oracle · dbtools-antcampo · Jul 31, 2024 · Aug 5, 2024 · Aug 5, 2024 · Aug 6, 2024
diff --git a/sbom_generation.yaml b/sbom_generation.yaml
@@ -0,0 +1,25 @@
+# Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved.
+
+# This OCI DevOps build specification file [1] generates a Software Bill of Materials (SBOM) of the repository.
+# The file is needed to run checks for third-party vulnerabilities and business approval according to Oracle’s GitHub policies.
+# [1] https://docs.oracle.com/en-us/iaas/Content/devops/using/build_specs.htm
+
+version: 0.1
+component: build
+timeoutInSeconds: 3600
+shell: bash
+
+steps:
+  - type: Command
+    name: "Install dependencies & cyclonedx-node-npm package"
+    command: |
+      npm instal --ignore-scripts && npm install --ignore-scripts --save-dev @cyclonedx/cyclonedx-npm
+  - type: Command
+    name: "Run cyclonedx-node-npm package"
+    command: |
+      # For more details, visit https://github.com/CycloneDX/cyclonedx-node-npm/blob/main/README.md
+      npx @cyclonedx/cyclonedx-npm --omit dev --output-format JSON --output-file artifactSBOM.json --spec-version 1.4
+outputArtifacts:
+  - name: artifactSBOM
+    type: BINARY
+    location: ${OCI_PRIMARY_SOURCE_DIR}/artifactSBOM.json