Created sbom_generation.yaml file

shivam71 · shivam71 · commit c10e29b8546b · 2024-09-19T14:25:42.000+05:30
diff --git a/sbom_generation.yaml b/sbom_generation.yaml
@@ -0,0 +1,27 @@
+# Copyright (c) 2023-2024, Oracle and/or its affiliates. All rights reserved.
+
+# This OCI DevOps build specification file [1] generates a Software Bill of Materials (SBOM) of the repository.
+# The file is needed to run checks for third-party vulnerabilities and business approval according to Oracle’s GitHub policies.
+# [1] https://docs.oracle.com/en-us/iaas/Content/devops/using/build_specs.htm
+
+version: 0.1
+component: build
+timeoutInSeconds: 1000
+shell: bash
+
+steps:
+  - type: Command
+    name: "Install dependencies & cyclonedx-node-npm package"
+    command: |
+      cd vscode
+      npm install && npm install --save-dev @cyclonedx/cyclonedx-npm
+  - type: Command
+    name: "Run cyclonedx-node-npm package"
+    command: |
+      cd vscode
+      # For more details, visit https://github.com/CycloneDX/cyclonedx-node-npm/blob/main/README.md
+      npx @cyclonedx/cyclonedx-npm --omit dev --output-format JSON --output-file ../artifactSBOM.json --spec-version 1.4
+outputArtifacts:
+  - name: artifactSBOM
+    type: BINARY
+    location: ${OCI_PRIMARY_SOURCE_DIR}/artifactSBOM.json
