From 0fd964d8a0d97a46555903deb29af2de7dba5f12 Mon Sep 17 00:00:00 2001 From: Antonio Campos Date: Wed, 31 Jul 2024 16:10:21 -0600 Subject: [PATCH 1/4] chore: adding SBOM template --- sbom_generation.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 sbom_generation.yaml diff --git a/sbom_generation.yaml b/sbom_generation.yaml new file mode 100644 index 0000000..1e9f09d --- /dev/null +++ b/sbom_generation.yaml @@ -0,0 +1,25 @@ +# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. + +# This OCI DevOps build specification file [1] generates a Software Bill of Materials (SBOM) of the repository. +# The file is needed to run checks for third-party vulnerabilities and business approval according to Oracle’s GitHub policies. +# [1] https://docs.oracle.com/en-us/iaas/Content/devops/using/build_specs.htm + +version: 0.1 +component: build +timeoutInSeconds: 1000 +shell: bash + +steps: + - type: Command + name: "Install dependencies & cyclonedx-node-npm package" + command: | + npm install && npm install --save-dev @cyclonedx/cyclonedx-npm + - type: Command + name: "Run cyclonedx-node-npm package" + command: | + # For more details, visit https://github.com/CycloneDX/cyclonedx-node-npm/blob/main/README.md + npx @cyclonedx/cyclonedx-npm --omit dev --output-format JSON --output-file artifactSBOM.json --spec-version 1.4 +outputArtifacts: + - name: artifactSBOM + type: BINARY + location: ${OCI_PRIMARY_SOURCE_DIR}/artifactSBOM.json From a1f22da7073f678cf3f069efac4ad30f80e2dfeb Mon Sep 17 00:00:00 2001 From: Antonio Campos Date: Mon, 5 Aug 2024 16:52:25 -0600 Subject: [PATCH 2/4] chore: increased timeout for audit service --- sbom_generation.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sbom_generation.yaml b/sbom_generation.yaml index 1e9f09d..81e3f7a 100644 --- a/sbom_generation.yaml +++ b/sbom_generation.yaml @@ -6,7 +6,7 @@ version: 0.1 component: build -timeoutInSeconds: 1000 +timeoutInSeconds: 3600 shell: bash steps: From 76346c8ba69f8f7ec31f1d5d190f0ea2ec88308e Mon Sep 17 00:00:00 2001 From: Antonio Campos Date: Mon, 5 Aug 2024 18:43:43 -0600 Subject: [PATCH 3/4] chore: adding --ignore-scripts flag --- sbom_generation.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sbom_generation.yaml b/sbom_generation.yaml index 81e3f7a..8ae5ee4 100644 --- a/sbom_generation.yaml +++ b/sbom_generation.yaml @@ -13,7 +13,7 @@ steps: - type: Command name: "Install dependencies & cyclonedx-node-npm package" command: | - npm install && npm install --save-dev @cyclonedx/cyclonedx-npm + npm instal --ignore-scripts && npm install --ignore-scripts --save-dev @cyclonedx/cyclonedx-npm - type: Command name: "Run cyclonedx-node-npm package" command: | From daaf4bdfe8d058efa70313b850c96c45214fad5b Mon Sep 17 00:00:00 2001 From: Antonio Campos Date: Tue, 6 Aug 2024 12:10:59 -0600 Subject: [PATCH 4/4] chore: adding global flag for cyclonedx-npm --- sbom_generation.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sbom_generation.yaml b/sbom_generation.yaml index 8ae5ee4..85d4360 100644 --- a/sbom_generation.yaml +++ b/sbom_generation.yaml @@ -13,7 +13,7 @@ steps: - type: Command name: "Install dependencies & cyclonedx-node-npm package" command: | - npm instal --ignore-scripts && npm install --ignore-scripts --save-dev @cyclonedx/cyclonedx-npm + npm instal --ignore-scripts && npm install --ignore-scripts -g @cyclonedx/cyclonedx-npm - type: Command name: "Run cyclonedx-node-npm package" command: |