File tree Expand file tree Collapse file tree 1 file changed +22
-0
lines changed Expand file tree Collapse file tree 1 file changed +22
-0
lines changed Original file line number Diff line number Diff line change 1+ # Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved.
2+
3+ # This OCI DevOps build specification file [1] generates a Software Bill of Materials (SBOM) of the repository.
4+ # The file is needed to run checks for third-party vulnerabilities and business approval according to Oracle’s GitHub policies.
5+ # [1] https://docs.oracle.com/en-us/iaas/Content/devops/using/build_specs.htm
6+
7+ version : 0.1
8+ component : build
9+ timeoutInSeconds : 1000
10+ shell : bash
11+
12+ steps :
13+ - type : Command
14+ name : " Run Maven cycloneDX plugin command"
15+ command : |
16+ # For more details, visit https://github.com/CycloneDX/cyclonedx-maven-plugin/blob/master/README.md
17+ mvn org.cyclonedx:cyclonedx-maven-plugin:2.7.9:makeAggregateBom -DincludeRuntimeScope=true -DincludeCompileScope=true -DincludeProvidedScope=false -DincludeSystemScope=false -DincludeTestScope=false -DoutputFormat=json -DoutputName=artifactSBOM -DschemaVersion=1.4
18+ mv target/artifactSBOM.json ${OCI_PRIMARY_SOURCE_DIR}/artifactSBOM.json
19+ outputArtifacts :
20+ - name : artifactSBOM
21+ type : BINARY
22+ location : ${OCI_PRIMARY_SOURCE_DIR}/artifactSBOM.json
You can’t perform that action at this time.
0 commit comments