Our SBOM file should only include deps for the tools binaries and be OS-insensitive

XMLWordPrintableJSON

    • Type: Task
    • Resolution: Done
    • Priority: Major - P3
    • patch-next
    • Affects Version/s: None
    • Component/s: None
    • 1
    • Tools and Replicator
    • 0.25
    • Not Needed

      Problem

      Right now, the SBOM includes all of our deps, including those only used for dev tooling. In addition, the SBOM regeneration code is sensitive to the OS on which it's run. If devs on macOS run it they can get it a different result than on Linux.

      We should include deps for both Linux and macOS in the SBOM.

      Solution & Acceptance Criteria

      Fix the generation script to account for all of this.

      Impact

      Our SBOM will be much more accurate.

              Assignee:
              Dave Rolsky
              Reporter:
              Dave Rolsky
              Felipe Gasper, Michael McClimon
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: