* SBOM using CycloneDX directly

fraunhoferfokus · May 3, 2024 · a7180c7 · a7180c7
1 parent d96c79c
commit a7180c7
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 10 deletions.
diff --git a/.github/workflows/releaser.yml b/.github/workflows/releaser.yml
@@ -15,6 +15,11 @@ jobs:
   release:
     runs-on: ubuntu-latest
     steps:
+      - name: Generate SBOM
+        uses: CycloneDX/gh-gomod-generate-sbom@v2
+        with:
+          version: v1
+          args: mod -licenses -json -output bom.json
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
@@ -26,8 +31,6 @@ jobs:
         run: |
           go install golang.org/x/tools/cmd/goimports@latest
           go install github.com/a-h/templ/cmd/templ@latest
-          go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest
-          curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
       - name: Templ
         run: templ generate web/pages/*.templ
       - uses: goreleaser/goreleaser-action@v5

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -34,10 +34,3 @@ changelog:
     exclude:
       - '^docs:'
       - '^test:'
-
-sboms:
-  - documents:
-      - "{{ .ProjectName }}.cdx.sbom"
-    artifacts: source
-    cmd: cyclonedx-gomod
-    args: ["app",  "-json", "-output", "$document", "$artifact"]
diff --git a/core/version b/core/version
@@ -1 +1 @@
-0.2.6
+0.2.7