From c743f5b80e51792f0c1166d9d6c9dc4f945aed89 Mon Sep 17 00:00:00 2001
From: yessadik2 <es.youssef399@gmail.com>
Date: Wed, 18 Sep 2024 14:04:57 +0100
Subject: [PATCH] Create sbom_generation.yaml

Signed-off-by: yessadik2 <es.youssef399@gmail.com>
---
 sbom_generation.yaml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 sbom_generation.yaml

diff --git a/sbom_generation.yaml b/sbom_generation.yaml
new file mode 100644
index 00000000..016a58bd
--- /dev/null
+++ b/sbom_generation.yaml
@@ -0,0 +1,23 @@
+# Copyright (c) 2023 - 2024, Oracle and/or its affiliates. All rights reserved.
+
+# This OCI DevOps build specification file [1] generates a Software Bill of Materials (SBOM) of the repository.
+# The file is needed to run checks for third-party vulnerabilities and business approval according to Oracle’s GitHub policies.
+# [1] https://docs.oracle.com/en-us/iaas/Content/devops/using/build_specs.htm
+
+version: 0.1
+component: build
+timeoutInSeconds: 1000
+shell: bash
+
+steps:
+  - type: Command
+    name: "Run Maven cycloneDX plugin command"
+    command: |
+      # For more details, visit https://github.com/CycloneDX/cyclonedx-maven-plugin/blob/master/README.md
+      cd spring-cloud-oci/
+      mvn org.cyclonedx:cyclonedx-maven-plugin:2.7.9:makeAggregateBom -DincludeRuntimeScope=true -DincludeCompileScope=true -DincludeProvidedScope=false -DincludeSystemScope=false -DincludeTestScope=false -DoutputFormat=json -DoutputName=artifactSBOM -DschemaVersion=1.4
+      mv target/artifactSBOM.json ${OCI_PRIMARY_SOURCE_DIR}/artifactSBOM.json
+outputArtifacts:
+  - name: artifactSBOM
+    type: BINARY
+    location: ${OCI_PRIMARY_SOURCE_DIR}/artifactSBOM.json