Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support SPDX #89

Open
raboof opened this issue Nov 13, 2024 · 2 comments
Open

support SPDX #89

raboof opened this issue Nov 13, 2024 · 2 comments

Comments

@raboof
Copy link
Contributor

raboof commented Nov 13, 2024

Should we also support publishing the SBOM in SPDX format?
raboof added a commit to raboof/sbt-bom that referenced this issue Nov 14, 2024
@raboof
chore: document that we still expect to make API changes
51600d2 
We'll likely want to refactor the task structure when we
implement sbt#89, sbt#90 or sbt#91, it might be nice to explicitly
set expectations around this without making it a blocker
for doing earlier releases.
@raboof raboof mentioned this issue Dec 9, 2024
Open
@lhns
Copy link
Contributor

lhns commented Dec 12, 2024

This could be pretty easy using https://github.com/spdx/cdx2spdx
It's available on maven.

@raboof
Copy link
Contributor Author

raboof commented Dec 12, 2024

Interesting find! It's hard to predict whether it'll be easier to pull in that dependency or to generate SPDX 'directly', but both approaches are worth a try!

raboof added a commit to raboof/sbt-bom that referenced this issue Dec 12, 2024
@raboof
chore: document that we still expect to make API changes
97b3607 
We'll likely want to refactor the task structure when we
implement sbt#89, sbt#90 or sbt#91, it might be nice to explicitly
set expectations around this without making it a blocker
for doing earlier releases.
@raboof raboof mentioned this issue Jan 8, 2025
Open
raboof added a commit that referenced this issue Jan 8, 2025
@raboof
chore: document that we still expect to make API changes (#92)
c7b2ae0 
We'll likely want to refactor the task structure when we
implement #89, #90 or #91, it might be nice to explicitly
set expectations around this without making it a blocker
for doing earlier releases.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@raboof @lhns