csspin_frontend.js_sbom
The csspin_frontend.js_sbom plugin provides the js-sbom task for
building Software Bill of Materials (SBOMs) for JavaScript applications based on
CONTACT Elements in CycloneDX format. It builds the project if necessary and
then collects the generated bom.json files into top-level *.js_sbom.cdx.json
files named after their namespace.
How to setup the csspin_frontend.js_sbom plugin?
For using the csspin_frontend.js_sbom plugin, a project’s spinfile.yaml
must at least contain the following configuration.
spinfile.yaml to use csspin_frontend.js_sbomplugin_packages:
- csspin-python
- csspin-frontend
plugins:
- csspin_frontend.js_sbom
python:
version: '3.11.9'
The provisioning of the required virtual environment as well as the plugin
dependencies can be done via the well-known spin provision-command.
How to build JavaScript SBOMs using csspin_frontend.js_sbom?
The js-sbom task builds the JavaScript application (via setup.py
build_js) if no build/ directory is present, then collects all
bom/bom.json files from the build output and places them at the project
root, named after their namespace:
spin js-sbom
The collected SBOMs are written as <namespace>.js_sbom.cdx.json files in the
project root. The build/ directory and any *.cdx.json files are removed
by the cleanup step.