-
Notifications
You must be signed in to change notification settings - Fork 399
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
remove support for CycloneDX SBOMs #1333
Conversation
Signed-off-by: Jason Hall <jason@chainguard.dev>
Signed-off-by: Jason Hall <jason@chainguard.dev>
sorry for being out of the loop, but, can I ask why its been removed? |
also, this removes go modules sboms as well 🤔 |
cyclonedx and go.version-m were removed from latest ko version ko-build/ko#1333 --------- Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
That option was never really supported or documented. As for cyclonedx, I'm not aware of any user that used it, and there were more than a few bugs in it. It seemed not worth the effort to fix them, based on usage. If you're aware of users of either of these features, let me know, we can talk about next steps for them. |
ah, that's fair! it was allowed on goreleaser's ko integration, but no idea if anyone used it (I have never seen). fwiw, i removed both options from goreleaser too: |
We were using it in our Kubecost disk-autoscaler program and this has broken our releaser workflows :) I guess we'll have to use SPDX from now on. |
No description provided.