Skip to content

Commit

Permalink
feat: generate spdx sbom and add Makefile target for sbom generation (#…
Browse files Browse the repository at this point in the history 
…4339)

Closes: #4173

Signed-off-by: Jim Wang <yutsung.jim.wang@intel.com>
  • Loading branch information
@jim-wang-intel
jim-wang-intel authored Mar 10, 2023
1 parent 962cd11 commit da675bb
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 1 deletion.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ debug
*.dll
VERSION
__debug_bin
sbom/bom-go-mod.spdx

# binary files
cmd/core-command/core-command
Expand Down
7 changes: 6 additions & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
# SPDX-License-Identifier: Apache-2.0
#

.PHONY: build clean unittest hadolint lint test docker run
.PHONY: build clean unittest hadolint lint test docker run sbom

# change the following boolean flag to include or exclude the delayed start libs for builds for most of core services except support services
INCLUDE_DELAYED_START_BUILD_CORE:="false"
Expand Down Expand Up @@ -360,3 +360,8 @@ docker_security_spiffe_token_provider: docker_base

vendor:
$(GO) mod vendor

sbom:
docker run -it --rm \
-v "$$PWD:/edgex-go" -v "$$PWD/sbom:/sbom" \
spdx/spdx-sbom-generator -p /edgex-go/ -o /sbom/ --include-license-text true

0 comments on commit da675bb

Please sign in to comment.