Skip to content

Commit b58aba1

Browse files
dlg1206dlg1206
committed
refactor: install sbom tool with dotnet instead of binary
1 parent 0c62a08 commit b58aba1

File tree

2 files changed

+3
-9
lines changed

2 files changed

+3
-9
lines changed

core/src/main/java/org/svip/generation/osi/docker/Dockerfile

Lines changed: 2 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -20,9 +20,6 @@ RUN curl -L $CYCLONEDX_CLI -o tmp/cyclonedx-cli
2020
FROM alpine/curl AS syft
2121
RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /tmp
2222

23-
FROM alpine/curl AS sbomtool
24-
RUN curl -L https://github.com/microsoft/sbom-tool/releases/latest/download/sbom-tool-linux-x64 -o /tmp/sbom-tool
25-
2623
FROM alpine/curl AS osi
2724

2825
# PHP Setup
@@ -78,6 +75,7 @@ RUN npm install -g retire bower cdx-bower-bom @cyclonedx/cdxgen@8.6.0
7875
RUN go install github.com/ozonru/cyclonedx-go/cmd/cyclonedx-go@latest
7976
RUN go install github.com/mattermost/gobom/cmd/gobom@latest
8077
RUN dotnet tool install --global covenant
78+
RUN dotnet tool install --global Microsoft.Sbom.DotNetTool
8179
RUN cargo install -- cargo-cyclonedx
8280
RUN composer global config --no-plugins allow-plugins.cyclonedx/cyclonedx-php-composer true
8381
RUN composer \
@@ -91,13 +89,9 @@ RUN composer \
9189
COPY --from=jbom --chmod=755 tmp/jbom.jar /usr/local/bin/
9290
COPY --from=cyclone_dx_cli --chmod=755 tmp/cyclonedx-cli /usr/local/bin/
9391
COPY --from=syft --chmod=755 tmp/syft /usr/local/bin/
94-
COPY --from=sbomtool --chmod=755 tmp/sbom-tool /usr/local/bin/
95-
96-
# Verify installation
97-
COPY --chmod=755 scripts/ /usr/local/bin/
98-
RUN . validate.sh
9992

10093
# Setup flask api server
94+
COPY --chmod=755 scripts/ /usr/local/bin/
10195
WORKDIR /server
10296
COPY server/ .
10397
RUN pip install --break-system-packages -r requirements.txt

core/src/main/java/org/svip/generation/osi/docker/scripts/validate.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -85,7 +85,7 @@ function verify_tools(){
8585
sbom4files -h &> /dev/null && pass "sbom4files" 3 || fail "sbom4files"
8686
sbom4python -h &> /dev/null && pass "sbom4python" 3 || fail "sbom4python"
8787
sbom4rust -h &> /dev/null && pass "sbom4rust" 3 || fail "sbom4rust"
88-
sbom-tool --version &> /dev/null && pass "sbom-tool" 3 || fail "sbom-tool"
88+
sbom-tool --version &> /dev/null && fail "sbom-tool" || pass "sbom-tool" 3 # returns 1 on success
8989
spdx-sbom-generator -h &> /dev/null && pass "spdx-sbom-generator" 3 || fail "spdx-sbom-generator"
9090
syft -h &> /dev/null && pass "syft" 3 || fail "syft"
9191

0 commit comments

Comments
 (0)