pnoltes opened a new issue, #824:
URL: https://github.com/apache/celix/issues/824
Update the CI to generate a Software Bill of Materials (SBOM) as part of the
ASF Celix CI pipeline.
# Notes / Open questions
- We currently do not commit conan.lock to SCM
- Should the lockfile be generated in CI and used for SBOM generation?
- Which SBOM gen technology to use (cdxgen, sbomify, etc)?
It is ok to provide a proposal in a pull request.
Contributions, tooling suggestions, and prior experience are very welcome.
# Expected outcome
- CI job that generates an SBOM
- SBOM published as a CI artifact
- Short documentation describing: how the SBOM is generates
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
