Skip to content

Creating an sbom file (cyclonedx 1.7) during image build process.#145

Merged
commel merged 1 commit into
mainfrom
add-cyclone-sbom
May 7, 2026
Merged

Creating an sbom file (cyclonedx 1.7) during image build process.#145
commel merged 1 commit into
mainfrom
add-cyclone-sbom

Conversation

@commel
Copy link
Copy Markdown
Contributor

@commel commel commented Apr 27, 2026
edited
Loading

What this PR does / why we need it:
This adds SBOM generation in CycloneDX 1.7 format during image build.

Which issue(s) this PR fixes:
Fixes gardenlinux/glvd2#7

Using the fields from dpkg-query to format the available data. No library is used to keep this script lean.

Not part of this PR: Uploading the SBOM artefact in Github Actions.

Reviewer: you can use cyclonedx-cli to validate the file.

On-behalf-of: SAP b.ritter@sap.com

@commel commel self-assigned this Apr 27, 2026
github-advanced-security[bot]
github-advanced-security AI found potential problems Apr 27, 2026
View reviewed changes
Comment thread builder/image.manifest Fixed
Comment thread builder/image.manifest Fixed
Comment thread builder/image.manifest Fixed
Comment thread builder/image.manifest Fixed
@commel commel added this to the 2026-04 milestone Apr 27, 2026
@commel commel marked this pull request as ready for review April 28, 2026 07:37
@commel commel requested review from gehoern and nkraetzschmar April 28, 2026 07:38
nkraetzschmar
nkraetzschmar requested changes May 6, 2026
View reviewed changes
Comment thread builder/image.manifest Outdated
Comment thread builder/image.manifest Outdated
github-advanced-security[bot]
github-advanced-security AI found potential problems May 6, 2026
View reviewed changes
Comment thread builder/image.sbom Fixed
@commel commel force-pushed the add-cyclone-sbom branch from c609c06 to 3cee8d9 Compare May 6, 2026 12:03
@commel commel requested a review from nkraetzschmar May 6, 2026 12:08
nkraetzschmar
nkraetzschmar requested changes May 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@nkraetzschmar nkraetzschmar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Otherwise LGTM

Comment thread builder/make_list_build_artifacts
Comment thread builder/make_list_build_artifacts Outdated
@commel commel force-pushed the add-cyclone-sbom branch from 3cee8d9 to bd5a9b6 Compare May 7, 2026 07:54
@commel
Creating an sbom file (cyclonedx 1.7) during image build process.
9294934 
refs gardenlinux/glvd2#7

Signed-off-by: Bernd Ritter <ritter@b1-systems.de>
On-behalf-of: SAP <b.ritter@sap.com>
@commel commel force-pushed the add-cyclone-sbom branch from bd5a9b6 to 9294934 Compare May 7, 2026 07:55
@commel commel requested a review from nkraetzschmar May 7, 2026 08:00
nkraetzschmar
nkraetzschmar approved these changes May 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@nkraetzschmar nkraetzschmar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm 🚀

@commel commel merged commit 4b12dfd into main May 7, 2026
6 checks passed
@commel commel deleted the add-cyclone-sbom branch May 7, 2026 10:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nkraetzschmar nkraetzschmar nkraetzschmar approved these changes

@gehoern gehoern Awaiting requested review from gehoern

+1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@commel commel

Labels

None yet

Projects

None yet

Milestone

2026-04

Development

Successfully merging this pull request may close these issues.

SBOM creation into GL builder

3 participants

@commel @nkraetzschmar @github-advanced-security