[GODRIVER-3109] Create list of third party dependencies and versions for Go Driver Created: 26/Jan/24  Updated: 02/Feb/24

Status: Waiting for Reporter
Project: Go Driver
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Unknown
Reporter: Ryan Timmons Assignee: Steve Silvester
Resolution: Unresolved Votes: 0
Labels: ssdlc
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Epic Link: GODRIVER-3052
Quarter: FY25Q1
Assigned Teams:
Go Drivers
Documentation Changes Summary:

1. What would you like to communicate to the user about this feature?
2. Would you like the user to see examples of the syntax and/or executable code and its output?
3. Which versions of the driver/connector does this apply to?


 Description   

As a part of the SSDLC initiative, we are asking shipped products to declare the current state of their dependencies as we build out more automation. Please see further instructions on the spreadsheet located at go/sbom-prep-sheet. Please reach out to #rnd-vulnerability-management with any questions. This ticket can be resolved once the spreadsheet is populated for your teams’ products.



 Comments   
Comment by Steve Silvester [ 01/Feb/24 ]

I updated the sheet

Comment by Steve Silvester [ 01/Feb/24 ]

Better option:

go install github.com/ozonru/cyclonedx-go/cmd/cyclonedx-go@latest
cyclonedx-go 

Comment by Ryan Timmons [ 31/Jan/24 ]

Thanks, Steve. Please see this thread on slack for relevant commentary on the github sbom feature:
https://mongodb.slack.com/archives/C05N744KWQ4/p1706572368119929
If you have confidence in the accuracy of the data provided by that option then please feel free to copy that into the spreadsheet.

Comment by Steve Silvester [ 30/Jan/24 ]

https://github.com/mongodb/mongo-go-driver/network/dependencies has the option to export an SBOM.

Generated at Thu Feb 08 08:40:05 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.