security(tools): software bill of materials generation #2081
Assignees
Comments
petermetz
added a commit
to petermetz/cacti
that referenced
this issue
Jun 16, 2022
Added a script to generate all SBoMs. The short hand to call the script is by running $ yarn generate-sbom and then it saves all the different .spdx files under ./dist/sbom/* where the file names are derived from the relative path of the directory of the build definition. Fixes hyperledger-cacti#2081 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz
added a commit
to petermetz/cacti
that referenced
this issue
Jul 11, 2022
Added a script to generate all SBoMs. The short hand to call the script is by running $ yarn generate-sbom and then it saves all the different .spdx files under ./dist/sbom/* where the file names are derived from the relative path of the directory of the build definition. Fixes hyperledger-cacti#2081 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz
added a commit
to petermetz/cacti
that referenced
this issue
Jul 19, 2023
Added a script to generate a .csv SBoM for npm package dependencies. The short hand to call the script is by running $ yarn tools:generate-sbom and then it saves all a .csv file with the combined output under `./dist/sbom/` Fixes hyperledger-cacti#2081 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz
added a commit
to petermetz/cacti
that referenced
this issue
Jul 22, 2023
Added a script to generate a .csv SBoM for npm package dependencies. The short hand to call the script is by running $ yarn tools:generate-sbom and then it saves all a .csv file with the combined output under `./dist/sbom/` Fixes hyperledger-cacti#2081 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz
added a commit
that referenced
this issue
Jul 22, 2023
Added a script to generate a .csv SBoM for npm package dependencies. The short hand to call the script is by running $ yarn tools:generate-sbom and then it saves all a .csv file with the combined output under `./dist/sbom/` Fixes #2081 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
sandeepnRES
pushed a commit
to sandeepnRES/cacti
that referenced
this issue
Dec 21, 2023
Added a script to generate a .csv SBoM for npm package dependencies. The short hand to call the script is by running $ yarn tools:generate-sbom and then it saves all a .csv file with the combined output under `./dist/sbom/` Fixes hyperledger-cacti#2081 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
As a maintainer I want to have the ability to generate a comprehensive SBoM easily with a single script so that when it's time to release the software we can do this easily (and fully automated in the future of course via GitHub actions)
Acceptance Criteria
./tools/directory that can generate SBoM(s) for the entire projectThe text was updated successfully, but these errors were encountered: