build: Generate Sbom for tools via nix

Using [`bombon`](https://github.com/nikstur/bombon) we can automatically generate a CycloneDX SBOM from the nix packages used for our tooling. Signed-off-by: Felix Hilgers <[email protected]>
amosproj · Oct 29, 2024 · 64250d5 · 64250d5
1 parent fb85008
commit 64250d5
Show file tree

Hide file tree

Showing 3 changed files with 152 additions and 4 deletions.
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -20,9 +20,13 @@
       url = "github:nlewo/nix2container";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    bombon = {
+      url = "github:nikstur/bombon";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
-  outputs = inputs@{ self, nixpkgs, fenix, android-nixpkgs, nix2container, flake-parts, ... }:
+  outputs = inputs@{ self, nixpkgs, fenix, android-nixpkgs, nix2container, bombon, flake-parts, ... }:
     flake-parts.lib.mkFlake { inherit inputs; } {
       imports = [
         ./nix/overlay-module.nix
@@ -157,14 +161,19 @@
             };
           };
 
+          toolsDevShell = pkgs.mkShell {
+            packages = packageGroups.combined;
+          };
+
         in
         {
           devShells = {
-            default = pkgs.mkShell { packages = packageGroups.combined; };
+            default = toolsDevShell;
           };
           packages = {
             dockerBuilderBase = builderBase;
             dockerBuilder = builder;
+            toolsSbom = pkgs.buildBom toolsDevShell { };
           };
         };
     };

diff --git a/nix/overlay-module.nix b/nix/overlay-module.nix
@@ -9,6 +9,7 @@
         self.inputs.android-nixpkgs.overlays.default
         (prev: super: { n2c = inputs.nix2container.packages.${system}.nix2container; })
         (prev: super: { bashConfigs = import ./bash-configs.nix { pkgs = prev; }; })
+        (prev: super: { buildBom = inputs.bombon.lib.${system}.buildBom; })
       ];
     };
   };