom installation
+# Next line commented because already managed by another linter
+# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
+
 # vale installation
 # Managed with COPY --link --from=vale /bin/vale /bin/vale
 

diff --git a/flavors/php/flavor.json b/flavors/php/flavor.json
@@ -45,6 +45,7 @@
         "REPOSITORY_SECRETLINT",
         "REPOSITORY_SEMGREP",
         "REPOSITORY_TRIVY",
+        "REPOSITORY_TRIVY_SBOM",
         "SNAKEMAKE_LINT",
         "SNAKEMAKE_SNAKEFMT",
         "SPELL_CSPELL",

diff --git a/flavors/python/Dockerfile b/flavors/python/Dockerfile
@@ -297,6 +297,10 @@ RUN curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh |
     && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
 
 
+# trivy-sbom installation
+# Next line commented because already managed by another linter
+# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
+
 # vale installation
 # Managed with COPY --link --from=vale /bin/vale /bin/vale
 

diff --git a/flavors/python/flavor.json b/flavors/python/flavor.json
@@ -49,6 +49,7 @@
         "REPOSITORY_SECRETLINT",
         "REPOSITORY_SEMGREP",
         "REPOSITORY_TRIVY",
+        "REPOSITORY_TRIVY_SBOM",
         "RST_RST_LINT",
         "RST_RSTCHECK",
         "RST_RSTFMT",

diff --git a/flavors/ruby/Dockerfile b/flavors/ruby/Dockerfile
@@ -283,6 +283,10 @@ RUN printf '#!/bin/bash \n\nif [[ -x "$1" ]]; then exit 0; else echo "Error: Fil
     && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
 
 
+# trivy-sbom installation
+# Next line commented because already managed by another linter
+# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
+
 # vale installation
 # Managed with COPY --link --from=vale /bin/vale /bin/vale
 

diff --git a/flavors/ruby/flavor.json b/flavors/ruby/flavor.json
@@ -40,6 +40,7 @@
         "REPOSITORY_SECRETLINT",
         "REPOSITORY_SEMGREP",
         "REPOSITORY_TRIVY",
+        "REPOSITORY_TRIVY_SBOM",
         "RUBY_RUBOCOP",
         "SNAKEMAKE_LINT",
         "SNAKEMAKE_SNAKEFMT",

diff --git a/flavors/rust/Dockerfile b/flavors/rust/Dockerfile
@@ -277,6 +277,10 @@ RUN printf '#!/bin/bash \n\nif [[ -x "$1" ]]; then exit 0; else echo "Error: Fil
     && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
 
 
+# trivy-sbom installation
+# Next line commented because already managed by another linter
+# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
+
 # vale installation
 # Managed with COPY --link --from=vale /bin/vale /bin/vale
 

diff --git a/flavors/rust/flavor.json b/flavors/rust/flavor.json
@@ -40,6 +40,7 @@
         "REPOSITORY_SECRETLINT",
         "REPOSITORY_SEMGREP",
         "REPOSITORY_TRIVY",
+        "REPOSITORY_TRIVY_SBOM",
         "RUST_CLIPPY",
         "SNAKEMAKE_LINT",
         "SNAKEMAKE_SNAKEFMT",

diff --git a/flavors/salesforce/Dockerfile b/flavors/salesforce/Dockerfile
@@ -286,6 +286,10 @@ RUN echo y|sfdx plugins:install sfdx-hardis \
 # trivy installation
     && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
 
+# trivy-sbom installation
+# Next line commented because already managed by another linter
+# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
+
 # sfdx-scanner-apex installation
     && sfdx plugins:install @salesforce/sfdx-scanner \
     && npm cache clean --force || true \

diff --git a/flavors/salesforce/flavor.json b/flavors/salesforce/flavor.json
@@ -42,6 +42,7 @@
         "REPOSITORY_SECRETLINT",
         "REPOSITORY_SEMGREP",
         "REPOSITORY_TRIVY",
+        "REPOSITORY_TRIVY_SBOM",
         "SALESFORCE_SFDX_SCANNER_APEX",
         "SALESFORCE_SFDX_SCANNER_AURA",
         "SALESFORCE_SFDX_SCANNER_LWC",

diff --git a/flavors/security/Dockerfile b/flavors/security/Dockerfile
@@ -235,6 +235,10 @@ RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh |
     && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
 
 
+# trivy-sbom installation
+# Next line commented because already managed by another linter
+# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
+
 # tflint installation
 # Managed with COPY --link --from=tflint /usr/local/bin/tflint /usr/bin/
 

diff --git a/flavors/security/flavor.json b/flavors/security/flavor.json
@@ -21,6 +21,7 @@
         "REPOSITORY_SEMGREP",
         "REPOSITORY_SYFT",
         "REPOSITORY_TRIVY",
+        "REPOSITORY_TRIVY_SBOM",
         "TERRAFORM_TFLINT",
         "TERRAFORM_TERRASCAN",
         "TERRAFORM_TERRAGRUNT"

diff --git a/flavors/swift/Dockerfile b/flavors/swift/Dockerfile
@@ -280,6 +280,10 @@ RUN rc-update add docker boot && rc-service docker start || true \
     && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
 
 
+# trivy-sbom installation
+# Next line commented because already managed by another linter
+# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
+
 # vale installation
 # Managed with COPY --link --from=vale /bin/vale /bin/vale
 

diff --git a/flavors/swift/flavor.json b/flavors/swift/flavor.json
@@ -40,6 +40,7 @@
         "REPOSITORY_SECRETLINT",
         "REPOSITORY_SEMGREP",
         "REPOSITORY_TRIVY",
+        "REPOSITORY_TRIVY_SBOM",
         "SNAKEMAKE_LINT",
         "SNAKEMAKE_SNAKEFMT",
         "SPELL_CSPELL",

diff --git a/flavors/terraform/Dockerfile b/flavors/terraform/Dockerfile
@@ -295,6 +295,10 @@ ENV KICS_QUERIES_PATH=/opt/kics/assets/queries KICS_LIBRARIES_PATH=/opt/kics/ass
 RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
 
 
+# trivy-sbom installation
+# Next line commented because already managed by another linter
+# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
+
 # vale installation
 # Managed with COPY --link --from=vale /bin/vale /bin/vale
 

diff --git a/flavors/terraform/flavor.json b/flavors/terraform/flavor.json
@@ -41,6 +41,7 @@
         "REPOSITORY_SECRETLINT",
         "REPOSITORY_SEMGREP",
         "REPOSITORY_TRIVY",
+        "REPOSITORY_TRIVY_SBOM",
         "SNAKEMAKE_LINT",
         "SNAKEMAKE_SNAKEFMT",
         "SPELL_CSPELL",