dev: compliance / SBOM

abilian · Nov 28, 2024 · 0f82a8a · 0f82a8a
1 parent cd5a34d
commit 0f82a8a
Show file tree

Hide file tree

Showing 6 changed files with 1,283 additions and 150 deletions.
diff --git a/Makefile b/Makefile
@@ -25,8 +25,18 @@ install-deps:
 update-deps:
 	@echo "--> Updating dependencies"
 	uv sync -U
-	uv pip list --format=freeze > requirements.txt
 	uv pip list --outdated
+	uv pip list --format=freeze > compliance/requirements-full.txt
+
+## Generate SBOM
+generate-sbom:
+	@echo "--> Generating SBOM"
+	uv sync --no-dev
+	uv pip list --format=freeze > compliance/requirements-prod.txt
+	uv sync
+	uv run cyclonedx-py requirements \
+		--pyproject pyproject.toml -o compliance/sbom-cyclonedx.json \
+		compliance/requirements-prod.txt
 
 ## Activate pre-commit hook
 activate-pre-commit:

diff --git a/compliance/requirements-prod.txt b/compliance/requirements-prod.txt
@@ -0,0 +1,46 @@
+alembic==1.14.0
+asttokens==2.4.1
+attrs==24.2.0
+blinker==1.9.0
+cachetools==5.5.0
+certifi==2024.8.30
+charset-normalizer==3.4.0
+click==8.1.7
+devtools==0.12.2
+durationpy==0.9
+executing==2.1.0
+flasgger==0.9.7.1
+flask==3.1.0
+flask-sqlalchemy==3.1.1
+google-auth==2.36.0
+gurobipy==12.0.0
+idna==3.10
+itsdangerous==2.2.0
+jinja2==3.1.4
+jsonschema==4.23.0
+jsonschema-specifications==2024.10.1
+kubernetes==31.0.0
+mako==1.3.6
+markupsafe==3.0.2
+mistune==3.0.2
+oauthlib==3.2.2
+packaging==24.2
+psycopg2-binary==2.9.10
+pyasn1==0.6.1
+pyasn1-modules==0.4.1
+pygments==2.18.0
+python-dateutil==2.9.0.post0
+python-dotenv==1.0.1
+pyyaml==6.0.2
+referencing==0.35.1
+requests==2.32.3
+requests-oauthlib==2.0.0
+rpds-py==0.21.0
+rsa==4.9
+six==1.16.0
+smo==0.1.0
+sqlalchemy==2.0.36
+typing-extensions==4.12.2
+urllib3==2.2.3
+websocket-client==1.8.0
+werkzeug==3.1.3