PHPLIB-1447: Add SBOM lite #1292
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
alcaeus
force-pushed
the
phplib-1447-sbom-lite
branch
from
aaa1d60 to
9218537
Compare
jmikola
approved these changes
May 8, 2024
There was a problem hiding this comment.
I'll trust this is the correct format for an empty SBOM file, but I'm curious how it was generated. Ideally, we should make a note of that either in this PR or PHPLIB-1447 in case we ever need to refer back to this.
| }, | ||
| { | ||
| "vendor": "cyclonedx", | ||
| "name": "cyclonedx-php-composer", |
There was a problem hiding this comment.
This file looks generated. Where did you get it from?
There was a problem hiding this comment.
The file was generated using the cyclonedx/cyclonedx-php-composer library to generate an SBOM from composer.lock, then manually removing all components and dependencies as we only report bundled dependencies:
composer require --dev cyclonedx/cyclonedx-php-composer
composer CycloneDX:make-sbom --output-file=sbom.json --output-format=JSON --omit=dev --omit=plugin
alcaeus
added a commit
that referenced
this pull request
May 10, 2024
* v1.18: (50 commits) Enable auto-merge in merge-up workflow (#1295) PHPLIB-1447: Add SBOM lite (#1292) Fix syntax error in docs (#1285) PHPLIB-1163 Create tutorial for using MongoDB with Bref (#1273) (#1282) Create sarif report when running psalm (#1280) Update composer.json and CI matrices for 1.18.0 PHPLIB-1410: Invoke drivers-evergreen-tools scripts with bash (#1267) PHPLIB-1302: Use Composer\InstalledVersions (#1262) PHPLIB-1320: Support "comment" command option in Collection::createIndex() (#1263) PHPLIB-1413: Use env instead of matrix for driver-version (#1261) Fix Markdown heading PHPLIB-1399: Docs examples for agg expr projection (#1260) PHPLIB-1412: Skip range encryption tests on MongoDB 8.0+ (#1259) PHPLIB-1409: Skip $out and mapReduce tests on serverless (#1254) Exclude read-write-concern tests from serverless testing (#1253) PHPLIB-1409: Convert default write concern tests to unified test format (#1252) PHPLIB-1408: Convert ADL spec test to unified test format (#1250) Remove redundant annotations (#1251) PHPLIB-1404: Convert retryable reads spec tests to unified test format (#1247) DOCSP-36627: Additional double backslash fixes for master (#1246) ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PHPLIB-1447
Since we don't have any bundled dependencies, we can add an empty SBOM file