Merge pull request #37 from Malwarebytes/sbom

Support `sbom` generation at release time
Malwarebytes · Oct 11, 2022 · 91bc99a · 91bc99a
2 parents bc00018 + a5d0410
commit 91bc99a
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 0 deletions.
diff --git a/Makefile b/Makefile
@@ -5,6 +5,7 @@ ZIP = zip
 PIP3 = python3 -m pip
 PYTHON3 = python3
 POETRY = poetry
+SYFT = syft
 
 
 clean: ## clean existing builds
@@ -15,6 +16,7 @@ clean: ## clean existing builds
 
 release: ## Build a wheel
 	$(POETRY) build
+	$(SYFT) packages file:poetry.lock -o spdx-json > dist/sbom.json
 	cd dist && sha512sum * > ../checksums.sha512
 	gpg --detach-sign --armor checksums.sha512
 

diff --git a/README.md b/README.md
@@ -36,6 +36,8 @@ make release
 
 ### Publish a new version
 
+**Requires `syft` to be installed to generate the sbom.**
+
 1. Bump the version number as described above
 2. `make deps` to update the dependencies
 3. `make release` to build the packages