From d83edb06767741edd400ed195981df778414e9cd Mon Sep 17 00:00:00 2001 From: Marc Barussaud <marc.barussaud@orange.com> Date: Wed, 2 Apr 2025 11:40:59 +0000 Subject: [PATCH] fix(sbom): disable file catalogers for Syft SBOM (to minimize SBOM file) warning: this commit will break on syft version <1.20.0 --- README.md | 2 +- kicker.json | 2 +- templates/gitlab-ci-python.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 4c76e30..72154ef 100644 --- a/README.md +++ b/README.md @@ -277,7 +277,7 @@ It is bound to the `test` stage, and uses the following variables: | `TBC_SBOM_MODE` | Controls when SBOM reports are generated (`onrelease`: only on `$INTEG_REF`, `$PROD_REF` and `$RELEASE_REF` pipelines; `always`: any pipeline).<br/>:warning: `sbom-disabled` / `PYTHON_SBOM_DISABLED` takes precedence | `onrelease` | | `sbom-syft-url` / `PYTHON_SBOM_SYFT_URL` | Url to the `tar.gz` package for `linux_amd64` of Syft to use (ex: `https://github.com/anchore/syft/releases/download/v0.62.3/syft_0.62.3_linux_amd64.tar.gz`)<br/>_When unset, the latest version will be used_ | _none_ | | `sbom-name` / `PYTHON_SBOM_NAME` | Component name of the emitted SBOM | `$CI_PROJECT_PATH/$PYTHON_PROJECT_DIR` | -| `sbom-opts` / `PYTHON_SBOM_OPTS` | Options for syft used for SBOM analysis | `--override-default-catalogers python-package-cataloger` | +| `sbom-opts` / `PYTHON_SBOM_OPTS` | Options for syft used for SBOM analysis | `--override-default-catalogers python-package-cataloger --select-catalogers -file` | In addition to logs in the console, this job produces the following reports, kept for one week: diff --git a/kicker.json b/kicker.json index 45652d4..cbbce64 100644 --- a/kicker.json +++ b/kicker.json @@ -184,7 +184,7 @@ { "name": "PYTHON_SBOM_OPTS", "description": "Options for syft used for SBOM analysis", - "default": "--override-default-catalogers python-package-cataloger", + "default": "--override-default-catalogers python-package-cataloger --select-catalogers -file", "advanced": true } ] diff --git a/templates/gitlab-ci-python.yml b/templates/gitlab-ci-python.yml index 73bec36..3e85962 100644 --- a/templates/gitlab-ci-python.yml +++ b/templates/gitlab-ci-python.yml @@ -125,7 +125,7 @@ spec: default: $CI_PROJECT_PATH/$PYTHON_PROJECT_DIR sbom-opts: description: Options for syft used for SBOM analysis - default: --override-default-catalogers python-package-cataloger + default: --override-default-catalogers python-package-cataloger --select-catalogers -file release-enabled: description: Enable Release type: boolean -- GitLab