diff --git a/BUILD b/BUILD index 2d6570fe8..75d7b6899 100644 --- a/BUILD +++ b/BUILD @@ -32,3 +32,113 @@ filegroup( srcs = ["README.md"], visibility = ["//visibility:public"], ) + +# ============================================================================ +# SBOM Generation Targets +# ============================================================================ +load("@score_tooling//sbom:defs.bzl", "sbom") + +# SBOM for score_baselibs +sbom( + name = "sbom_baselibs", + targets = [ + "@score_baselibs//score/concurrency:concurrency", + "@score_baselibs//score/memory/shared:shared", + ], + module_lockfile = "@score_crates//:MODULE.bazel.lock", + component_name = "score_baselibs", + auto_crates_cache = True, + auto_cdxgen = True, + sbom_authors = ["Eclipse SCORE Team"], + generation_context = "build", +) + +# SBOM for score_communication +sbom( + name = "sbom_communication", + targets = [ + "@score_communication//score/mw/com:com", + ], + module_lockfile = "@score_crates//:MODULE.bazel.lock", + component_name = "score_communication", + auto_crates_cache = True, + auto_cdxgen = True, + sbom_authors = ["Eclipse SCORE Team"], + generation_context = "build", +) + +# SBOM for score_persistency +sbom( + name = "sbom_persistency", + targets = [ + "@score_persistency//src/rust/rust_kvs:rust_kvs", + ], + module_lockfile = "@score_crates//:MODULE.bazel.lock", + component_name = "score_persistency", + auto_crates_cache = True, + auto_cdxgen = True, + sbom_authors = ["Eclipse SCORE Team"], + generation_context = "build", +) + +# SBOM for score_kyron +sbom( + name = "sbom_kyron_module", + targets = [ + "@score_kyron//src/kyron:libkyron", + "@score_kyron//src/kyron-foundation:libkyron_foundation", + ], + module_lockfile = "@score_crates//:MODULE.bazel.lock", + component_name = "score_kyron", + auto_crates_cache = True, + auto_cdxgen = True, + sbom_authors = ["Eclipse SCORE Team"], + generation_context = "build", +) + +# SBOM for score_orchestrator +sbom( + name = "sbom_orchestrator", + targets = [ + "@score_orchestrator//src/orchestration:liborchestration", + ], + module_lockfile = "@score_crates//:MODULE.bazel.lock", + component_name = "score_orchestrator", + auto_crates_cache = True, + auto_cdxgen = True, + sbom_authors = ["Eclipse SCORE Team"], + generation_context = "build", +) + +# SBOM for score_feo +sbom( + name = "sbom_feo", + targets = [ + "@score_feo//feo:libfeo_rust", + "@score_feo//feo:libfeo_recording_rust", + "@score_feo//feo-com:libfeo_com_rust", + "@score_feo//feo-log:libfeo_log_rust", + "@score_feo//feo-time:libfeo_time_rust", + "@score_feo//feo-tracing:libfeo_tracing_rust", + ], + module_lockfile = "@score_crates//:MODULE.bazel.lock", + component_name = "score_feo", + auto_crates_cache = True, + auto_cdxgen = True, + sbom_authors = ["Eclipse SCORE Team"], + generation_context = "build", +) + +# SBOM for score_logging +sbom( + name = "sbom_logging", + targets = [ + "@score_logging//score/datarouter:log", + ], + module_lockfile = "@score_crates//:MODULE.bazel.lock", + component_name = "score_logging", + auto_crates_cache = True, + auto_cdxgen = True, + sbom_authors = ["Eclipse SCORE Team"], + generation_context = "build", +) diff --git a/MODULE.bazel b/MODULE.bazel index ec3c107dd..b950d7005 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -65,3 +65,29 @@ git_override( bazel_dep(name = "rules_rust", version = "0.67.0") bazel_dep(name = "score_itf", version = "0.1.0") bazel_dep(name = "score_crates", version = "0.0.6") +local_path_override( + module_name = "score_crates", + path = "../score-crates", +) + +# ============================================================================ +# SBOM Metadata Collection +# ============================================================================ +# Enable SBOM metadata collection from all modules in the dependency graph +sbom_ext = use_extension( + "@score_tooling//sbom:extensions.bzl", + "sbom_metadata", +) + +# Track score dependency modules for automatic version extraction from their MODULE.bazel +sbom_ext.track_module(name = "score_baselibs") +sbom_ext.track_module(name = "score_communication") +sbom_ext.track_module(name = "score_orchestrator") +sbom_ext.track_module(name = "score_logging") +sbom_ext.track_module(name = "score_persistency") +sbom_ext.track_module(name = "score_kyron") +sbom_ext.track_module(name = "score_feo") +sbom_ext.track_module(name = "score_test_scenarios") +sbom_ext.track_module(name = "score_tooling") + +use_repo(sbom_ext, "sbom_metadata")