Add SBOM file and script for updating it

Author: alcaeus

.gitignore

@@ -67,3 +67,6 @@ mongodb-*tgz
 
 # Coverage files
 coverage*
+
+# temporary purls file
+/purls.txt

sbom.json

@@ -0,0 +1,97 @@
+{
+  "components": [
+    {
+      "bom-ref": "pkg:github/mongodb/[email protected]",
+      "externalReferences": [
+        {
+          "type": "distribution",
+          "url": "https://github.com/mongodb/libmongocrypt/archive/refs/tags/1.10.0.tar.gz"
+        },
+        {
+          "type": "website",
+          "url": "https://github.com/mongodb/libmongocrypt/tree/1.10.0"
+        }
+      ],
+      "group": "mongodb",
+      "name": "libmongocrypt",
+      "purl": "pkg:github/mongodb/[email protected]",
+      "type": "library",
+      "version": "1.10.0"
+    },
+    {
+      "bom-ref": "pkg:github/mongodb/[email protected]",
+      "externalReferences": [
+        {
+          "type": "distribution",
+          "url": "https://github.com/mongodb/mongo-c-driver/archive/refs/tags/1.27.2.tar.gz"
+        },
+        {
+          "type": "website",
+          "url": "https://github.com/mongodb/mongo-c-driver/tree/1.27.2"
+        }
+      ],
+      "group": "mongodb",
+      "name": "mongo-c-driver",
+      "purl": "pkg:github/mongodb/[email protected]",
+      "type": "library",
+      "version": "1.27.2"
+    }
+  ],
+  "dependencies": [
+    {
+      "ref": "pkg:github/mongodb/[email protected]"
+    },
+    {
+      "ref": "pkg:github/mongodb/[email protected]"
+    }
+  ],
+  "metadata": {
+    "timestamp": "2024-06-06T07:13:52.679415+00:00",
+    "tools": [
+      {
+        "externalReferences": [
+          {
+            "type": "build-system",
+            "url": "https://github.com/CycloneDX/cyclonedx-python-lib/actions"
+          },
+          {
+            "type": "distribution",
+            "url": "https://pypi.org/project/cyclonedx-python-lib/"
+          },
+          {
+            "type": "documentation",
+            "url": "https://cyclonedx-python-library.readthedocs.io/"
+          },
+          {
+            "type": "issue-tracker",
+            "url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues"
+          },
+          {
+            "type": "license",
+            "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE"
+          },
+          {
+            "type": "release-notes",
+            "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md"
+          },
+          {
+            "type": "vcs",
+            "url": "https://github.com/CycloneDX/cyclonedx-python-lib"
+          },
+          {
+            "type": "website",
+            "url": "https://github.com/CycloneDX/cyclonedx-python-lib/#readme"
+          }
+        ],
+        "name": "cyclonedx-python-lib",
+        "vendor": "CycloneDX",
+        "version": "6.4.4"
+      }
+    ]
+  },
+  "serialNumber": "urn:uuid:acb30d08-ee47-4ff0-b301-d66ef1f54082",
+  "version": 1,
+  "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.5"
+}

scripts/update-sbom.sh

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+SCRIPT_DIR=$(dirname ${BASH_SOURCE[0]})
+ROOT_DIR=$(realpath "${SCRIPT_DIR}/../")
+PURLS_FILE="${ROOT_DIR}/purls.txt"
+
+LIBMONGOC_VERSION=$(cat ${ROOT_DIR}/src/LIBMONGOC_VERSION_CURRENT | tr -d '[:space:]')
+LIBMONGOCRYPT_VERSION=$(cat ${ROOT_DIR}/src/LIBMONGOCRYPT_VERSION_CURRENT | tr -d '[:space:]')
+
+# Generate purls file from stored versions
+echo "pkg:github/mongodb/mongo-c-driver@${LIBMONGOC_VERSION}" > $PURLS_FILE
+echo "pkg:github/mongodb/libmongocrypt@${LIBMONGOCRYPT_VERSION}" >> $PURLS_FILE
+
+# Use silkbomb to update the sbom.json file
+docker run --platform="linux/amd64" -it --rm -v ${ROOT_DIR}:/pwd \
+  artifactory.corp.mongodb.com/release-tools-container-registry-public-local/silkbomb:1.0 \
+  update --sbom-in /pwd/sbom.json --purls /pwd/purls.txt --sbom-out /pwd/sbom.json
+
+rm $PURLS_FILE