Streamline Export SBOM feature
Release notes
Problem to solve
As a part of #333463 (closed) we have introduced APIs to export cycloneDX reports in SBOM format for a pipeline. This feature currently requires a user to call 3 different endpoints.
Proposal
Explore the possibility of adding this as a pipeline job so that merged sbom file can be available as a job artifact which can be downloaded using Job Artifacts API . Currently, this can be manually done following this tutorial.
Things to keep in mind:
- The merged CycloneDX file may require a good amount of processing, so we don't want to generate this file after every pipeline run.
- The merging and generating of CycloneDX file happened in background job.
Intended users
Does this feature require an audit event?
No
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.