Last active
September 8, 2022 06:13
-
-
Save palaniraja/0e2f7d6cc523d62d184495fc662bbb4e to your computer and use it in GitHub Desktop.
swift sbom using spdx-sbom-generator and cyclonedx-cocoapods. Wasted almost 2 days to figure out everything
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # convert your SPM dependecies to a valid pod file | |
| # something like | |
| # pod "Charts", :git => "https://github.com/danielgindi/Charts", :commit => "66546404a6739173b8e436ab6bc1f2897cd08594" | |
| pod init | |
| pod install | |
| # if you are in monterey, fix ruby first. | |
| # Delete old version of cyclonedex-cocoapods gem if installed from your ~/.gem/old-ruby-ver | |
| gem install cyclonedx-cocoapods | |
| # and use online tool to convert to different format if reqd | |
| # https://cyclonedx.github.io/cyclonedx-web-tool/validate |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| dependencies: [ | |
| // Dependencies declare other packages that this package depends on. | |
| // .package(url: /* package url */, from: "1.0.0"), | |
| .package(url: "https://github.com/danielgindi/Charts", .exact("3.6.0")), | |
| .package(url: "https://github.com/CocoaLumberjack/CocoaLumberjack", .exact("3.7.4")), | |
| ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # generate empty SPM | |
| swift package init | |
| # update depdencies | |
| swift build | |
| # if needed | |
| # swift package generate-xcodeproj | |
| spdx-sbom-generator --path path/to/empty/spm make generate |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment