From 0938983ada768608a5e02d9d90e691ad8476e29e Mon Sep 17 00:00:00 2001
From: maier <maier@users.noreply.github.com>
Date: Tue, 28 Nov 2023 10:00:04 -0500
Subject: [PATCH] build: add .sbom for archive artifacts

---
 .goreleaser.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.goreleaser.yml b/.goreleaser.yml
index c39abcf..ddbd1ef 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -185,3 +185,10 @@ checksum:
 
 snapshot:
   name_template: '{{ incpatch .Version }}-devel'
+
+sboms:
+  - artifacts: archive
+    args: ["$artifact", "--output", "cyclonedx-json@1.5=$document"]
+    env:
+      - SYFT_GOLANG_SEARCH_LOCAL_MOD_CACHE_LICENSES=true
+      - SYFT_GOLANG_SEARCH_REMOTE_LICENSES=true