GitLab CI Kotlin DSL • opensavvy.gitlab.ci • Artifacts • cyclonedx

cyclonedx

fun cyclonedx(vararg path: String)

Collects CycloneDX software bill of materials (SBOM) reports.

This report is a Software Bill of Materials describing the components of a project following the CycloneDX protocol format. You can specify multiple CycloneDX reports using filename patterns, arrays of filenames, or both. Directories are not supported.

Example

val sbomGeneration by job {
    script {
        shell("cyclonedx-npm --output-file gl-sbom-npm.cdx.json")
        shell("cyclonedx-bundler --output-file gl-sbom-bundler.cdx.json")
    }

    artifacts {
        cyclonedx("gl-sbom-npm.cdx.json", "gl-sbom-bundler.cdx.json")
    }
}

Example: using filename patterns

artifacts {
    cyclonedx("gl-sbom-*.json")
}

External resources

• Official documentation