diff --git a/.github/technolinator.yml b/.github/technolinator.yml new file mode 100644 index 00000000000..3ccc2c5eccd --- /dev/null +++ b/.github/technolinator.yml @@ -0,0 +1,18 @@ +# whether Technolinator does analysis at all; default: true +enable: true +# whether Technolinator shall comment vulnerability reports to pull-requests +enablePullRequestReport: false +analysis: + # whether cdxgen should scan for projects recursively in 'location' or only 'location' itself; default: true + recursive: true + # include only 'required' scoped dependencies to created BOM + requiredScopeOnly: false + # create sbom with evidence (slows down the process) + evidence: true + # exclude the kalium directory because a) it throws errors that can't be resolved and b) it doesn't matter, as its + # scanned as its own project anyway and it would be a duplicated effort + # excludes: + # - kalium +jdk: + # select JDK version used by cdxgen on JVM based projects + version: 17