Skip to content

bth-dipt-teaching/pa2588-devsecops-sbom

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.github/workflows
.github/workflows
 
 
templates
templates
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
app.py
app.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

PA2588 DevSecOps: Playground for SBOM (Software Bill of Material)

This is part of the course DevSecOps. You will see how to create a SBOM in your development process.

Preparation

  1. Click on Use this template to create a new repository in your GitHub account (don't fork it), and make sure to set the visibility to "Public".
    • The GitHub actions should run automatically and be green.

Enable SBOM in your Pipeline

  1. In .github/workflows/sbom.yml, uncomment the block labeled "Version 1" to enable the creation of a Software Bill of Materials.
    • After the next successful run of the GitHub actions, under the created Artifacts, you should now see a "*.spdx.json" file contains the names, versions, and license information for all pieces of software contained within the Docker image.
  2. Create a new "Release" on GitHub based on the current version of the main branch.
    • After the next successful run of the GitHub actions, you will find the "*.spdx.json" file automatically attached to the release notes.

About

Playground for learning a bit about Software Bill of Material (SBOM)

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages