Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update SBOM reference to monorepo and connectors to be on demand #5157

Merged
merged 2 commits into from
Mar 6, 2025
Merged

Update SBOM reference to monorepo and connectors to be on demand #5157

merged 2 commits into from
Mar 6, 2025

Conversation

maxdanilov
Copy link
Member

@maxdanilov maxdanilov commented Mar 5, 2025
edited
Loading

Description

As discussed with @MaxTru, due to the current process of SBOM generation not done automatically, and FOSSA becoming the SBOM solution in the future to auto-generate the SBOMs in the future as a part of the release process (TBD), it makes sense to replace the confusing SBOM links for the camunda/camunda with the disclaimer that they can be generated on demand.

The SBOMs for camunda/connectors are still generated the old way (still to be converted to FOSSA generation in the future), so I kept the text there as is.

When should this change go live?

  • This is a bug fix, security concern, or something that needs urgent release support. (add bug or support label)
  • This is already available but undocumented and should be released within a week. (add available & undocumented label)
  • This is on a specific schedule and the assignee will coordinate a release with the DevEx team. (create draft PR and/or add hold label)
  • This is part of a scheduled alpha or minor. (add alpha or minor label)
  • There is no urgency with this change (add low prio label)

PR Checklist

  • My changes are for an upcoming minor release and:
    • are in the /docs directory (version 8.8).
    • are in the /versioned_docs/version-8.7/ directory (version 8.7).
  • My changes are for an already released minor and are in a /versioned_docs directory.

@maxdanilov maxdanilov self-assigned this Mar 5, 2025
@maxdanilov
Copy link
Member Author

maxdanilov commented Mar 5, 2025
edited
Loading

Follow-up issues:

@maxdanilov maxdanilov requested a review from MaxTru March 5, 2025 19:28
@maxdanilov maxdanilov marked this pull request as ready for review March 5, 2025 19:31
@MaxTru
Copy link
Contributor

MaxTru commented Mar 6, 2025

Thanks @maxdanilov.

As another follow-up and clean-up activity, should we delete https://github.com/camunda/camunda/blob/main/.github/workflows/sbom.yml?

@maxdanilov
Copy link
Member Author

maxdanilov commented Mar 6, 2025
edited
Loading

As another follow-up and clean-up activity, should we delete https://github.com/camunda/camunda/blob/main/.github/workflows/sbom.yml?

Yep, good point, I've included this step in camunda/camunda#29270

@maxdanilov maxdanilov merged commit e05160e into main Mar 6, 2025
10 checks passed
@maxdanilov maxdanilov deleted the sbom-disclaimer-update branch March 6, 2025 17:29
christinaausley pushed a commit that referenced this pull request Mar 6, 2025
@maxdanilov @christinaausley
Update SBOM reference to monorepo and connectors to be on demand (#5157)
ff7690e 
* Update SBOM reference to monorepo and connectors to be on demand

* Revert the SBOM disclaimer  change for connectors
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MaxTru MaxTru MaxTru approved these changes

Assignees

@maxdanilov maxdanilov

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@maxdanilov @MaxTru