Adding SBOM generation phase in master pom.xml project.

PiperOrigin-RevId: 572086820 Change-Id: I8d7ec0a8b0f72d4542aa881323b36976a2940c61
GoogleCloudPlatform · Oct 10, 2023 · 57662fd · 57662fd
1 parent 4209be6
commit 57662fd
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 1 deletion.
diff --git a/kokoro/gcp_ubuntu/build.sh b/kokoro/gcp_ubuntu/build.sh
@@ -30,7 +30,7 @@ export JAVA_HOME="$(update-java-alternatives -l | grep "1.17" | head -n 1 | tr -
 echo "JAVA_HOME = $JAVA_HOME"
 ./mvnw -v
 
-./mvnw -e clean install
+./mvnw -e clean install cyclonedx:makeAggregateBom
 
 # The artifacts under `${KOKORO_ARTIFACTS_DIR}/maven-artifacts` will be uploaded as a zip file named maven_jars.binary
 TMP_STAGING_LOCATION=${KOKORO_ARTIFACTS_DIR}/tmp
@@ -68,6 +68,11 @@ cp -rf sdk_assembly/target/appengine-java-sdk ${TMP_STAGING_LOCATION}/
 chmod a+x ${TMP_STAGING_LOCATION}/appengine-java-sdk/bin/*
 # LINT.ThenChange(//depot/google3/third_party/java_src/appengine_standard/check_build.sh)
 cp sdk_assembly/target/google_appengine_java_delta*.zip ${TMP_STAGING_LOCATION}/google_appengine_java_delta_from_maven.zip
+
+# Add SBOM files:
+cp target/bom.json ${TMP_STAGING_LOCATION}/
+cp target/bom.xml ${TMP_STAGING_LOCATION}/
+
 cd ${TMP_STAGING_LOCATION}
 zip -r ${PUBLISHED_LOCATION}/maven_jars.binary .
 # cleanup staging area

diff --git a/pom.xml b/pom.xml
@@ -888,6 +888,19 @@
             <fileTemplate>${project.basedir}/licenses/resources/third-party-file-template.ftl</fileTemplate>
           </configuration>
         </plugin>
+        <plugin>
+            <groupId>org.cyclonedx</groupId>
+            <artifactId>cyclonedx-maven-plugin</artifactId>
+            <version>2.7.9</version>
+            <executions>
+                <execution>
+                    <phase>package</phase>
+                    <goals>
+                        <goal>makeAggregateBom</goal>
+                    </goals>
+                </execution>
+            </executions>
+        </plugin>
       </plugins>
     </pluginManagement>
   </build>