dotnet CycloneDX Conduit.sln -o .
dotnet CycloneDX -j Conduit.sln -o .
docker run --rm -v $PWD:/src cyclonedx/cyclonedx-dotnet /src/Conduit.sln -rs -o /src -j
kdt sbom import -p aspnetcore-example-ap -b master -f bom.json -v
name: Build, Test, and Generate SBOM
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-dotnet@v4
with:
dotnet-version: 8.0.204
# Restore, build, and test .NET project
- run: |
dotnet restore build/build.csproj
dotnet build build/build.csproj
dotnet test build/build.csproj
# Install CycloneDX CLI for SBOM generation
- name: Install CycloneDX CLI
run: dotnet tool install --global CycloneDX
# Install Kondukto CLI for SBOM import
- name: Install Kondukto CLI
run: |
curl -sSL https://cli.kondukto.io | sudo sh
# Generate SBOM with CycloneDX
- name: Generate SBOM
run: |
dotnet CycloneDX Conduit.sln -j -o out
ls -al
shell: bash
# Import SBOM into Kondukto
- name: Import SBOM to Kondukto
env:
KONDUKTO_HOST: https://konduktolab.kondukto.io
KONDUKTO_TOKEN: ${{ secrets.KONDUKTO_SECRETS1 }}
run: |
kdt sbom import -p aspnetcore-example-ap -f out/bom.json -b main