-
-
Notifications
You must be signed in to change notification settings - Fork 251
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Integrate CycloneDX SBOM API into build.sh #2869
Conversation
Jenkins built SBOM:
|
Signed-off-by: Andrew Leonard <[email protected]>
033c03e
to
5b8b80c
Compare
Signed-off-by: Andrew Leonard <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks @andrew-m-leonard - FYI, I am in favour of bringing this in prior to the release next week.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, although I'm wondering if we should look at splitting out the SBOM functions into a separate script under common
that's sourced to keep it all in one tidy place at some point in the future?
This will be the plan yes, as it's going to get a lot more complex I suspect with more detailed info. |
Integrate the new CycloneDX Java API plugin into the build-scripts bill of materials generation.
This PR creates the SBOM file: ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/sbom.json
A 2nd PR for ci-jenkins-pipelines will create a new Artifact from sbom.json.
Signed-off-by: Andrew Leonard [email protected]