As a result of this change you will find an artifact named sbom attached to each build. Within that artifact is a manifest.json file under a _manifest directory capturing all of the packages that constitute the Software Bill of Materials
The sbom job captures the nuget package files (*.nupkg) published (uploaded) by the build
Related work item: VS #1477663
Per Executive Order (EO) produce a Software Bill of Materials (SBOM) capturing the produced nuget files from a dedicated job https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/secure-supply-chain/ado-sbom-generator
As a result of this change you will find an artifact named
sbom
attached to each build. Within that artifact is amanifest.json
file under a_manifest
directory capturing all of the packages that constitute theSoftware Bill of Materials
The
sbom
job captures the nuget package files (*.nupkg) published (uploaded) by the build