Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[feat]: Generate a Software Bill of Materials (SBOM) as part of the build process #457

Open
millerjp opened this issue Sep 25, 2024 · 2 comments · May be fixed by #459
Open

[feat]: Generate a Software Bill of Materials (SBOM) as part of the build process #457

millerjp opened this issue Sep 25, 2024 · 2 comments · May be fixed by #459
Assignees
@digiserg
Labels
All OS All OS build enhancement New feature or request major issue Major issue, lots of change and testing Security Security Related Issues
Milestone
v1.1.0-release

Comments

@millerjp
Copy link
Contributor

millerjp commented Sep 25, 2024
edited
Loading

An SBOM is a detailed inventory of all components within a software application, including open-source libraries, third-party dependencies, licenses, and known vulnerabilities. It serves as a critical tool for managing software supply chain risks, ensuring compliance, and enhancing security.

Its becoming more common on desktop apps and we should adopt this to allow for easier use in enterprises that require a SBOM.

We should standardise on
https://github.com/anchore/syft
and use
https://github.com/anchore/grype for the code scanning

Feedback from the team is that grype is identifying issues Sonar is missing.

The outputted sbom should be added as a release artifact artefact.
@millerjp millerjp added enhancement New feature or request All OS All OS Security Security Related Issues build major issue Major issue, lots of change and testing labels Sep 25, 2024
@millerjp millerjp added this to the v1.1.0-release milestone Sep 25, 2024
@millerjp millerjp mentioned this issue Sep 25, 2024
Open
@millerjp
Copy link
Contributor Author

We should also add this as a link in the info section (see #458 )

@digiserg
Copy link
Collaborator

https://github.com/axonops/axonops-workbench-cassandra/actions/runs/11037417382/job/30658223143

first attempt. Not sure how this works though

@digiserg digiserg linked a pull request Sep 26, 2024 that will close this issue
Open
@digiserg digiserg linked a pull request Sep 26, 2024 that will close this issue
Generate a software bill of materials SBOM as part of the build process #459
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@digiserg digiserg

Labels
All OS All OS build enhancement New feature or request major issue Major issue, lots of change and testing Security Security Related Issues
Projects
None yet
Milestone
v1.1.0-release
2 participants
@millerjp @digiserg