[Bug]: Incorrect cover of CLO Monitor SBOM check. #437
Labels
Comments
|
I think this could be marked as a good first issue. Looking into the output of SBOM information into the releases so people benefit from it and we will have a correct coverage of the check. |
|
@jkjell could you take a look at this proposal? |
|
Yeah, we definitely should fix this. Since we use goreleaser, it should be pretty easy to add the extra config into the |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What steps did you take and what happened:
It looks like the check for SBOM by CLO Monitor is not correct. We do not output SBOM yet on the project in a parsable location. The reason the check is succesfull is because of an article on SBOM that matches the regex.
What did you expect to happen:
I reviewed the CLO Monitor for go-witness because it had not green SBOM check. Looking at the witness project for its way of providing the SBOM I noticed it did no 'provide' the SBOM. It was only green because of the article link mentioning SBOM in the README.
https://clomonitor.io/projects/cncf/in-toto#witness_security
Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]
The text was updated successfully, but these errors were encountered: