bom icon indicating copy to clipboard operation
bom copied to clipboard
verified publisher icon kubernetes-sigs

Include license list in distribution

Open puerco opened this issue 3 years ago • 6 comments

What would you like to be added:

The SPDX license list should be included with the bom distribution to avoid downloading it.

Why is this needed:

On first run, bom will download the SPDX license list. When generating a quick SBOM from a cold start like this the license download can be a bit cumbersome. It can also lead to a CI/CD failure when running bom in a pipeline.

I think we should exploring compiling the license list into a distributable form (a tarball or similar) and shipping it with the binary. I think using go embed could be the way to go to do this.

puerco avatar Jan 29 '22 02:01 puerco

I can take care of that one. Would you mind assigning it to me?

developer-guy avatar Mar 14 '22 05:03 developer-guy

@puerco https://github.com/spdx/license-list-data

developer-guy avatar Mar 14 '22 08:03 developer-guy

https://github.com/google/licensecheck

developer-guy avatar Mar 14 '22 08:03 developer-guy

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Jun 13 '22 16:06 k8s-triage-robot

/remove-lifecycle stale

puerco avatar Jun 13 '22 16:06 puerco

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Sep 11 '22 16:09 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot avatar Oct 11 '22 17:10 k8s-triage-robot

/remove-lifecycle rotten

puerco avatar Nov 07 '22 04:11 puerco

/assign

sbs2001 avatar Nov 07 '22 05:11 sbs2001

@developer-guy I'd like to take a shot at this, if that's cool with you.

sbs2001 avatar Nov 07 '22 05:11 sbs2001

Awesome, go for it! :tada:

puerco avatar Nov 07 '22 05:11 puerco

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Feb 05 '23 06:02 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle rotten
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot avatar Mar 07 '23 06:03 k8s-triage-robot

/remove-lifecycle rotten

puerco avatar Mar 15 '23 00:03 puerco