Loading README.md +19 −18 Original line number Diff line number Diff line Loading @@ -114,6 +114,25 @@ Add the plugin in your `project/plugins.sbt`: addSbtPlugin("org.scoverage" % "sbt-scoverage" % "2.0.1") // Check for newer releases : https://search.maven.org/artifact/org.scoverage/sbt-scoverage ``` ### `py-sbom` job This job generates a [SBOM](https://cyclonedx.org/) file listing all dependencies using [syft](https://github.com/anchore/syft). It is bound to the `test` stage, and uses the following variables: | Name | description | default value | | --------------------- | -------------------------------------- | ----------------- | | `SBT_SBOM_DISABLED` | Set to `true` to disable this job | _none_ | | `SBT_SBOM_IMAGE` | The syft image used for SBOM analysis | `registry.hub.docker.com/anchore/syft:debug` | | `SBT_SBOM_OPTS` | Options for syft used for SBOM analysis | `dir:sbt-cache/coursier --catalogers java-cataloger` | In addition to logs in the console, this job produces the following reports, kept for one week: | Report | Format | Usage | | -------------- | ---------------------------------------------------------------------------- | ----------------- | | `reports/sbt-sbom.cyclonedx.json` | [CycloneDX JSON](https://cyclonedx.org/docs/latest/json/) | [Security & Compliance integration](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportscyclonedx) | ### publish jobs The sbt template supports [publishing](https://www.scala-sbt.org/1.x/docs/Publishing.html): Loading @@ -140,24 +159,6 @@ following values: * `release`: Auto-publishes snapshot artifacts on any branch change, and implements a full publishing workflow with automatic release numbering and git tags management (see [release job](#sbt-release-job) below for details). ### `py-sbom` job This job generates a [SBOM](https://cyclonedx.org/) file listing all dependencies using [syft](https://github.com/anchore/syft). It is bound to the `test` stage, and uses the following variables: | Name | description | default value | | --------------------- | -------------------------------------- | ----------------- | | `SBT_SBOM_DISABLED` | Set to `true` to disable this job | _none_ | | `SBT_SBOM_IMAGE` | The syft image used for SBOM analysis | `registry.hub.docker.com/anchore/syft:debug` | | `SBT_SBOM_OPTS` | Options for syft used for SBOM analysis | `dir:sbt-cache/coursier --catalogers java-cataloger` | In addition to logs in the console, this job produces the following reports, kept for one week: | Report | Format | Usage | | -------------- | ---------------------------------------------------------------------------- | ----------------- | | `reports/sbt-sbom.cyclonedx.json` | [CycloneDX JSON](https://cyclonedx.org/docs/latest/json/) | [Security & Compliance integration](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportscyclonedx) | #### Repository authentication Your publication repository(ies) may require authentication credentials to publish artifacts. Loading Loading
README.md +19 −18 Original line number Diff line number Diff line Loading @@ -114,6 +114,25 @@ Add the plugin in your `project/plugins.sbt`: addSbtPlugin("org.scoverage" % "sbt-scoverage" % "2.0.1") // Check for newer releases : https://search.maven.org/artifact/org.scoverage/sbt-scoverage ``` ### `py-sbom` job This job generates a [SBOM](https://cyclonedx.org/) file listing all dependencies using [syft](https://github.com/anchore/syft). It is bound to the `test` stage, and uses the following variables: | Name | description | default value | | --------------------- | -------------------------------------- | ----------------- | | `SBT_SBOM_DISABLED` | Set to `true` to disable this job | _none_ | | `SBT_SBOM_IMAGE` | The syft image used for SBOM analysis | `registry.hub.docker.com/anchore/syft:debug` | | `SBT_SBOM_OPTS` | Options for syft used for SBOM analysis | `dir:sbt-cache/coursier --catalogers java-cataloger` | In addition to logs in the console, this job produces the following reports, kept for one week: | Report | Format | Usage | | -------------- | ---------------------------------------------------------------------------- | ----------------- | | `reports/sbt-sbom.cyclonedx.json` | [CycloneDX JSON](https://cyclonedx.org/docs/latest/json/) | [Security & Compliance integration](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportscyclonedx) | ### publish jobs The sbt template supports [publishing](https://www.scala-sbt.org/1.x/docs/Publishing.html): Loading @@ -140,24 +159,6 @@ following values: * `release`: Auto-publishes snapshot artifacts on any branch change, and implements a full publishing workflow with automatic release numbering and git tags management (see [release job](#sbt-release-job) below for details). ### `py-sbom` job This job generates a [SBOM](https://cyclonedx.org/) file listing all dependencies using [syft](https://github.com/anchore/syft). It is bound to the `test` stage, and uses the following variables: | Name | description | default value | | --------------------- | -------------------------------------- | ----------------- | | `SBT_SBOM_DISABLED` | Set to `true` to disable this job | _none_ | | `SBT_SBOM_IMAGE` | The syft image used for SBOM analysis | `registry.hub.docker.com/anchore/syft:debug` | | `SBT_SBOM_OPTS` | Options for syft used for SBOM analysis | `dir:sbt-cache/coursier --catalogers java-cataloger` | In addition to logs in the console, this job produces the following reports, kept for one week: | Report | Format | Usage | | -------------- | ---------------------------------------------------------------------------- | ----------------- | | `reports/sbt-sbom.cyclonedx.json` | [CycloneDX JSON](https://cyclonedx.org/docs/latest/json/) | [Security & Compliance integration](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportscyclonedx) | #### Repository authentication Your publication repository(ies) may require authentication credentials to publish artifacts. Loading
