Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate SBOMs for JS components #629

Open
toddbaert opened this issue Nov 1, 2023 · 0 comments
Open

Generate SBOMs for JS components #629

toddbaert opened this issue Nov 1, 2023 · 0 comments
Labels
contribfest A good issue for Contribfest KubeCon EU '24 good first issue Good for newcomers help wanted Extra attention is needed security security related bugs/tasks

Comments

@toddbaert
Copy link
Member

We have SBOMs currently for Java and Go contribs. We could use them here as well. I recommend this utility: https://github.com/marketplace/actions/cyclonedx-node-js-generate-sbom (we're using the clyclonedx format elsewhere and it's popular).

Definition of done:

  • SBOMs generated and attached to release artifact in GH, or otherwise made publicly available (for every release)
  • runtime dependencies only included
  • only includes dependencies of module in question (not of repo)

Relates to: open-feature/js-sdk#649
@toddbaert toddbaert added good first issue Good for newcomers help wanted Extra attention is needed security security related bugs/tasks labels Nov 1, 2023
@toddbaert toddbaert mentioned this issue Nov 11, 2023
Closed
@toddbaert toddbaert added the contribfest A good issue for Contribfest KubeCon EU '24 label Mar 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
contribfest A good issue for Contribfest KubeCon EU '24 good first issue Good for newcomers help wanted Extra attention is needed security security related bugs/tasks
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@toddbaert