mirror of
https://github.com/siderolabs/talos.git
synced 2025-12-07 02:21:14 +01:00
2d89bcc71f
Include all core packages into SBOM, make sure Talos is built with the same Go versions as pkgs. Signed-off-by: Dmitrii Sharshakov <dmitry.sharshakov@siderolabs.com>
11 lines
327 B
Bash
Executable File
11 lines
327 B
Bash
Executable File
#!/bin/bash
|
|
set -euo pipefail
|
|
|
|
SYFT_FORMAT_PRETTY=1 SYFT_FORMAT_SPDX_JSON_DETERMINISTIC_UUID=1 \
|
|
go tool -modfile=tools/go.mod \
|
|
github.com/anchore/syft/cmd/syft \
|
|
scan --from dir "$1" \
|
|
--select-catalogers "+sbom-cataloger,go" \
|
|
--source-name "$NAME" --source-version "$TAG" \
|
|
-o spdx-json > "/rootfs/usr/share/spdx/$2"
|