Add CycloneDX SBOM and generation script
- Add sbom/sbom.cdx.json generated via Syft - Add scripts/gen-sbom.sh for regenerating SBOM - Add sbom/README.md with disclaimer - Update .gitignore to track gen-sbom.sh
This commit is contained in:
unclecode
1
.gitignore
vendored
1
.gitignore
vendored
@@ -285,6 +285,7 @@ docs/apps/linkdin/debug*/
|
|||||||
docs/apps/linkdin/samples/insights/*
|
docs/apps/linkdin/samples/insights/*
|
||||||
|
|
||||||
scripts/
|
scripts/
|
||||||
|
!scripts/gen-sbom.sh
|
||||||
|
|
||||||
|
|
||||||
# Databse files
|
# Databse files
|
||||||
|
|||||||
13
sbom/README.md
Normal file
13
sbom/README.md
Normal file
@@ -0,0 +1,13 @@
|
|||||||
|
# Software Bill of Materials (SBOM)
|
||||||
|
|
||||||
|
This directory contains the CycloneDX SBOM for the project.
|
||||||
|
|
||||||
|
## Disclaimer
|
||||||
|
|
||||||
|
This SBOM is generated on a best-effort basis from project metadata and reflects dependencies at the time of generation. It is not a guarantee of completeness or accuracy.
|
||||||
|
|
||||||
|
## Regenerating
|
||||||
|
|
||||||
|
```bash
|
||||||
|
./scripts/gen-sbom.sh
|
||||||
|
```
|
||||||
1
sbom/sbom.cdx.json
Normal file
1
sbom/sbom.cdx.json
Normal file
File diff suppressed because one or more lines are too long
16
scripts/gen-sbom.sh
Executable file
16
scripts/gen-sbom.sh
Executable file
@@ -0,0 +1,16 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
# Generate CycloneDX JSON SBOM using Syft
|
||||||
|
# Output: sbom.cdx.json in project root
|
||||||
|
|
||||||
|
cd "$(dirname "$0")/.."
|
||||||
|
|
||||||
|
if ! command -v syft &> /dev/null; then
|
||||||
|
echo "Error: syft is not installed. Install from https://github.com/anchore/syft" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
syft . -o cyclonedx-json=sbom/sbom.cdx.json
|
||||||
|
|
||||||
|
echo "SBOM generated: sbom/sbom.cdx.json"
|
||||||
Reference in New Issue
Block a user