Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Paketo RFC 0038: CycloneDX + Syft SBOM #496

Closed
2 of 6 tasks
fg-j opened this issue Dec 1, 2021 · 7 comments
Closed
2 of 6 tasks

Implement Paketo RFC 0038: CycloneDX + Syft SBOM #496

fg-j opened this issue Dec 1, 2021 · 7 comments
Milestone
Nodejs v1.0.0

Comments

@fg-j
Copy link

fg-j commented Dec 1, 2021
edited
Loading

To implement Paketo RFC0038, this buildpack (and the implementation buildpacks inside) will need to move from storing SBOM information in layer metadata to storing it in files that the CNB lifecycle can manipulate during the build. The RFC outlines what these files are and what they should contain.

This issue serves as a meta-issue for work required to complete this work for the Nodejs language family. This will require (link Github issues as they are created):
@fg-j fg-j added this to the Nodejs v1.0.0 milestone Dec 1, 2021
@fg-j
Copy link
Author

fg-j commented Dec 1, 2021

This is currently blocked on adding sbom features in packit paketo-buildpacks/packit#255

@fg-j fg-j added the status/blocked This issue has been triaged and resolving it is blocked on some other issue label Dec 1, 2021
@fg-j fg-j mentioned this issue Dec 1, 2021
Closed
@robdimsdale
Copy link
Member

If we remove the node.js module bom buildpack then we should also remove it from the build plans defined in this meta buildpack. I'd feel comfortable using this issue to track that work, given it takes place in this repo.

@robdimsdale
Copy link
Member

robdimsdale commented Dec 2, 2021
edited
Loading

I can't edit the comment to add links directly, but I created some issues:

I didn't create issues for the -start buildpacks because I wanted to implement the module SBOM generation in yarn-install and npm-install first to see whether we also needed to generate SBOMs in the -start buildpacks.

@sophiewigmore sophiewigmore removed the status/blocked This issue has been triaged and resolving it is blocked on some other issue label Dec 7, 2021
@sophiewigmore
Copy link
Member

This is unblocked now that Packit v2.0.0 has been released

@sophiewigmore sophiewigmore mentioned this issue Dec 10, 2021
Closed
5 tasks
@fg-j
Copy link
Author

fg-j commented Dec 20, 2021
edited
Loading

Implementing this feature is blocked on platform integration issues. Platform integration is resolved with pack CLI v0.24.0

@fg-j fg-j added the status/blocked This issue has been triaged and resolving it is blocked on some other issue label Dec 20, 2021
@fg-j fg-j removed the status/blocked This issue has been triaged and resolving it is blocked on some other issue label Feb 10, 2022
@ryanmoran ryanmoran mentioned this issue Apr 8, 2022
Closed
8 tasks
@fg-j
Copy link
Author

fg-j commented Apr 8, 2022

@paketo-buildpacks/nodejs-maintainers What's missing before we are able to close out this issue?

@ryanmoran
Copy link
Member

I think this is done.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Nodejs v1.0.0
Development

No branches or pull requests
4 participants
@ryanmoran @robdimsdale @sophiewigmore @fg-j