This pull request contains changes that implement a Software Bill of Materials (SBOM) in Azure DevOps using the GitHub Advanced Security tooling. The changes include a new guide in the README.md file and a sample build script in sbom-tool.yml that generates a SBOM.
Guide to Implement SBOM:
src/sbom-tool/README.md: Added a guide on how to implement a Software Bill of Materials (SBOM) in Azure DevOps using GitHub Advanced Security. The guide provides an overview of the implementation, including the use of the microsoft/sbom-tool for SBOM generation and the ClearlyDefined API for populating license information for the components. It also provides instructions on how to upload the generated SBOM as an artifact to the pipeline in Azure DevOps.
Sample Build Script:
src/sbom-tool/sbom-tool.yml: Added a sample build script that generates a SBOM using the sbom-tool. The script includes steps to restore and build the project, generate the SBOM, and upload the SBOM to Build Artifacts.
This pull request contains changes that implement a Software Bill of Materials (SBOM) in Azure DevOps using the GitHub Advanced Security tooling. The changes include a new guide in the README.md file and a sample build script in
sbom-tool.ymlthat generates a SBOM.Guide to Implement SBOM:
src/sbom-tool/README.md: Added a guide on how to implement a Software Bill of Materials (SBOM) in Azure DevOps using GitHub Advanced Security. The guide provides an overview of the implementation, including the use of themicrosoft/sbom-toolfor SBOM generation and theClearlyDefined APIfor populating license information for the components. It also provides instructions on how to upload the generated SBOM as an artifact to the pipeline in Azure DevOps.Sample Build Script:
src/sbom-tool/sbom-tool.yml: Added a sample build script that generates a SBOM using thesbom-tool. The script includes steps to restore and build the project, generate the SBOM, and upload the SBOM to Build Artifacts.Closes: #17