Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Paketo RFC 0038: CycloneDX + Syft SBOM #628

Closed
7 tasks done
sophiewigmore opened this issue Dec 16, 2021 · 0 comments · Fixed by #728
Closed
7 tasks done

Implement Paketo RFC 0038: CycloneDX + Syft SBOM #628

sophiewigmore opened this issue Dec 16, 2021 · 0 comments · Fixed by #728
Assignees
@ForestEckhardt
Labels
enhancement A new feature or request

Comments

@sophiewigmore
Copy link
Member

sophiewigmore commented Dec 16, 2021
edited by ForestEckhardt
Loading

To implement Paketo RFC0038, this buildpack (and the implementation buildpacks inside) will need to move from storing SBOM information in layer metadata to storing it in files that the CNB lifecycle can manipulate during the build. The RFC outlines what these files are and what they should contain.

This issue serves as a meta-issue for work required to complete this work for the .NET Core language family. This will require:

This is most labor-intensive part of this track of work, so we should kick off the work for these issues first:

Dependent on outcome from #650:
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ForestEckhardt ForestEckhardt

Labels
enhancement A new feature or request
Projects
Paketo Workstreams
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Adds check for sbom file output paketo-buildpacks/dotnet-core
2 participants
@ForestEckhardt @sophiewigmore