Hi! Does anyone have a project config example how to activate SBOM generation and publishing in SPDX format? So far I tried this (probably wrong): ------------------------------ BuildFlags: sbom:spdx PublishFlags: withsbom ------------------------------ It doesn't like it, complaining at the end of a package build something like this: [ 46s] + exit 0 [ 46s] unknown keyword in config: sbom: [ 46s] ... checking for files with abuild user/group So I am clearly just misconfiguring it. Maybe there is also an example online somewhere else? Any help appreciated! Also the documentation says "PublishFlag" instead of "PublishFlags": https://openbuildservice.org/help/manuals/obs-user-guide/cha.obs.prjconfig.h... -- Bo
On 19.06.23 09:46, Bo Maryniuk wrote:
Hi! Does anyone have a project config example how to activate SBOM generation and publishing in SPDX format?
So far I tried this (probably wrong): ------------------------------ BuildFlags: sbom:spdx PublishFlags: withsbom ------------------------------
This should work[1] BuildFlags: spdx # for spdx generation Required: skopeo umoci Hth, Klaus [1] Taken from https://build.opensuse.org/project/show/isv:Rancher:Elemental:Stable:Teal53
On Mon, Jun 19, 2023 at 10:15:11AM +0200, Klaus Kämpf wrote:
On 19.06.23 09:46, Bo Maryniuk wrote:
Hi! Does anyone have a project config example how to activate SBOM generation and publishing in SPDX format?
So far I tried this (probably wrong): ------------------------------ BuildFlags: sbom:spdx PublishFlags: withsbom
The "withsbom" tells the publisher to also make the sbom files available in the published directory. This is useful for products and appliances. For containers, they always get pushed to the registry so you do not need this flag in this case.
------------------------------
This should work[1]
BuildFlags: spdx
That used to work in the first implementation, but we changed it to "sbom:spdx" when we added cyclondx support.
# for spdx generation Required: skopeo umoci
Yes, that's currently needed to unpack the built container. Cheers, Michael. -- Michael Schroeder SUSE Software Solutions Germany GmbH mls@suse.de GF: Ivo Totev HRB 36809, AG Nuernberg main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);}
participants (3)
-
Bo Maryniuk -
Klaus Kämpf -
Michael Schroeder