diff --git a/README.md b/README.md index 081a429bfbc6fbc2f8bac9884facd511a880b7ec..8a4e92085d42e06750325c48a63b9e0aff52f98c 100644 --- a/README.md +++ b/README.md @@ -243,6 +243,7 @@ It is bound to the `test` stage, and uses the following variables: | --------------------- | -------------------------------------- | ----------------- | | `PYTHON_SBOM_DISABLED` | Set to `true` to disable this job | _none_ | | `PYTHON_SBOM_SYFT_URL` | Url to the `tar.gz` package for `linux_amd64` of Syft to use (ex: `https://github.com/anchore/syft/releases/download/v0.62.3/syft_0.62.3_linux_amd64.tar.gz`)<br/>_When unset, the latest version will be used_ | _none_ | +| `PYTHON_SBOM_NAME` | Component name of the emitted SBOM | `$CI_PROJECT_PATH/$PYTHON_PROJECT_DIR` | | `PYTHON_SBOM_OPTS` | Options for syft used for SBOM analysis | `--catalogers python-index-cataloger` | In addition to logs in the console, this job produces the following reports, kept for one week: diff --git a/kicker.json b/kicker.json index 65ac497aff67d777ef1bca716e6159e29a6b2633..0aa1a7ced5da5fa73db44c751c457483fc92c460 100644 --- a/kicker.json +++ b/kicker.json @@ -161,6 +161,12 @@ "description": "Url to the `tar.gz` package for `linux_amd64` of Syft to use\n\n_When unset, the latest version will be used_", "advanced": true }, + { + "name": "PYTHON_SBOM_NAME", + "description": "Component name of the emitted SBOM", + "default": "$CI_PROJECT_PATH/$PYTHON_PROJECT_DIR", + "advanced": true + }, { "name": "PYTHON_SBOM_OPTS", "description": "Options for syft used for SBOM analysis", diff --git a/templates/gitlab-ci-python.yml b/templates/gitlab-ci-python.yml index 78b327dbcc2c81f2bf68060efb6721acba9039ae..46daf07312305cc2a97d8f1e8bfc6cdfd6271d51 100644 --- a/templates/gitlab-ci-python.yml +++ b/templates/gitlab-ci-python.yml @@ -92,6 +92,7 @@ variables: PYTHON_TRIVY_IMAGE: "registry.hub.docker.com/aquasec/trivy:latest" PYTHON_TRIVY_ARGS: "--vuln-type library" + PYTHON_SBOM_NAME: "$CI_PROJECT_PATH/$PYTHON_PROJECT_DIR" PYTHON_SBOM_OPTS: "--catalogers python-index-cataloger" PYTHON_RELEASE_NEXT: "minor" @@ -849,7 +850,7 @@ py-sbom: mkdir -p $PIP_CACHE_DIR mv ./syft $python_sbom_syft fi - - $python_sbom_syft dir:. $PYTHON_SBOM_OPTS -o cyclonedx-json > reports/py-sbom.cyclonedx.json + - $python_sbom_syft dir:. --source-name $PYTHON_SBOM_NAME $PYTHON_SBOM_OPTS -o cyclonedx-json > reports/py-sbom.cyclonedx.json - chmod a+r reports/py-sbom.cyclonedx.json artifacts: name: "Python SBOM from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"