Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(3861): generated cyclonedx sbom #1056

Closed
wants to merge 9 commits into from
Closed

chore(3861): generated cyclonedx sbom #1056

wants to merge 9 commits into from

Conversation

s-prak
Copy link

@s-prak s-prak commented Jun 19, 2024

Description

This pull request introduces a CycloneDX Software Bill of Materials (SBOM) for this project, generated using GitHub Actions. The SBOM provides a detailed inventory of the components and dependencies used within the project, aiding in vulnerability management and license compliance.

Key Changes:

  1. Added: sbom.xml (CycloneDX format) to the repository. (path - ./sbom.xml)
  2. Workflow YAML: sbom.yml for automating the SBOM generation.

Workflow Details:

  1. File: .github/workflows/generate-sbom.yml
  2. Purpose: Automates the generation of the CycloneDX SBOM whenever changes are pushed to the repository.
  3. Trigger: The workflow is triggered on push events

Documentation

https://docs.google.com/document/d/11cxkkOihsWAK7Sd1CATBagrhC6kquDzmMamaQ_xAjeU/edit

s-prak added 3 commits June 19, 2024 18:46
@s-prak
Created sbom.yaml
145ef3d
@s-prak
Updated sbom.yaml
894eebd
@s-prak
Created sbom.xml
5050fbc 
CycloneDX SBOM is generated using CycloneDX for Node.js GitHub Action
@CLAassistant
Copy link

CLAassistant commented Jun 19, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

@s-prak s-prak changed the title [3862] - Generated CycloneDX SBOM [3862] - generated cyclonedx sbom Jun 19, 2024
@s-prak s-prak changed the title [3862] - generated cyclonedx sbom chore(3861) - generated cyclonedx sbom Jun 20, 2024
@s-prak s-prak changed the title chore(3861) - generated cyclonedx sbom chore(3861) : generated cyclonedx sbom Jun 21, 2024
@s-prak s-prak changed the title chore(3861) : generated cyclonedx sbom chore(3861): generated cyclonedx sbom Jun 21, 2024
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Failed Quality Gate failed

Failed conditions
11.9% Duplication on New Code (required ≤ 3%)
C Reliability Rating on New Code (required ≥ A)

See analysis details on SonarCloud

Catch issues before they fail your Quality Gate with our IDE extension SonarLint

@elnyry-sam-k
Copy link
Member

hi @s-prak , can this be closed now as sbom / deprecations check is now part of the standard ci process here?

@s-prak s-prak closed this Jan 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mdebarros mdebarros Awaiting requested review from mdebarros

@elnyry-sam-k elnyry-sam-k Awaiting requested review from elnyry-sam-k elnyry-sam-k is a code owner

@vijayg10 vijayg10 Awaiting requested review from vijayg10

@kleyow kleyow Awaiting requested review from kleyow

@bushjames bushjames Awaiting requested review from bushjames bushjames is a code owner

@oderayi oderayi Awaiting requested review from oderayi

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@s-prak @CLAassistant @elnyry-sam-k