New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade Jenkins X repositories to support generating and store SBOMs #8348
Comments
|
|
|
|
|
|
|
|
We aim to enhance the supply chain security of Jenkins X by adding SBOM generation to the release pipeline of each jx binary.
The current procedure for this is to include two important steps from the documentation
This is the tentative list of repositories (the list will be updated if we find any missing repositories) that we should upgrade:
jx-kubeclient - no other jx dependencies
go-scm - no other jx dependencies
logrus-stackdriver-formatter - no jx dependencies
lighthouse
go-scm
jx-logging:
logrus-stackdriver-formatter
secretfacade
jx-logging
jx-api
jx-logging
jx-helpers
github.com/jenkins-x/go-scm
github.com/jenkins-x/jx-api
github.com/jenkins-x/jx-kube-client
github.com/jenkins-x/jx-logging
jx-git-operator
bdd-jx3
jx-gitops
jx-changelog
jx-secret
jx-admin
jx-preview
jx-promote
jx-updatebot
jx-scm
jx-registry
jx-slack
jx-release-version
jx-verify
jx-application
NOTE: it's fine if you don't follow the order, the order is only there to limit the number of PRs we open as part of an upgraded effort
We will use this issue to keep track of which repositories have been upgraded.
If you are interested in contributing, please comment
When opening a PR in these repos to support SBOMs, remember to include
Don't use fixes as that will close this issue once ur PR is merged.
Once your PR is merged, comment on this issue:
If you encounter any issues when upgrading, please make a note of that issue and how you fixed it in this PR, so that it helps other contributors. Remember to comment back on the issue and fix it in this PR, so others can see it.
We will start working on this issue on Sep 6
The text was updated successfully, but these errors were encountered: