feat: add a job generating software bill of materials (7c960876) · Commits · to be continuous... / Angular

README.md

+12 −0

Original line number	Diff line number	Diff line
		@@ -181,6 +181,18 @@ exports.config = {
		}
		```

		### `ng-sbom` job

		This job generates a [SBOM](https://cyclonedx.org/) file listing installed packages using [@cyclonedx/cyclonedx-npm](https://www.npmjs.com/package/@cyclonedx/cyclonedx-npm).

		It is bound to the `test` stage, and uses the following variables:

		\| Name \| description \| default value \|
		\| --------------------- \| -------------------------------------- \| ----------------- \|
		\| `NG_SBOM_DISABLED` \| Set to `true` to disable this job \| _none_ \|
		\| `NG_SBOM_VERSION` \| The version of @cyclonedx/cyclonedx-npm used to emit SBOM \| _none_ (uses latest) \|
		\| `NG_SBOM_OPTS` \| Options for @cyclonedx/cyclonedx-npm used for SBOM analysis \| `--omit dev` \|

		### `ng-publish` job

		The Angular template features a `ng-publish` job to publish the built project.

+19 −0

Original line number	Diff line number	Diff line
		@@ -101,6 +101,25 @@
		"advanced": true
		}
		]
		},
		{
		"id": "sbom",
		"name": "Software Bill of Materials",
		"description": "This job generates a file listing all dependencies using [@cyclonedx/cyclonedx-npm](https://www.npmjs.com/package/@cyclonedx/cyclonedx-npm)",
		"disable_with": "NG_SBOM_DISABLED",
		"variables": [
		{
		"name": "NG_SBOM_VERSION",
		"description": "Version of the @cyclonedx/cyclonedx-npm used for SBOM analysis",
		"advanced": true
		},
		{
		"name": "NG_SBOM_OPTS",
		"description": "Options for @cyclonedx/cyclonedx-npm used for SBOM analysis",
		"default": "--omit dev",
		"advanced": true
		}
		]
		}
		]
		}

+26 −2

Original line number	Diff line number	Diff line
		@@ -65,6 +65,8 @@ variables:
		# Angular Build
		NG_BUILD_ARGS: "build"

		NG_SBOM_OPTS: "--omit dev"

		# default production ref name (pattern)
		PROD_REF: '/^(master\|main)$/'
		# default integration ref name (pattern)
		@@ -501,6 +503,7 @@ ng-build:
		###############################################################################################
		# test stage: #
		# - ng-e2e #
		# - ng-sbom #
		###############################################################################################
		ng-e2e:
		extends: .ng-cli-base
		@@ -521,6 +524,27 @@ ng-e2e:
		when: never
		- !reference [.test-policy, rules]

		ng-sbom:
		extends: .ng-cli-base
		stage: test
		# force no dependency
		dependencies: []
		script:
		- mkdir -p -m 777 reports
		- npx -y @cyclonedx/cyclonedx-npm${NG_SBOM_VERSION:+@$NG_SBOM_VERSION} --output-format JSON --output-file reports/ng-sbom.cyclonedx.json $NG_SBOM_OPTS
		- chmod a+r reports/ng-sbom.cyclonedx.json
		rules:
		# exclude if disabled
		- if: '$NG_SBOM_DISABLED == "true"'
		when: never
		- !reference [.test-policy, rules]
		artifacts:
		name: "SBOM for Angular from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
		when: always
		expire_in: 1 week
		paths:
		- $NG_WORKSPACE_DIR/reports/ng-sbom.cyclonedx.json

		###############################################################################################
		# publish stage: #
		# - npm-publish #