Miserlou
[🚧 WIP] Add SBOM (and automate the process)
This commit adds an SBOM to the repository and will automate the process for future use.
SBOM is using the Cyclone DX 1.4 SBOM specification and is currently being generated in XML (this may change in the future to JSON, if it's determined preferable).
Special Thanks to @aFuzzyBear for assistance with the Astro-specific knowledge required to complete these audits.
⚠️ No Changeset found
Latest commit: cefa0e03537234205ca4d1b5828f7c3b573a8103
Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.
This PR includes no changesets
When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types
Click here to learn what changesets are, and how to add one.
Click here if you're a maintainer who wants to add a changeset to this PR
![changeset-bot[bot] avatar](https://avatars.githubusercontent.com/in/28616?v=4 "Published by a pub.dev verified publisher"){kind=small}
I added the script to autogenerate the sboms. I also replaced the .xml sboms with .json sboms.
The script isn't the most elegant thing in the world, but it works, which, for now, is good enough for me. It most definatly would need to be improved before this PR is ready for review.
@matthewp Yes, I need to meet with @natemoo-re and discuss what we will do with this. I would also love to find a smarter way of automating this.
Going to close for now as this is stale, please feel free to reopen when you are closer to being ready.