Automagically build CycloneDX Software Bills of Materials (SBOMs) for Nix packages!
nix flake init -t github:nikstur/bombon
Or manually copy this to flake.nix
in your repository:
# file: flake.nix
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
bombon.url = "github:nikstur/bombon";
bombon.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { self, nixpkgs, bombon }:
let
system = "x86_64-linux";
pkgs = import nixpkgs { inherit system; };
in
{
packages.${system}.default = bombon.lib.${system}.buildBom pkgs.hello { };
};
}
niv init
niv add nikstur/bombon
# file: default.nix
let
sources = import ./nix/sources.nix { };
pkgs = import sources.nixpkgs { };
bombon = import sources.bombon;
system = "x86_64-linux";
in
bombon.lib.${system}.buildBom pkgs.hello { }
buildBom
accepts options as an attribute set. All attributes are optional:
includeBuildtimeDependencies
: boolean flag to include buildtime dependencies in output.
Example:
bombon.lib.${system}.buildBom pkgs.hello {
includeBuildtimeDependencies = true;
}
During development, the Nix Repl is a convenient and quick way to test changes. Start the repl, loading your local version of nixpkgs.
nix repl <nixpkgs>
Inside the repl, load the bombon flake and build the BOM for a package you are interested in.
:l .
:b lib.x86_64-linux.buildBom python3 { }
Remember to re load the bombon flake every time you made changes to any of the source code.
The way dependencies are retrieved using Nix is heavily influenced by this blog article from Nicolas Mattia.