js-sdk-contrib icon indicating copy to clipboard operation
js-sdk-contrib copied to clipboard

Published 20 hours ago verified publisher icon open-feature

Generate SBOMs for JS components

Open toddbaert opened this issue 1 year ago • 0 comments

We have SBOMs currently for Java and Go contribs. We could use them here as well. I recommend this utility: https://github.com/marketplace/actions/cyclonedx-node-js-generate-sbom (we're using the clyclonedx format elsewhere and it's popular).

Definition of done:

  • SBOMs generated and attached to release artifact in GH, or otherwise made publicly available (for every release)
  • runtime dependencies only included
  • only includes dependencies of module in question (not of repo)

Relates to: https://github.com/open-feature/js-sdk/issues/649

toddbaert avatar Nov 01 '23 17:11 toddbaert