55 lines
1.5 KiB
Bash
Executable File
55 lines
1.5 KiB
Bash
Executable File
#!/bin/bash
|
|
# Generate SBOM for Docker image
|
|
# Builds the image and generates SBOM in multiple formats
|
|
|
|
set -e
|
|
|
|
IMAGE_NAME="${1:-hastebin:test}"
|
|
|
|
echo "🐳 Building Docker image: $IMAGE_NAME"
|
|
docker build -t "$IMAGE_NAME" --no-cache .
|
|
|
|
echo ""
|
|
echo "🔍 Generating SBOM for Docker image..."
|
|
|
|
# Check if syft is installed
|
|
if ! command -v syft &> /dev/null; then
|
|
echo "Syft not found. Attempting to install to ./bin..."
|
|
mkdir -p ./bin
|
|
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b ./bin
|
|
export PATH="./bin:$PATH"
|
|
|
|
# Verify installation
|
|
if ! command -v syft &> /dev/null; then
|
|
echo "❌ Failed to install syft automatically."
|
|
echo "Please install manually:"
|
|
echo " brew install syft"
|
|
echo " or visit: https://github.com/anchore/syft#installation"
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
# Show version
|
|
syft version
|
|
|
|
# Generate SBOM in table format
|
|
echo ""
|
|
echo "📋 Generating SBOM table..."
|
|
syft docker:"$IMAGE_NAME" -o table | tee sbom-image.txt
|
|
|
|
# Generate SBOM in SPDX JSON format
|
|
echo ""
|
|
echo "📦 Generating SBOM in SPDX JSON format..."
|
|
syft docker:"$IMAGE_NAME" -o spdx-json > sbom-image.spdx.json
|
|
|
|
# Generate SBOM in CycloneDX JSON format
|
|
echo ""
|
|
echo "🌀 Generating SBOM in CycloneDX JSON format..."
|
|
syft docker:"$IMAGE_NAME" -o cyclonedx-json > sbom-image.cyclonedx.json
|
|
|
|
echo ""
|
|
echo "✅ Image SBOM generated successfully!"
|
|
echo ""
|
|
echo "Generated files:"
|
|
ls -lh sbom-image.* | cat
|