Arnout Engelen
Arnout Engelen
https://github.com/sbt/sbt-sbom/pull/116 is looking for a reviewer :)
When a plugin should still be installed from the app store on Nextcloud N but is bundled in Nextcloud N+1, and both N and N+1 are still supported, a warning...
> Should we add a test for this? I have removed the "-w" option on diff but I think it would be better to leave that in because git crlf...
I like this feature idea, but do we have any particular reason to need it in 1.1.0? I think we can remove it from the milestone, it can be introduced...
I like the feature idea!
we may also need/want to use `.gitattributes` to set the `core.autocrlf` / https://betterstack.com/community/questions/git-replacing-lf-with-crlf/
While it's not explicitly called out, my impression is that the Maven ecosystem case is seen as a form of 'dynamic linking': the library is required, but not included, and...
> I must admit to a bit of disappointment because I liked the idea of the SBOM detailing what the lib version was built with I have the same nagging...
> I kind of think that CycloneDX spec is missing something, if it can't have a built-with-version even if the SBOM itself doesn't suggest what dependency versions are to be...
> I am trying to make an SBOM with the plugin, and I realized the project itself is missing in metadata as component. > > According to the code `https://github.com/sbt/sbt-sbom/blob/v0.4.0/src/main/scala/com/github/sbt/sbom/BomExtractor.scala`...