From 5032f998a0a9ea615b77bcb75aa21aceb2a43dc7 Mon Sep 17 00:00:00 2001 From: Vinod Anandan Date: Mon, 21 Jun 2021 09:50:44 +0100 Subject: [PATCH] Generate SBOM (#655) * Generate SBOM * Update release.yml * Update .github/workflows/release.yml Co-authored-by: Matthieu MOREL * Publish bom.json * Ignore SBOMs generated during CI Co-authored-by: Matthieu MOREL --- .github/workflows/release.yml | 7 +++++++ .gitignore | 3 +++ .goreleaser.yml | 2 ++ 3 files changed, 12 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 26310d5..c80a55a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,6 +21,13 @@ jobs: - name : Get release version id: get_version run: echo ::set-env name=RELEASE_VERSION::$(echo ${GITHUB_REF:10}) + - name: Generate SBOM + uses: CycloneDX/gh-gomod-generate-sbom@v0.2.0 + with: + json: true + output: bom.json + resolve-licenses: true + version: latest - name: Release Binaries uses: goreleaser/goreleaser-action@v2 with: diff --git a/.gitignore b/.gitignore index f282cda..8861092 100644 --- a/.gitignore +++ b/.gitignore @@ -33,3 +33,6 @@ _testmain.go .DS_Store .vscode + +# SBOMs generated during CI +/bom.json diff --git a/.goreleaser.yml b/.goreleaser.yml index 263e522..300f4b4 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -2,6 +2,8 @@ project_name: gosec release: + extra_files: + - glob: ./bom.json github: owner: securego name: gosec