Jan Kowalleck
Jan Kowalleck
The license text feature was removed from the code, to ease the way to v1.0/MVP. With the v1.0 release candidate being public for some time now, i do not expect...
A similar feature was added to the webpack plugin see https://github.com/CycloneDX/cyclonedx-webpack-plugin/pull/1309 see https://github.com/CycloneDX/cyclonedx-webpack-plugin/pull/1312
this feature was released via [v1.1.0](https://github.com/CycloneDX/cyclonedx-node-yarn/releases/tag/v1.1.0)
currently not possible due to technocal limitations -- see #52
#52 proved, that this feature is not that easy: XML validation requires gyp - which is not bundle-able as a plugin ... and then the schema files are not resolvable...
even though the validation is not possible in the yarn plugin itself, it might be possible for the CLI wrapper that is issued by `yarn dlx`?
@MLSTRM before I review your work, I need to ask: Please sign off your commits, to show that you agree to publish your changes under the current terms and licenses...
idea: have a testbed that is somplete, but dont add it to the `setup.js`, and still run tests on it ...
> We are already distributing SBOMs with our container images as In-Toto attestations and are very happy that scanners like Trivy are able to pick up the BOM and use...
@glefloch could you review this PR and maybe merge/release it?