Sergey "Shnatsel" Davidoff
Sergey "Shnatsel" Davidoff
I understand that this PR does not publish to crates.io. We have a [legacy workflow](https://github.com/CycloneDX/cyclonedx-rust-cargo/blob/main/.github/workflows/deploy_cargo_cyclonedx.yml) which does, and which also compiled binaries. The binary publishing part will have to be...
We have sorted out the publishing permissions (thanks, Steve!) so the release process should be a lot less risky now. I was about to ask how to go about upgrading...
Oh, SBOMs in cargo-dist sounds great! If you run into any issues with the tool, or have any questions, please let me know. I am happy to help!
I suppose I could trigger this workflow to build executables for an existing release without blocking on shipping CycloneDX 1.5. The workflow is currently only triggered by pushing a version...
Alternatively I should be able to get the new release out of the door in a day or two.
I've opened a PR for shipping `cyclonedx-bom` v0.6.0: #710 Once that's done, I can finally revert #488, merge this PR, and have the tag automatically trigger a build with the...
This is implemented in latest git, and we're going to ship a release with this soon. Closing. If you find something that is missing, please let us know by opening...
I'd be happy to have a PR for it! We should also update the repo's README listing it as a possible installation option. It'd be great to get a release...
Or just move away from using the filesystem paths in them for local dependencies. Technically the only requirement for them is to be unique; a hash will also work, although...
PURLs do already include the VCS URL for [dependencies from git](https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html#specifying-dependencies-from-git-repositories); if you want to recover it, that's what you should be looking at, not `bom-ref`. `bom-ref` is an opaque...