Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Done
Priority: Minor - P4
Fix Version/s: 8.3.0-rc0, 8.2.2, 7.0.26, 8.0.16
Affects Version/s: None
Component/s: None
Labels:
None

Backport Requested:

v8.2, v8.0, v7.0
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

ToDo:
Add evergreen build task (should be triggered in the Build process) that upload generated SBOM to Kondukto using SilkBomb.

Only for the following branches:
master, v7.0, v8.0, v8.1, v8.2

Motivation:

Previously, SBOM in GitHub was being consumed by Black Duck and Kondukto pulled data from Black Duck via an integration. Now that Blackduck will be out of the picture, we need a mechanism for Kondutko to get SBOM updates that don't require manual uploading to Kondukto.

Definition of Done:

SBOM being visible and parsed by Kondukto so it can scan dependencies for vulnerabilities.

Assignee:: Eduard Kovalets
Reporter:: Eduard Kovalets
Participants:: Eduard Kovalets, Githook User
Votes:: 0 Vote for this issue
Watchers:: 3 Start watching this issue

Created:: Sep 05 2025 10:35:20 PM UTC
Updated:: Oct 14 2025 10:03:49 PM UTC
Resolved:: Oct 14 2025 09:27:36 PM UTC
Target end:: 17/Oct/25

Details

Description

Attachments

Activity

People

Dates