Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: upgrade SBOM generators #964

Merged
merged 1 commit into from
May 23, 2024
Merged

chore: upgrade SBOM generators #964

merged 1 commit into from
May 23, 2024

Conversation

jkowalleck
Copy link
Collaborator

@jkowalleck jkowalleck commented May 22, 2024
edited
Loading

Summary:

I've seen you are shipping SBOMs with every release 👍

I've seen you are using the unmaintained github workflow CycloneDX/gh-node-module-generatebom to generate them.
I propose to switch to the maintained @cyclonedx/cyclonedx-npm instead.
I propose to use @cyclonedx/webpack-plugin for the VueJS frontends

Description for the changelog:
chore: upgrade SBOM generators

Other info:
fixes #963

@jgadsden jgadsden self-requested a review May 22, 2024 14:29
jgadsden
jgadsden approved these changes May 22, 2024
View reviewed changes
Copy link
Collaborator

@jgadsden jgadsden left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good to have this @jkowalleck , and I agree the gh action being used is not the best way to create SBOMs
did you want to fix up this workflow as well? .github/workflows/push.yaml

@jkowalleck

This comment was marked as resolved.

Sign in to view
@jkowalleck
Copy link
Collaborator Author

good to have this @jkowalleck , and I agree the gh action being used is not the best way to create SBOMs did you want to fix up this workflow as well? .github/workflows/push.yaml

yep. the idea was to revisit all SBOM generation workflows and upgrade then to a modern maintained system

@jkowalleck jkowalleck changed the title [WIP] chore: upgrade SBOM generators chore: upgrade SBOM generators May 22, 2024
@jkowalleck
Copy link
Collaborator Author

jkowalleck commented May 22, 2024
edited
Loading

@jgadsden upgrade done. was unable to test successfully, since some unrelated/untouched CI jobs are skipped or dont pass.

feel free to merge, or ping me in case a rebase is done and changes/updates are required.

@jkowalleck jkowalleck marked this pull request as ready for review May 22, 2024 15:52
@jgadsden jgadsden self-requested a review May 23, 2024 05:43
@jkowalleck
chore: upgrade SBOM generators
dd9627d 
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
jgadsden
jgadsden approved these changes May 23, 2024
View reviewed changes
Copy link
Collaborator

@jgadsden jgadsden left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for applying this to all the SBOM generators @jkowalleck
going ahead with the merge because the two failing tests are known issues

@jgadsden jgadsden merged commit d61d7e8 into OWASP:main May 23, 2024
@jkowalleck
Copy link
Collaborator Author

jkowalleck commented May 23, 2024
edited
Loading

@jgadsden i see something is off in the SBOM process. I will drop a fix soon

@jkowalleck jkowalleck mentioned this pull request May 23, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jgadsden jgadsden jgadsden approved these changes

Assignees

@jkowalleck jkowalleck

Labels
automation version-2.3
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[CHORE] upgrade SBOM generator
2 participants
@jkowalleck @jgadsden