Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generation Software Bill of Materials (SBOM) #4314

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Generation Software Bill of Materials (SBOM) #4314

wants to merge 2 commits into from

Conversation

gamlerhart
Copy link
Contributor

Motivation: Often larger projects need a
Software Bill of Materials (SBOM) to track dependencies across their projects.
So the project can track things like vulnerable
components, licenses etc.

  • Refactor Courier support to return the original dependency as well.
  • Start of support for CycloneDX format

This is more a QnA pull request.

@gamlerhart gamlerhart changed the title WIP: Generation Software Bill of Materials (SBOM) Questions PR: Generation Software Bill of Materials (SBOM) Jan 13, 2025
gamlerhart
gamlerhart commented Jan 13, 2025
View reviewed changes
Copy link
Contributor Author

@gamlerhart gamlerhart left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added my questions as code review annotations.

main/util/src/mill/util/CoursierSupport.scala Show resolved Hide resolved
scalalib/src/mill/javalib/sbom/CycloneDX.scala Outdated Show resolved Hide resolved
scalalib/src/mill/javalib/sbom/CycloneDX.scala Outdated
import java.time.Instant
import java.util.{Base64, UUID}

object CycloneDXModule {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ignore the Module: Needs a bit more work =).

@gamlerhart gamlerhart changed the title Questions PR: Generation Software Bill of Materials (SBOM) Generation Software Bill of Materials (SBOM) Jan 20, 2025
@gamlerhart gamlerhart force-pushed the experiment-sbom branch 3 times, most recently from 072d39a to e9307ac Compare January 28, 2025 21:21
@gamlerhart
WIP: Generation Software Bill of Materials (SBOM)
04b6187 
Motivation: Often larger projects need a
Software Bill of Materials (SBOM) to track dependencies
across their projects.
So the project can track things like vulnerable
components, licenses etc.

- Refactor Coursier support to return the
original dependency as well.
- Start of support for CycloneDX format
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lihaoyi lihaoyi lihaoyi left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gamlerhart @lihaoyi