Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate SBOM information for all Open Horizon components at each release. #117

Open
TheMosquito opened this issue Jul 18, 2022 · 2 comments
Open

Generate SBOM information for all Open Horizon components at each release. #117

TheMosquito opened this issue Jul 18, 2022 · 2 comments
Assignees
@joewxboy @bencourliss
Labels
enhancement New feature or request

Comments

@TheMosquito
Copy link
Member

Following from US gov't "EO 14028" (Google that string for more info) all US gov't software procurement will require SBOM information. Other industries will likely follow. It should bee pretty straightforward to generate this SBOM information during release builds using tools like Syft (https://github.com/anchore/syft).
@joewxboy
Copy link
Member

@bencourliss and @dabooz is this large enough to be treated as a Feature, or should it be kept as an issue?

@joewxboy joewxboy added the enhancement New feature or request label Jul 18, 2022
@joewxboy
Copy link
Member

@bencourliss Does this have any dependencies on migrating any automation, or can/should it be done with existing automation?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@joewxboy joewxboy

@bencourliss bencourliss

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@joewxboy @bencourliss @TheMosquito