Uncle Joe

There should be a test that generate a file (preferably in markdown) containing the translations that is missing tags. The file should be uploaded to a pull-reguest and the pre-release....

instead of generating a file for the pre-release, it would be even better to upload the markdown output as part of the pre-release description. That way, the markdown formatting will...

We need to make sure we release it as well: https://github.com/OWASP/cornucopia/actions/runs/18412255568/job/52467450543

It’s only creating sbom for the card converter so we need to look at that as well. [bom.xml](https://github.com/user-attachments/files/22856610/bom.xml) [reports.zip](https://github.com/user-attachments/files/22856612/reports.zip)

Instead of the upload-artifact step we can try this: ``` - name: Add file to existing release uses: softprops/action-gh-release@v2 if: startsWith(github.ref, 'refs/tags/') with: files: reports ``` Then trigger the dependency...

generating a report for each pull-request, besides for testing, might not give that much value when I think about it.

Yes, my line of thought is that the value here is for others to have a full overview of our dependencies, not necessarily for us to have one.

Would love to import the Mobile App Edition too, but we need the MASTG tests and the MASVS requirements imported first for it to make sense.

So my end goal is to be able, both from threat dragon, and from copi.owasp.org to be able to combine the security requirement analysis process according to best SDLC practices...

We could just maintain CRE links from http://cornucopia.owasp.org as well. What I wonder is. From OpenCRE, wouldn't there be a benefit from being able to combine threat modeling with the...