Add sbom targets (#2232)

Author: Lukasz-Juranek

BUILD

@@ -32,3 +32,113 @@ filegroup(
     srcs = ["README.md"],
     visibility = ["//visibility:public"],
 )
+
+# ============================================================================
+# SBOM Generation Targets
+# ============================================================================
+load("@score_tooling//sbom:defs.bzl", "sbom")
+
+# SBOM for score_baselibs
+sbom(
+    name = "sbom_baselibs",
+    targets = [
+        "@score_baselibs//score/concurrency:concurrency",
+        "@score_baselibs//score/memory/shared:shared",
+    ],
+    module_lockfile = "@score_crates//:MODULE.bazel.lock",
+    component_name = "score_baselibs",
+    auto_crates_cache = True,
+    auto_cdxgen = True,
+    sbom_authors = ["Eclipse SCORE Team"],
+    generation_context = "build",
+)
+
+# SBOM for score_communication
+sbom(
+    name = "sbom_communication",
+    targets = [
+        "@score_communication//score/mw/com:com",
+    ],
+    module_lockfile = "@score_crates//:MODULE.bazel.lock",
+    component_name = "score_communication",
+    auto_crates_cache = True,
+    auto_cdxgen = True,
+    sbom_authors = ["Eclipse SCORE Team"],
+    generation_context = "build",
+)
+
+# SBOM for score_persistency
+sbom(
+    name = "sbom_persistency",
+    targets = [
+        "@score_persistency//src/rust/rust_kvs:rust_kvs",
+    ],
+    module_lockfile = "@score_crates//:MODULE.bazel.lock",
+    component_name = "score_persistency",
+    auto_crates_cache = True,
+    auto_cdxgen = True,
+    sbom_authors = ["Eclipse SCORE Team"],
+    generation_context = "build",
+)
+
+# SBOM for score_kyron
+sbom(
+    name = "sbom_kyron_module",
+    targets = [
+        "@score_kyron//src/kyron:libkyron",
+        "@score_kyron//src/kyron-foundation:libkyron_foundation",
+    ],
+    module_lockfile = "@score_crates//:MODULE.bazel.lock",
+    component_name = "score_kyron",
+    auto_crates_cache = True,
+    auto_cdxgen = True,
+    sbom_authors = ["Eclipse SCORE Team"],
+    generation_context = "build",
+)
+
+# SBOM for score_orchestrator
+sbom(
+    name = "sbom_orchestrator",
+    targets = [
+        "@score_orchestrator//src/orchestration:liborchestration",
+    ],
+    module_lockfile = "@score_crates//:MODULE.bazel.lock",
+    component_name = "score_orchestrator",
+    auto_crates_cache = True,
+    auto_cdxgen = True,
+    sbom_authors = ["Eclipse SCORE Team"],
+    generation_context = "build",
+)
+
+# SBOM for score_feo
+sbom(
+    name = "sbom_feo",
+    targets = [
+        "@score_feo//feo:libfeo_rust",
+        "@score_feo//feo:libfeo_recording_rust",
+        "@score_feo//feo-com:libfeo_com_rust",
+        "@score_feo//feo-log:libfeo_log_rust",
+        "@score_feo//feo-time:libfeo_time_rust",
+        "@score_feo//feo-tracing:libfeo_tracing_rust",
+    ],
+    module_lockfile = "@score_crates//:MODULE.bazel.lock",
+    component_name = "score_feo",
+    auto_crates_cache = True,
+    auto_cdxgen = True,
+    sbom_authors = ["Eclipse SCORE Team"],
+    generation_context = "build",
+)
+
+# SBOM for score_logging
+sbom(
+    name = "sbom_logging",
+    targets = [
+        "@score_logging//score/datarouter:log",
+    ],
+    module_lockfile = "@score_crates//:MODULE.bazel.lock",
+    component_name = "score_logging",
+    auto_crates_cache = True,
+    auto_cdxgen = True,
+    sbom_authors = ["Eclipse SCORE Team"],
+    generation_context = "build",
+)

MODULE.bazel

@@ -65,3 +65,29 @@ git_override(
 bazel_dep(name = "rules_rust", version = "0.67.0")
 bazel_dep(name = "score_itf", version = "0.1.0")
 bazel_dep(name = "score_crates", version = "0.0.6")
+local_path_override(
+    module_name = "score_crates",
+    path = "../score-crates",
+)
+
+# ============================================================================
+# SBOM Metadata Collection
+# ============================================================================
+# Enable SBOM metadata collection from all modules in the dependency graph
+sbom_ext = use_extension(
+    "@score_tooling//sbom:extensions.bzl",
+    "sbom_metadata",
+)
+
+# Track score dependency modules for automatic version extraction from their MODULE.bazel
+sbom_ext.track_module(name = "score_baselibs")
+sbom_ext.track_module(name = "score_communication")
+sbom_ext.track_module(name = "score_orchestrator")
+sbom_ext.track_module(name = "score_logging")
+sbom_ext.track_module(name = "score_persistency")
+sbom_ext.track_module(name = "score_kyron")
+sbom_ext.track_module(name = "score_feo")
+sbom_ext.track_module(name = "score_test_scenarios")
+sbom_ext.track_module(name = "score_tooling")
+
+use_repo(sbom_ext, "sbom_metadata")