Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

📣 looking for contributors #12

Closed
jkowalleck opened this issue Dec 15, 2023 · 8 comments
Closed

📣 looking for contributors #12

jkowalleck opened this issue Dec 15, 2023 · 8 comments
Labels
help wanted Extra attention is needed

Comments

@jkowalleck
Copy link
Member

jkowalleck commented Dec 15, 2023
edited
Loading

CycloneDX is a community effort, free for all.

Based on #8
This project is currently looking for contributors/champions.

Drop a note, or ping, if you are interested.
@jkowalleck jkowalleck added the help wanted Extra attention is needed label Dec 15, 2023
@jkowalleck jkowalleck pinned this issue Dec 15, 2023
@fkluthe

This comment was marked as off-topic.

Sign in to view
@jkowalleck

This comment was marked as off-topic.

Sign in to view
@sbernard31

This comment was marked as off-topic.

Sign in to view
@jkowalleck

This comment was marked as off-topic.

Sign in to view
@jkowalleck jkowalleck mentioned this issue Jan 3, 2024
Closed
@sbernard31 sbernard31 mentioned this issue Jan 4, 2024
Open
@sbernard31
Copy link

(Just in case it helps : yarnpkg/berry#6063)

@apupier apupier mentioned this issue Jan 19, 2024
Closed
@AugustusKling
Copy link
Contributor

@jkowalleck I've experimented yesterday with creating a Yarn plugin to generate CycloneDX SBoMs. The generated files look good at first glance.

Note however that I don't want to make any promises just yet without doing some further assessments if the taken approach is sound. Expect some update on this in a couple of days.

@AugustusKling
Copy link
Contributor

@jkowalleck, @sbernard31 see draft in PR #13. This plugin generates correctly looking SBOMs for the projects I've tested with as far as I can judge.

Easiest way to test on existing Yarn projects is yarn plugin import https://raw.githubusercontent.com/AugustusKling/cyclonedx-node-yarn/1.0-dev/bundles/%40yarnpkg/plugin-sbom.js followed by yarn sbom --component-type=application --output-file=sbom.cdx.json if you want to trust minified code by a random guy.

The more sensible way is:

  1. Checkout the repo.
  2. yarn install
  3. Carefully check source code.
  4. Build using yarn build or yarn build:dev
  5. Change to your project directory.
  6. Import plugin yarn plugin import /wherever-your-checkout-is/bundles/@yarnpkg/plugin-sbom.js
  7. yarn sbom --component-type=application --output-file=sbom.cdx.json

@jkowalleck jkowalleck unpinned this issue Mar 8, 2024
@jkowalleck jkowalleck modified the milestone: v1.0 Mar 20, 2024
@jkowalleck
Copy link
Member Author

Implementation is coming to an end, nearly all features are done.
closing issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@AugustusKling @sbernard31 @jkowalleck @fkluthe