central-ledger icon indicating copy to clipboard operation
central-ledger copied to clipboard
verified publisher icon mojaloop

chore(3861): generated cyclonedx sbom

Open s-prak opened this issue 1 year ago • 2 comments

Description

This pull request introduces a CycloneDX Software Bill of Materials (SBOM) for this project, generated using GitHub Actions. The SBOM provides a detailed inventory of the components and dependencies used within the project, aiding in vulnerability management and license compliance.

Key Changes:

  1. Added: sbom.xml (CycloneDX format) to the repository. (path - ./sbom.xml)
  2. Workflow YAML: sbom.yml for automating the SBOM generation.

Workflow Details:

  1. File: .github/workflows/generate-sbom.yml
  2. Purpose: Automates the generation of the CycloneDX SBOM whenever changes are pushed to the repository.
  3. Trigger: The workflow is triggered on push events

Documentation

https://docs.google.com/document/d/11cxkkOihsWAK7Sd1CATBagrhC6kquDzmMamaQ_xAjeU/edit

s-prak avatar Jun 19 '24 14:06 s-prak

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Jun 19 '24 14:06 CLAassistant

Quality Gate Failed Quality Gate failed

Failed conditions
11.9% Duplication on New Code (required ≤ 3%)
C Reliability Rating on New Code (required ≥ A)

See analysis details on SonarCloud

Catch issues before they fail your Quality Gate with our IDE extension SonarLint

sonarqubecloud[bot] avatar Jul 31 '24 02:07 sonarqubecloud[bot]

hi @s-prak , can this be closed now as sbom / deprecations check is now part of the standard ci process here?

elnyry-sam-k avatar Jan 27 '25 11:01 elnyry-sam-k