sbt-bom icon indicating copy to clipboard operation
sbt-bom copied to clipboard
verified publisher icon siculo

Sbt Project is Missing as Component in Metadata

Open JayMandala opened this issue 10 months ago • 3 comments

I am trying to make an SBOM with the plugin, and I realized the project itself is missing in metadata as component.

According to the code https://github.com/sbt/sbt-sbom/blob/v0.4.0/src/main/scala/com/github/sbt/sbom/BomExtractor.scala Line 49 I noticed that metadata only consists of timestamp and tools

I might have missed a flag or settings, that enables the said project to be included in the metadata as component. If that's the case, may I get a direction to the said documentation?

If not, is there any workaround for that?

JayMandala avatar Feb 25 '25 13:02 JayMandala

I am trying to make an SBOM with the plugin, and I realized the project itself is missing in metadata as component.

According to the code https://github.com/sbt/sbt-sbom/blob/v0.4.0/src/main/scala/com/github/sbt/sbom/BomExtractor.scala Line 49 I noticed that metadata only consists of timestamp and tools

I might have missed a flag or settings, that enables the said project to be included in the metadata as component. If that's the case, may I get a direction to the said documentation?

I think your observation that they're just missing is correct

If not, is there any workaround for that?

We'd love a contribution that adds those!

raboof avatar Feb 25 '25 14:02 raboof

I would like to try to give contribution to add the missing component.

I am trying to find the contributor agreement of sbt-sbom, Other than https://github.com/sbt/.github/blob/master/CODE_OF_CONDUCT.md, Is there anything else i need to look for, before i can fork the code and start working on it?

(accidentally chose the wrong option when posting comment)

JayMandala avatar Feb 26 '25 08:02 JayMandala

I would like to try to give contribution to add the missing component.

Awesome!

I am trying to find the contributor agreement of sbt-sbom, Other than https://github.com/sbt/.github/blob/master/CODE_OF_CONDUCT.md, Is there anything else i need to look for, before i can fork the code and start working on it?

Nope, just go ahead! Of course your contribution should be your own work and you will contribute it under the MIT license, but we require nothing in particular beyond that.

raboof avatar Feb 26 '25 08:02 raboof

Also I believe this one is also done, after #162 merge

JayMandala avatar Sep 19 '25 13:09 JayMandala

Jup, yay!

raboof avatar Sep 19 '25 13:09 raboof