Software Bill of Materials
This page explains how to generate the Software Bill of Materials (SBOM) report out of the application or microservice.
Software Bill of Materials (SBOM): It's a detailed inventory of components used in creating a software. It provides information about software dependencies, third-party libraries, versions, and associated licenses. An SBOM is crucial for effective security risk management and regulatory compliance, as well as facilitating security incident response and patching.
- GitHub Actions
- GitLab CI
- Azure DevOps
- Bitbucket Pipelines
1. In the main branch you will edit the YAML file named .github/workflows/github-ci.yaml
2. In the github-ci.yaml file search for the Features section, you will find it like this:
## Features -------------------------------------------------------------------------------------#
3. Bellow the section title, add the following configuration and change the values as you need:
# SBOM Check
sbom_check_enabled: 'true'
# SBOM Check | Customizations
# To use upload SBOM report in manifest repository set this to 'true'
sbom_check_report_upload: 'true'
# Specify a output format to report:
# json | table | cyclonedx | sarif | embedded-cyclonedx-vex-json | embedded-cyclonedx-vex-xml
sbom_check_report_format: 'table'
4. Commit and enjoy! ✨
1. In the main branch you will edit the YAML file named .gitlab-ci.yml
2. In the .gitlab-ci.yml file search for the Features section, you will find it like this:
## Features -------------------------------------------------------------------------------------#
3. Bellow the section title, add the following configuration and change the values as you need:
# SBOM Check
sbom_check_enabled: 'true'
# SBOM Check | Customizations
# To use upload SBOM report in manifest repository set this to 'true'
sbom_check_report_upload: 'true'
# Specify a output format to report:
# json | table | cyclonedx | sarif | embedded-cyclonedx-vex-json | embedded-cyclonedx-vex-xml
sbom_check_report_format: 'table'
4. Commit and enjoy! ✨
1. In your Azure Repo's main branch you will edit the YAML file named azdevops-ci.yml
2. In the azdevops-ci.yml file search for the Features section, you will find it like this:
## Features -------------------------------------------------------------------------------------#
3. Bellow the section title, add the following configuration and change the values as you need:
# SBOM Check
- name: sbom_check_enabled
value: 'true'
# SBOM Check | Customizations
# To use upload SBOM report in manifest repository set this to 'true'
- name: sbom_check_report_upload
value: 'true'
# Specify a output format to report:
# json | table | cyclonedx | sarif | embedded-cyclonedx-vex-json | embedded-cyclonedx-vex-xml
- name: sbom_check_report_format
value: 'table'
4. Commit and enjoy! ✨
1. In the main branch you will edit the YAML file named .bitbucket/envs.yaml
2. In the .bitbucket/envs.yaml file search for the Features section, you will find it like this:
## Features -------------------------------------------------------------------------------------#
3. Bellow the section title, add the following configuration and change the values as you need:
# SBOM Check
sbom_check_enabled="true"
# SBOM Check | Customizations
# To use upload SBOM report in manifest repository set this to 'true'
sbom_check_report_upload="true"
# Specify a output format to report:
# json | table | cyclonedx | sarif | embedded-cyclonedx-vex-json | embedded-cyclonedx-vex-xml
sbom_check_report_format="table"
4. Commit and enjoy! ✨