Fix SBOM generation to not include "mongo-tools" as a dependency

XMLWordPrintableJSON

    • Type: Task
    • Resolution: Done
    • Priority: Major - P3
    • 100.12.1
    • Affects Version/s: None
    • Component/s: None
    • 3
    • TAR 2025-03-31
    • Tools and Replicator
    • 0.25

      For some reason, the SBOM for the tools includes the tools package itself as a dependency. This led to a spurious vulnerability ticket, TOOLS-3789.

      We need to make sure that the tools don't show up as a dependency for the tools in the SBOM. I'm not sure exactly what causes this. It may be something weird in our go.mod, or it may be a bug in silkbomb.

      Once this is fixed, mark TOOLS-3789 as remediated.

            Assignee:
            Shyam Subramaniyam
            Reporter:
            Dave Rolsky
            Felipe Gasper
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: