Patrick Dwyer
Patrick Dwyer
> Is there a way in the CycloneDX BOM Repo Server to disable publishing, and yet side-load SBOMs to the repo server? I want the ability to release a project...
The other benefit of using BRS is that retention of the original BOM can be offloaded to BRS too.
Can do @stevespringett Hi @elear, should the media type be `application/vnd.cyclonedx+jsonseq` or `application/vnd.cyclonedx+json-seq` to align with RFC7464?
From my looking it is explicitly set to [x64](https://github.com/actions/setup-dotnet/blob/7df9f59802b508a78c4e4e0f48c27ed646a9158c/src/installer.ts#L117) It's probably a corner case, but it could cause issues if someone is running an x86 self hosted runner.
Don't be limited by what I managed to implement for merging in the CLI tool. It still requires some work. Especially around the flat merging approach. i.e. it doesn't handle...
Thanks @nblumhardt
I've increased the limit to 100Mb. I should probably make this configurable or just use the maximum allowed size. The file handling is all done client side. So you can...
I'm interested in how this will differ from something like package URL and OSS Index?
Yeah, package URLs aren't much different to that example you gave for querying for an npm package. It should be easy to translate between the two.
This was actually my initial approach, and my personal preference. But I ended up going with a query string parameter as I wasn't sure how easy folks would find correctly...