Software Bill of Materials (SBOM)

As a reminder to myself. SBOM (software bill of materials) tooling at this time is CycloneDX.

At the time of writing all below instructoins assume a linux install with bash.

Install CycloneDX

echo "dotnet cyclonedx install"
dotnet tool install --global CycloneDX 
ln -s /root/.dotnet/tools/dotnet-CycloneDX /usr/bin/CycloneDX 

echo "javascript cyclonedx install
npm install --global @cyclonedx/cyclonedx-npm 

Run CycloneDX

Run the dotnet tool against a c# project with github credentials to avoid rate limiting.

PROJECT_PATH="PROJECT PLACEHOLDER.csproj"
REPORT_TITLE="TITLE PLACEHOLDER"
REPORT_OUTPUT_FOLDER=`pwd`
REPORT_FILENAME="the-sbom-report.xml"
REPORT_VERSION="1.2.3"
GITHUB_USERNAME="GH USERNAME PLACEHOLDER"
GITHUB_TOKEN="GH TOKEN PLACEHOLDER"

CycloneDX $PROJECT_PATH --set-name "$REPORT_TITLE" --set-version "$REPORT_VERSION" --set-type "Application" --github-username "$GITHUB_USERNAME" --github-token "$GITHUB_TOKEN" -o "$REPORT_OUTPUT_FOLDER" -f "$REPORT_FILENAME"