Generate SBOM (#655)

* Generate SBOM

* Update release.yml

* Update .github/workflows/release.yml

Co-authored-by: Matthieu MOREL <mmorel-35@users.noreply.github.com>

* Publish bom.json

* Ignore SBOMs generated during CI

Co-authored-by: Matthieu MOREL <mmorel-35@users.noreply.github.com>
This commit is contained in:
Vinod Anandan 2021-06-21 09:50:44 +01:00 committed by GitHub
parent 03e876754d
commit 5032f998a0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 12 additions and 0 deletions

View file

@ -21,6 +21,13 @@ jobs:
- name : Get release version - name : Get release version
id: get_version id: get_version
run: echo ::set-env name=RELEASE_VERSION::$(echo ${GITHUB_REF:10}) run: echo ::set-env name=RELEASE_VERSION::$(echo ${GITHUB_REF:10})
- name: Generate SBOM
uses: CycloneDX/gh-gomod-generate-sbom@v0.2.0
with:
json: true
output: bom.json
resolve-licenses: true
version: latest
- name: Release Binaries - name: Release Binaries
uses: goreleaser/goreleaser-action@v2 uses: goreleaser/goreleaser-action@v2
with: with:

3
.gitignore vendored
View file

@ -33,3 +33,6 @@ _testmain.go
.DS_Store .DS_Store
.vscode .vscode
# SBOMs generated during CI
/bom.json

View file

@ -2,6 +2,8 @@
project_name: gosec project_name: gosec
release: release:
extra_files:
- glob: ./bom.json
github: github:
owner: securego owner: securego
name: gosec name: gosec