Merge pull request #81 from younesAmin/sbom-generation-creation

Add sbom_generation file
oracle · Apr 5, 2023 · 73bb2aa · 73bb2aa
2 parents e8c8809 + b46383d
commit 73bb2aa
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/sbom_generation.yaml b/sbom_generation.yaml
@@ -0,0 +1,25 @@
+# Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
+
+# This OCI DevOps build specification file [1] generates a Software Bill of Materials (SBOM) of the repository.
+# The file is needed to run checks for third-party vulnerabilities and business approval according to Oracle’s GitHub policies.
+# [1] https://docs.oracle.com/en-us/iaas/Content/devops/using/build_specs.htm
+
+version: 0.1
+component: build
+timeoutInSeconds: 1000
+shell: bash
+
+steps:
+ - type: Command
+ name: "Install cyclonedx_py module"
+ command: |
+ pip install cyclonedx-bom
+ - type: Command
+ name: "Run Python cyclonedx_py module"
+ command: |
+ # For more details, visit https:/CycloneDX/cyclonedx-python/blob/main/README.md
+ python3 -m cyclonedx_py -r -pb --format json -o artifactSBOM.json --schema-version 1.4
+outputArtifacts:
+ - name: artifactSBOM
+ type: BINARY
+ location: ${OCI_PRIMARY_SOURCE_DIR}/artifactSBOM.json