Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

remove support for CycloneDX SBOMs #1333

Merged
merged 2 commits into from
Jun 10, 2024
Merged

Conversation

imjasonh
Copy link
Member

No description provided.

Signed-off-by: Jason Hall <jason@chainguard.dev>
Signed-off-by: Jason Hall <jason@chainguard.dev>
@imjasonh imjasonh enabled auto-merge (rebase) June 10, 2024 04:32
@imjasonh imjasonh merged commit 065b56d into ko-build:main Jun 10, 2024
19 checks passed
@caarlos0
Copy link
Contributor

caarlos0 commented Aug 9, 2024

sorry for being out of the loop, but, can I ask why its been removed?

@caarlos0
Copy link
Contributor

caarlos0 commented Aug 9, 2024

also, this removes go modules sboms as well 🤔

caarlos0 added a commit to goreleaser/goreleaser that referenced this pull request Aug 9, 2024
cyclonedx and go.version-m were removed from latest ko version

ko-build/ko#1333

---------

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
@imjasonh
Copy link
Member Author

also, this removes go modules sboms as well 🤔

That option was never really supported or documented.

As for cyclonedx, I'm not aware of any user that used it, and there were more than a few bugs in it. It seemed not worth the effort to fix them, based on usage.

If you're aware of users of either of these features, let me know, we can talk about next steps for them.

@caarlos0
Copy link
Contributor

ah, that's fair!

it was allowed on goreleaser's ko integration, but no idea if anyone used it (I have never seen).

fwiw, i removed both options from goreleaser too:

@chipzoller
Copy link

chipzoller commented Oct 16, 2024

We were using it in our Kubecost disk-autoscaler program and this has broken our releaser workflows :) I guess we'll have to use SPDX from now on.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants