diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 26310d5..c80a55a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,6 +21,13 @@ jobs: - name : Get release version id: get_version run: echo ::set-env name=RELEASE_VERSION::$(echo ${GITHUB_REF:10}) + - name: Generate SBOM + uses: CycloneDX/gh-gomod-generate-sbom@v0.2.0 + with: + json: true + output: bom.json + resolve-licenses: true + version: latest - name: Release Binaries uses: goreleaser/goreleaser-action@v2 with: diff --git a/.gitignore b/.gitignore index f282cda..8861092 100644 --- a/.gitignore +++ b/.gitignore @@ -33,3 +33,6 @@ _testmain.go .DS_Store .vscode + +# SBOMs generated during CI +/bom.json diff --git a/.goreleaser.yml b/.goreleaser.yml index 263e522..300f4b4 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -2,6 +2,8 @@ project_name: gosec release: + extra_files: + - glob: ./bom.json github: owner: securego name: gosec