Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Investigate what metadata can be retrieved for yarn-install modules #207

Closed
sophiewigmore opened this issue May 10, 2021 · 1 comment
Closed

Investigate what metadata can be retrieved for yarn-install modules #207

sophiewigmore opened this issue May 10, 2021 · 1 comment
Assignees
@sophiewigmore
Projects
Bill of Materials

Comments

@sophiewigmore
Copy link
Member

sophiewigmore commented May 10, 2021
edited
Loading

As a part of our BOM work outlined in this RFC, we would like to support some type of BOM metadata for modules provided by buildpacks like yarn-install.

We should investigate the extent of data that can be extracted around the following for the modules provided by this buildpack:

  • All of the the other information (SHA, URI, etc for each module)
  • License information
  • CPEs

Acceptance
The outcome of this issue should be more issues that outline the work needed to implement viable metadata as a result of this investigation.
@sophiewigmore sophiewigmore changed the title Investigate what metadata we can provide for yarn-install modules Investigate what metadata that can be retrieved for yarn-install modules May 10, 2021
@sophiewigmore sophiewigmore added this to Module Buildpacks in Bill of Materials May 10, 2021
@sophiewigmore sophiewigmore changed the title Investigate what metadata that can be retrieved for yarn-install modules Investigate what metadata can be retrieved for yarn-install modules May 10, 2021
@sophiewigmore sophiewigmore moved this from Module Buildpacks to In Progress in Bill of Materials Jul 27, 2021
@sophiewigmore sophiewigmore moved this from In Progress to Module Buildpacks in Bill of Materials Jul 27, 2021
@sophiewigmore sophiewigmore self-assigned this Jul 27, 2021
@sophiewigmore sophiewigmore moved this from Module Buildpacks to In Progress in Bill of Materials Jul 27, 2021
@sophiewigmore
Copy link
Member Author

sophiewigmore commented Jul 28, 2021
edited
Loading

See this comment on the NPM Install version of this issue for solution here. The TL,DR is that we will be using the https://github.com/CycloneDX/cyclonedx-node-module tool for both NPM and Yarn.

Bill of Materials automation moved this from In Progress to Done Jul 28, 2021
@sophiewigmore sophiewigmore mentioned this issue Jul 28, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sophiewigmore sophiewigmore

Labels
None yet
Projects
Bill of Materials
Done
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sophiewigmore