Skip to content

Generate SBOMs for JS components #629

New issue
New issue
Open
Open
Generate SBOMs for JS components#629
Labels
contribfestA good issue for Contribfest KubeCon EU '24good first issueGood for newcomershelp wantedExtra attention is neededsecuritysecurity related bugs/tasks
@toddbaert

Description

@toddbaert
toddbaert
opened on Nov 1, 2023

We have SBOMs currently for Java and Go contribs. We could use them here as well. I recommend this utility: https://github.com/marketplace/actions/cyclonedx-node-js-generate-sbom (we're using the clyclonedx format elsewhere and it's popular).

Definition of done:

  • SBOMs generated and attached to release artifact in GH, or otherwise made publicly available (for every release)
  • runtime dependencies only included
  • only includes dependencies of module in question (not of repo)

Relates to: open-feature/js-sdk#649

Metadata

Metadata

Assignees

No one assigned

    Labels

    contribfestA good issue for Contribfest KubeCon EU '24good first issueGood for newcomershelp wantedExtra attention is neededsecuritysecurity related bugs/tasks

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions