Uploaded image for project: 'MongoDB Database Tools'
  1. MongoDB Database Tools
  2. TOOLS-3799

Fix SBOM generation to not include "mongo-tools" as a dependency

XMLWordPrintableJSON

    • Type: Icon: Task Task
    • Resolution: Unresolved
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • 3
    • Tools and Replicator
    • 10

      For some reason, the SBOM for the tools includes the tools package itself as a dependency. This led to a spurious vulnerability ticket, TOOLS-3789.

      We need to make sure that the tools don't show up as a dependency for the tools in the SBOM. I'm not sure exactly what causes this. It may be something weird in our go.mod, or it may be a bug in silkbomb.

      Once this is fixed, mark TOOLS-3789 as remediated.

            Assignee:
            Unassigned Unassigned
            Reporter:
            dave.rolsky@mongodb.com Dave Rolsky
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: