-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add improved SBOM reports #746
Conversation
🦋 Changeset detectedLatest commit: b18159f The changes in this PR will be included in the next version bump. This PR includes changesets to release 2 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
a16f704
to
75d8dc8
Compare
uses: actions/upload-artifact@v4 | ||
with: | ||
name: matrix-meetings-bot-sbom-spdx-report | ||
path: 'matrix-meetings-bot.sbom.spdx.json' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you're right, they are not listed there. But they are being uploaded and the logs reference the uploaded file. I'll check if we need to adjust the artifact path because of having two builds in the same workflow.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Signed-off-by: Milton Moura <[email protected]>
Signed-off-by: Milton Moura <[email protected]>
Co-authored-by: maheichyk <[email protected]> Signed-off-by: Milton Moura <[email protected]>
34beaa6
to
b18159f
Compare
This PR improves the SBOM reporting process by:
yarn.lock
SBOM scan report within the hosted widget assets at<URL>/sbom.spdx.json
yarn.lock
SBOM scan report of the bot at/usr/local/share/doc/
✔️ Checklist
Signed-off-by
line in the message (more info).