Fix SBOM generation to not include "mongo-tools" as a dependency

XMLWordPrintableJSON

    • Type: Task
    • Resolution: Done
    • Priority: Major - P3
    • 100.12.1
    • Affects Version/s: None
    • Component/s: None
    • 3
    • TAR 2025-03-31
    • Tools and Replicator
    • 0.25

      For some reason, the SBOM for the tools includes the tools package itself as a dependency. This led to a spurious vulnerability ticket, TOOLS-3789.

      We need to make sure that the tools don't show up as a dependency for the tools in the SBOM. I'm not sure exactly what causes this. It may be something weird in our go.mod, or it may be a bug in silkbomb.

      Once this is fixed, mark TOOLS-3789 as remediated.

              Assignee:
              Shyam Subramaniyam
              Reporter:
              Dave Rolsky
              Felipe Gasper
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: