-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Why use this over SBOM? #138
Comments
This Github action submits the snapshot of all the dependencies downloaded by the build: the compile dependencies, the test dependencies, the scala tools (compiler and scaladoc), and their transitive dependencies, for all Scala versions and platforms. It's configurable, if you want to exclude some configuration or project. I never used any sbt BOM generation plugin and I don't know how to configure such plugin to extract all the dependencies, including the transitive ones. |
Anyone who's delved into/compared using this action versus uploading an SBOM to the dependency submission API?
I'm referring to things like these:
The text was updated successfully, but these errors were encountered: