FEDX-951: Generate SBOM during CI

[evanweible-wf]

FEDX-951

Last step before open sourcing this repo is to ensure that we generate a Software Bill of Materials (SBOM) on every build and release for dependency.

[rmconsole-wf]

Merge Requirements Met :white_check_mark:

Request Rosie to automerge this pull request by including @Workiva/release-management-p in a comment.

:white_check_mark: Required actions successful (Workflow job Dart build has conclusion: success) (Workflow job Dart checks - 2.19.6 on ubuntu has conclusion: success) (Workflow job Dart checks - stable on ubuntu has conclusion: success) (Workflow job Dart checks - 2.19.6 on windows has conclusion: success) (Workflow job Dart checks - stable on windows has conclusion: success)

General Information

Ticket(s):

• FEDX-951 | remove

Code Review(s): https://github.com/Workiva/dpx/pull/7

Reviewers: matthewnitschke-wk, evanweible-wf, chrisgustavsen-wf

Additional Information

Watchlist Notifications: None

    When this pull is merged I will add it to the following release:
    Current version: dpx 0.1.0
    Version after merge: dpx 0.1.0
    Release Ticket(s): None

---

Note: This is a shortened report. Click here to view Rosie's full evaluation. Last updated on Thursday, June 13 01:00 PM CST

[aviary3-wk]

Security Insights

No security relevant content was detected by automated scans.

Action Items

• Review PR for security impact; comment "security review required" if needed or unsure

• Verify aviary.yaml coverage of security relevant code

  Questions or Comments? Reach out on Slack: #support-infosec.

[evanweible-wf]

QA +1 CI passes

[evanweible-wf]

@Workiva/release-management-p

[rmconsole-wf]

@evanweible-wf I will not merge this because:

• dependencies not scanned

[chrisgustavsen-wf]

@rmconsole-wf

[rmconsole-wf]

@chrisgustavsen-wf I will not merge this because:

• dependencies not scanned

[chrisgustavsen-wf]

@Workiva/release-management-p

[chrisgustavsen-wf]

RM +1