Generate and archive sboms

Author: spoorcc

.github/workflows/build.yml

@@ -80,6 +80,7 @@ jobs:
           NUITKA_CCACHE_BINARY: /usr/bin/ccache
         run: |
           pip install .[build]
+          python script/create_sbom.py
           python script/build.py
           python script/package.py
 
@@ -92,6 +93,7 @@ jobs:
               build/dfetch-package/*.rpm
               build/dfetch-package/*.pkg
               build/dfetch-package/*.msi
+              *.cdx.json
 
   test-binary:
     name: test binary

script/create_sbom.py

@@ -2,7 +2,7 @@
 """Generate an sbom of the tool."""
 import contextlib
 import logging
-import subprocess
+import subprocess  # nosec
 import sys
 import tempfile
 import venv
@@ -35,8 +35,8 @@ def temporary_venv():
 
 
 with temporary_venv() as python:
-    subprocess.check_call([python, "-m", "pip", "install", DEPS])
-    subprocess.check_call(
+    subprocess.check_call([python, "-m", "pip", "install", DEPS])  # nosec
+    subprocess.check_call(  # nosec
         [python, "-m", "cyclonedx_py", "environment", "-o", str(OUTPUT_FILE)]
     )