mirror of
https://github.com/spring-projects/spring-petclinic.git
synced 2025-07-22 15:55:49 +00:00
Generating the SBOM CycloneDX JSON for JAR file (#2)
Generating the SBOM CycloneDX JSON for a JAR file and sending it to Chainloop --------- Signed-off-by: Daniel Liszka <daniel@chainloop.dev>
This commit is contained in:
parent
299e916257
commit
1446478510
2 changed files with 27 additions and 1 deletions
|
@ -2,3 +2,5 @@
|
||||||
attestation:
|
attestation:
|
||||||
- name: binary
|
- name: binary
|
||||||
path: artifacts/spring-petclinic-*.jar
|
path: artifacts/spring-petclinic-*.jar
|
||||||
|
- name: sbom
|
||||||
|
path: metadata/sbom.cyclonedx.json
|
||||||
|
|
26
.github/workflows/maven-build.yml
vendored
26
.github/workflows/maven-build.yml
vendored
|
@ -34,12 +34,36 @@ jobs:
|
||||||
name: artifacts
|
name: artifacts
|
||||||
path: target/*.jar
|
path: target/*.jar
|
||||||
|
|
||||||
|
collect-metadata:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
name: "Security and Compliance Checks"
|
||||||
|
needs: build
|
||||||
|
steps:
|
||||||
|
- name: Download all workflow run artifacts
|
||||||
|
uses: actions/download-artifact@v3
|
||||||
|
|
||||||
|
- name: Generate metadata
|
||||||
|
run: |
|
||||||
|
mkdir -p metadata
|
||||||
|
|
||||||
|
- uses: anchore/sbom-action@v0
|
||||||
|
with:
|
||||||
|
file: artifacts/*.jar
|
||||||
|
format: cyclonedx-json
|
||||||
|
output-file: ./metadata/sbom.cyclonedx.json
|
||||||
|
upload-artifact: false
|
||||||
|
|
||||||
|
- uses: actions/upload-artifact@v3
|
||||||
|
with:
|
||||||
|
name: metadata
|
||||||
|
path: metadata/*
|
||||||
|
|
||||||
# Chainloop integration
|
# Chainloop integration
|
||||||
# will run only if the build job is successful
|
# will run only if the build job is successful
|
||||||
chainloop:
|
chainloop:
|
||||||
name: Chainloop
|
name: Chainloop
|
||||||
uses: chainloop-dev/labs/.github/workflows/chainloop.yml@a75dff2ef342a1e5c5e1ec5c42fb99f3d1bc03cb
|
uses: chainloop-dev/labs/.github/workflows/chainloop.yml@a75dff2ef342a1e5c5e1ec5c42fb99f3d1bc03cb
|
||||||
needs: build
|
needs: collect-metadata
|
||||||
# with:
|
# with:
|
||||||
# contract_revision: 3
|
# contract_revision: 3
|
||||||
secrets:
|
secrets:
|
||||||
|
|
Loading…
Reference in a new issue