Skip to content

Unable to create (unsigned) SBOM files in CI/PR #14774

New issue
New issue
Closed
Bug
#14775
Closed
Unable to create (unsigned) SBOM files in CI/PR#14774
Bug
#14775
Labels
Area: ComplianceWorkstream: ES Compliance SFIProvide regular ES infrastructure and ensure RNW meets internal security and compliance requirementsbug
@jonthysell

Description

@jonthysell
jonthysell
opened on Jun 12, 2025

Problem Description

Production pipelines need to generate an SBOM for CyberEO compliance. This is done for us automatically in the Publish pipeline because it uses the 1ESPT.

For the CI and PR pipelines, which are not Production, we were trying to be good citizens by generating the SBOM ourselves. Unfortunately those pipelines don't have permission to produce "signed" SBOMs, giving us permissions errors, so we disabled signing back in 2023 with #11657. That way we were still generating an SBOM, even if it was unsigned.

Now it seems some unannounced upstream ADO policy change has made disabling signing no longer work, so now SBOM creation is back to failing due to the permissions error.

Steps To Reproduce

Every PR is currently failing.

Expected Results

No response

CLI version

N/A

Environment

N/A

Community Modules

No response

Target React Native Architecture

None

Target Platform Version

None

Visual Studio Version

None

Build Configuration

None

Snack, code example, screenshot, or link to a repository

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    Area: ComplianceWorkstream: ES Compliance SFIProvide regular ES infrastructure and ensure RNW meets internal security and compliance requirementsbug

    Type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions