Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Publish SBOM for Flux and the GitOps Toolkit components #2302

Closed
8 tasks done
Tracked by #2308
stefanprodan opened this issue Jan 18, 2022 · 0 comments
Closed
8 tasks done
Tracked by #2308

Publish SBOM for Flux and the GitOps Toolkit components #2302

stefanprodan opened this issue Jan 18, 2022 · 0 comments
Assignees
@stefanprodan
Labels
area/ci CI related issues and pull requests enhancement New feature or request

Comments

@stefanprodan
Copy link
Member

stefanprodan commented Jan 18, 2022
edited
Loading

We should generate and publish a Software Bill of Materials (SBOM) as a release artifact for all Flux projects. To generate a SBOM for Flux Go modules and their dependencies, we can use Syft and GoReleaser. The published SBOM should be in SPDX format.

Projects:

  • flux2
  • source-controller
  • kustomize-controller
  • helm-controller
  • notification-controller
  • image-reflector-controller
  • image-automation-controller
  • source-watcher
@stefanprodan stefanprodan added the enhancement New feature or request label Jan 18, 2022
@stefanprodan stefanprodan self-assigned this Jan 18, 2022
This was referenced Jan 18, 2022
Merged
Merged
@stefanprodan stefanprodan added the area/ci CI related issues and pull requests label Jan 18, 2022
This was referenced Jan 19, 2022
Closed
Merged
Merged
Merged
Merged
Merged
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@stefanprodan stefanprodan

Labels
area/ci CI related issues and pull requests enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@stefanprodan