Generate SBOM for Parsec #4770

FirelightFlagboy · 2023-06-27T13:52:03Z

Generate a SBOM¹ for each generated artifact.

To generate the SBOM, I suggest the tool syft because it's the simplest tool I've tested.

The SBOM generate should likely be done on the CI in the workflows package-*.yml.

Doing it for each package allow to take into account the transitive dependencies and aditional tools used by those (syft would have more entries if it index the node_modules folders, for example).

Each SBOM should have a unique and meaningfull name (e.g.: For the server, it could be parsec-server.[...]) and uploaded as an artifact alongside the generate package.
This allow the workflow release.py to include them in a release 😄

Why not using the SBOM provided by Github ?

Currently the SBOM provided by Github only reflect the dependency graph for the main branch.
A release will have a different dependency graph, so this document isn't adapted for a release.

Software Bills Of Materials ↩

The text was updated successfully, but these errors were encountered:

Closes #4770

Generate SBOM file for python wheels, electron apps and web app. Closes #4770

Generate SBOM file for python wheels, electron apps and web app. Other Changes ------------- - Add `concurrency` to `package-webapp` workflow. Closes #4770

Generate SBOM file for python wheels, python apps, electron apps and web app. Other Changes ------------- - Add `concurrency` to `package-webapp` workflow. Closes #4770

Generate SBOM file for python wheels, python apps, electron apps and web app. Other Changes ------------- - Add `concurrency` to `package-webapp` workflow. Closes #4770 Change download path for artifacts Rework artifact path to be flatten Copy sbom files

Generate SBOM file for python wheels, electron apps and web app. Other Changes ------------- - Add `concurrency` to `package-webapp` workflow. Closes #4770

Generate SBOM file for python wheels, electron apps and web app. Other Changes ------------- - Add `concurrency` to `package-webapp` workflow. Closes #4770 Co-authored-by: Marcos Medrano <786907+mmmarcos@users.noreply.github.com>

Generate SBOM file for python wheels, electron apps and web app. Other Changes ------------- - Add `concurrency` to `package-webapp` workflow. Closes #4770 Co-authored-by: Marcos Medrano <786907+mmmarcos@users.noreply.github.com> Signed-off-by: firelight flagboy <firelight.flagboy@gmail.com>

Generate SBOM file for python wheels, python apps, electron apps and web app. Other Changes ------------- - Add `concurrency` to `package-webapp` workflow. Closes #4770 Signed-off-by: firelight flagboy <firelight.flagboy@gmail.com>

Generate SBOM file for python wheels, electron apps and web app. Other Changes ------------- - Add `concurrency` to `package-webapp` workflow. Closes #4770 Co-authored-by: Marcos Medrano <786907+mmmarcos@users.noreply.github.com> Signed-off-by: firelight flagboy <firelight.flagboy@gmail.com>

FirelightFlagboy added A-Docs Area: Documentation I-Dependency Impact: related to an dependency labels Jun 27, 2023

FirelightFlagboy self-assigned this Jun 27, 2023

FirelightFlagboy added a commit that referenced this issue Jun 27, 2023

Generate SBOM for generated Package

8560dda

Closes #4770

FirelightFlagboy mentioned this issue Jun 27, 2023

Generate SBOM for generated Package #4771

Merged

FirelightFlagboy added a commit that referenced this issue Jun 27, 2023

Generate SBOM for generated Package

3b1792d

Generate SBOM file for python wheels, electron apps and web app. Closes #4770

FirelightFlagboy added a commit that referenced this issue Jun 27, 2023

Generate SBOM for generated Package

31b9b0e

Generate SBOM file for python wheels, electron apps and web app. Other Changes ------------- - Add `concurrency` to `package-webapp` workflow. Closes #4770

FirelightFlagboy added a commit that referenced this issue Jun 28, 2023

Generate SBOM for generated Package

44dd0f5

Generate SBOM file for python wheels, electron apps and web app. Other Changes ------------- - Add `concurrency` to `package-webapp` workflow. Closes #4770

FirelightFlagboy added a commit that referenced this issue Jun 28, 2023

Generate SBOM for generated Package

b257db5

Generate SBOM file for python wheels, python apps, electron apps and web app. Other Changes ------------- - Add `concurrency` to `package-webapp` workflow. Closes #4770

FirelightFlagboy added a commit that referenced this issue Jun 29, 2023

Generate SBOM for generated Package

37de2da

Generate SBOM file for python wheels, python apps, electron apps and web app. Other Changes ------------- - Add `concurrency` to `package-webapp` workflow. Closes #4770

FirelightFlagboy added a commit that referenced this issue Jun 29, 2023

Generate SBOM for generated Package

ca4f1fb

Generate SBOM file for python wheels, python apps, electron apps and web app. Other Changes ------------- - Add `concurrency` to `package-webapp` workflow. Closes #4770

FirelightFlagboy added a commit that referenced this issue Jun 29, 2023

Generate SBOM for generated Package

7a038f1

Generate SBOM file for python wheels, electron apps and web app. Other Changes ------------- - Add `concurrency` to `package-webapp` workflow. Closes #4770

FirelightFlagboy linked a pull request Jul 3, 2023 that will close this issue

Generate SBOM for generated Package [2.16] #4774

Merged

FirelightFlagboy closed this as completed in #4771 Jul 6, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Generate SBOM for Parsec #4770

Generate SBOM for Parsec #4770

FirelightFlagboy commented Jun 27, 2023 •

edited

Loading

Generate SBOM for Parsec #4770

Generate SBOM for Parsec #4770

Comments

FirelightFlagboy commented Jun 27, 2023 • edited Loading

Footnotes

FirelightFlagboy commented Jun 27, 2023 •

edited

Loading