Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

feat: sbom generation ubuntu and nix packages#1973

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Draft
samrose wants to merge4 commits intodevelop
base:develop
Choose a base branch
Loading
fromsbom-create

Conversation

@samrose
Copy link
Collaborator

Files Created/Modified:

New Files:

  • nix/packages/sbom/ - Go package directory with:
    • default.nix - Nix package definition
    • go.mod - Go module file
    • cmd/sbom/main.go - CLI with ubuntu/nix/combined subcommands
    • internal/spdx/types.go - SPDX document structures
    • internal/ubuntu/generator.go - Ubuntu dpkg package scanner
    • internal/nix/wrapper.go - sbomnix wrapper
    • internal/merge/merger.go - SBOM merger

Modified Files:

  • flake.nix - Added sbomnix input
  • flake.lock - Updated with sbomnix
  • nix/packages/default.nix - Registered sbom packages
  • nix/fmt.nix - Added gofmt and excludes for.sum and vendor/
  • nix/devShells.nix - Added Go tools, sbom, sbomnix, spdx-tools
  • nix/checks.nix - Added sbom-builds and sbomnix-available checks
  • scripts/nix-provision.sh - Added SBOM generation step
  • stage2-nix-psql.pkr.hcl - Added provisioner to download SBOM
  • .github/workflows/ami-release-nix.yml - Added SBOM upload to S3 (staging and prod)

New Packages:

  • sbom - Main Go binary
  • sbom-generator - Combined Ubuntu+Nix SBOM generator
  • sbom-ubuntu - Ubuntu-only SBOM generator
  • sbom-nix - Nix-only SBOM generator (wraps sbomnix)
  • sbomnix - Upstream sbomnix tool

New Checks:

  • sbom-builds - Verifies the sbom binary builds and runs
  • sbomnix-available - Verifies sbomnix is functional

CI Integration:

At release time, the SBOM will be:

  1. Generated during packer provisioning (on the actual AMI)
  2. Downloaded from the instance
  3. Uploaded to s3://{bucket}/manifests/postgres-{version}/sbom.spdx.json

@samrosesamrose requested review froma team ascode ownersDecember 9, 2025 20:11
@samrosesamrose marked this pull request as draftDecember 9, 2025 20:12
@snyk-io
Copy link

snyk-iobot commentedDec 9, 2025
edited
Loading

Snyk checks have passed. No issues have been found so far.

StatusScanner Critical High Medium LowTotal (0)
Code Security0000 0 issues

💻 Catch issues earlier using the plugins forVS Code,JetBrains IDEs,Visual Studio, andEclipse.

@coderabbitai
Copy link

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the.coderabbit.yaml file in this repository. To trigger a single review, invoke the@coderabbitai review command.

You can disable this status message by setting thereviews.review_status tofalse in the CodeRabbit configuration file.

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branchsbom-create

Comment@coderabbitai help to get the list of available commands and usage tips.

Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

@snyk-iosnyk-io[bot]snyk-io[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@samrose
[8]ページ先頭
©2009-2025 Movatter.jp