You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The sbom should capture all external tools with their version / digests that are downloaded during the build. This mainly concerns the cyclonedx tools / dependencies.
Ideally, in the long run, there should not be a need to download these tools externally for each build, but they could be hosted in a tool repository that is checked out using a defined commit during the build to avoid relying on external services as much as possible.
The text was updated successfully, but these errors were encountered:
While the checksums are stored in the ant build file, we can generate those for the artifacts on the file system at SBoM creation time and incorporate those.
The sbom should capture all external tools with their version / digests that are downloaded during the build. This mainly concerns the cyclonedx tools / dependencies.
Ideally, in the long run, there should not be a need to download these tools externally for each build, but they could be hosted in a tool repository that is checked out using a defined commit during the build to avoid relying on external services as much as possible.
The text was updated successfully, but these errors were encountered: