From 63f20406b5a9bb07114de9b065b666d53a0ab6c8 Mon Sep 17 00:00:00 2001 From: Lukasz Juranek Date: Sat, 31 Jan 2026 08:12:51 +0100 Subject: [PATCH 1/2] Add sbom targets (#2232) --- BUILD | 32 ++++++++++++++++++++++++++++++++ MODULE.bazel | 10 ++++++++++ 2 files changed, 42 insertions(+) diff --git a/BUILD b/BUILD index 2d6570fe8e..049a966bb1 100644 --- a/BUILD +++ b/BUILD @@ -32,3 +32,35 @@ filegroup( srcs = ["README.md"], visibility = ["//visibility:public"], ) + +# ============================================================================ +# SBOM Generation Targets +# ============================================================================ +load("@score_tooling//sbom:defs.bzl", "sbom") + +# SBOM for orchestrator + persistency example +sbom( + name = "sbom_orch_per", + targets = ["//feature_showcase/rust:orch_per_example"], + component_name = "orch_per_example", + component_version = "0.5.0-beta", +) + +# SBOM for kyron example +sbom( + name = "sbom_kyron", + targets = ["//feature_showcase/rust:kyron_example"], + component_name = "kyron_example", + component_version = "0.5.0-beta", +) + +# Combined SBOM for all public targets +sbom( + name = "sbom_all", + targets = [ + "//feature_showcase/rust:orch_per_example", + "//feature_showcase/rust:kyron_example", + ], + component_name = "score_reference_integration", + component_version = "0.5.0-beta", +) diff --git a/MODULE.bazel b/MODULE.bazel index ec3c107dd4..4f5a86f85e 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -65,3 +65,13 @@ git_override( bazel_dep(name = "rules_rust", version = "0.67.0") bazel_dep(name = "score_itf", version = "0.1.0") bazel_dep(name = "score_crates", version = "0.0.6") + +# ============================================================================ +# SBOM Metadata Collection +# ============================================================================ +# Enable SBOM metadata collection from all modules in the dependency graph +sbom_ext = use_extension( + "@score_tooling//sbom:extensions.bzl", + "sbom_metadata", +) +use_repo(sbom_ext, "sbom_metadata") From d6e3d285c2db4a585cae010b8a83f36083c0681e Mon Sep 17 00:00:00 2001 From: Lukasz Juranek Date: Sat, 7 Feb 2026 10:27:48 +0100 Subject: [PATCH 2/2] Add sbom targets rust and cpp license automatic extraction (#2232) --- BUILD | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/BUILD b/BUILD index 049a966bb1..3e59dd526d 100644 --- a/BUILD +++ b/BUILD @@ -42,16 +42,26 @@ load("@score_tooling//sbom:defs.bzl", "sbom") sbom( name = "sbom_orch_per", targets = ["//feature_showcase/rust:orch_per_example"], + cargo_lockfile = "@score_orchestrator//:Cargo.lock", component_name = "orch_per_example", component_version = "0.5.0-beta", + auto_crates_cache = True, + auto_cdxgen = True, + sbom_authors = ["Eclipse SCORE Team"], + generation_context = "build", ) # SBOM for kyron example sbom( name = "sbom_kyron", targets = ["//feature_showcase/rust:kyron_example"], + cargo_lockfile = "@score_orchestrator//:Cargo.lock", component_name = "kyron_example", component_version = "0.5.0-beta", + auto_crates_cache = True, + auto_cdxgen = True, + sbom_authors = ["Eclipse SCORE Team"], + generation_context = "build", ) # Combined SBOM for all public targets @@ -61,6 +71,11 @@ sbom( "//feature_showcase/rust:orch_per_example", "//feature_showcase/rust:kyron_example", ], + cargo_lockfile = "@score_orchestrator//:Cargo.lock", component_name = "score_reference_integration", component_version = "0.5.0-beta", + auto_crates_cache = True, + auto_cdxgen = True, + sbom_authors = ["Eclipse SCORE Team"], + generation_context = "build", )