Generate software bill of materials as part of the package builds. #3702

2025-02-25 18:55:31 -06:00 · 2023-08-03 16:08:59 +05:30
parent 1a7a23de3f
commit 48bfc66048
7 changed files with 22 additions and 1 deletions
--- a/pkg/linux/build-functions.sh
+++ b/pkg/linux/build-functions.sh
@@ -244,3 +244,11 @@ _copy_code() {
    rm python3 && ln -s "${PYTHON_INTERPRETER}" python3
 }

+
+_generate_sbom() {
+   echo "Generating SBOMs..."
+   # Note that we don't generate an SBOM for the Meta package as it doesn't contain any files.
+   syft "${SERVERROOT}/" -o cyclonedx-json > "${SERVERROOT}/usr/${APP_NAME}/sbom-server.json"
+   syft "${DESKTOPROOT}/" -o cyclonedx-json > "${DESKTOPROOT}/usr/${APP_NAME}/sbom-desktop.json"
+   syft "${WEBROOT}/" -o cyclonedx-json > "${WEBROOT}/usr/${APP_NAME}/sbom-web.json"
+}