Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

console-sm: remove dependency list, replace with hint to sbom #4309

Closed
wants to merge 3 commits into from
Closed

console-sm: remove dependency list, replace with hint to sbom #4309

wants to merge 3 commits into from

Conversation

ultraschuppi
Copy link
Contributor

@ultraschuppi ultraschuppi commented Sep 17, 2024
edited
Loading

Description

When should this change go live?

  • This is a bug fix, security concern, or something that needs urgent release support.
  • This is already available but undocumented and should be released within a week.
  • This on a specific schedule and the assignee will coordinate a release with the DevEx team. (apply hold label or convert to draft PR)
  • This is part of a scheduled alpha or minor. (apply alpha or minor label)
  • There is no urgency with this change and can be released at any time.

PR Checklist

  • My changes are for an already released minor and are in /versioned_docs directory.
  • My changes are for the next minor and are in /docs directory (aka /next/).

@ultraschuppi ultraschuppi self-assigned this Sep 17, 2024
@github-actions GitHub Actions
Copy link
Contributor

👋 🤖 🤔 Hello! Did you make your changes in all the right places?

These files were changed only in docs/. You might want to duplicate these changes in versioned_docs/version-8.5/.

  • docs/reference/dependencies.md

You may have done this intentionally, but we wanted to point it out in case you didn't. You can read more about the versioning within our docs in our documentation guidelines.

@ultraschuppi ultraschuppi marked this pull request as ready for review September 23, 2024 10:04
@ultraschuppi ultraschuppi requested a review from a team September 23, 2024 10:05
@ultraschuppi ultraschuppi enabled auto-merge (squash) September 23, 2024 10:05
@conceptualshark conceptualshark added the component:self-managed Docs and issues related to Camunda Platform 8 Self-Managed label Sep 23, 2024
conceptualshark
conceptualshark reviewed Sep 23, 2024
View reviewed changes
Copy link
Contributor

@conceptualshark conceptualshark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we have any internal documentation around this change?

docs/reference/dependencies.md
- [robust-predicates](https://github.com/mourner/robust-predicates#readme) (Unlicense)
- [tslib](https://www.typescriptlang.org/) (0BSD)
- [wicg-inert](https://github.com/WICG/inert#readme) (W3C-20150513)
Source Code and list of dependencies and their respective licenses (as CyclonDX SBOM) are provided [on-demand](dependency-request@camunda.com).
Copy link
Contributor

@conceptualshark conceptualshark Sep 23, 2024
edited by akeller
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Source Code and list of dependencies and their respective licenses (as CyclonDX SBOM) are provided [on-demand](dependency-request@camunda.com).
The Camunda 8 Self-Managed source code, dependency list, and dependency licenses are available as a CycloneDX SBOM [on-demand](dependency-request@camunda.com).

@akeller
Copy link
Member

akeller commented Sep 24, 2024

I am not fully caught up on the SBOM conversation, so I won't be able to approve this yet.

MaxTru
MaxTru reviewed Sep 24, 2024
View reviewed changes
docs/reference/dependencies.md
- [robust-predicates](https://github.com/mourner/robust-predicates#readme) (Unlicense)
- [tslib](https://www.typescriptlang.org/) (0BSD)
- [wicg-inert](https://github.com/WICG/inert#readme) (W3C-20150513)
Source Code and list of dependencies and their respective licenses (as CyclonDX SBOM) are provided [on-demand](dependency-request@camunda.com).
Copy link
Contributor

@MaxTru MaxTru Sep 24, 2024
edited by akeller
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please change to make clear that SBOM and source code are two different assets

Suggested change
Source Code and list of dependencies and their respective licenses (as CyclonDX SBOM) are provided [on-demand](dependency-request@camunda.com).
The source code and a CycloneDX SBOM, that includes a list of third party libraries used and their licenses, are provided [on-demand](dependency-request@camunda.com).

@akeller
Copy link
Member

akeller commented Sep 26, 2024

I edited the proposed commits just so we didn't accidentally introduce a typo, but can we make this even easier by adopting the same language used in the already merged Web Modeler PR?

  • Dependencies: SBOM CycloneDX files with up-to-date lists of third party libraries used and their licenses can be requested on demand.
  • Source code: Access to source code is provided on demand.

@MaxTru
Copy link
Contributor

MaxTru commented Oct 4, 2024

Superseded by #4340

@MaxTru MaxTru closed this Oct 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MaxTru MaxTru MaxTru left review comments

@conceptualshark conceptualshark conceptualshark left review comments

@akeller akeller Awaiting requested review from akeller

Assignees

@ultraschuppi ultraschuppi

Labels
component:self-managed Docs and issues related to Camunda Platform 8 Self-Managed
Projects
Developer Experience
Status: ✅ Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ultraschuppi @akeller @MaxTru @conceptualshark