Use Gradle lockfile instead of CycloneDX SBOM for scan #351

bestbeforetoday · 2024-06-29T10:51:47Z

A CycloneDX SBOM was generated to allow OSV-Scanner to scan all transitive dependencies. A similar result can be achieved using Gradle lockfiles, removing the need to use CycloneDX.

A CycloneDX SBOM was generated to allow OSV-Scanner to scan all transitive dependencies. A similar result can be achieved using Gradle lockfiles, removing the need to use CycloneDX. Signed-off-by: Mark S. Lewis <[email protected]>

Use Gradle lockfile instead of CycloneDX SBOM for scan

ef74a3b

A CycloneDX SBOM was generated to allow OSV-Scanner to scan all transitive dependencies. A similar result can be achieved using Gradle lockfiles, removing the need to use CycloneDX. Signed-off-by: Mark S. Lewis <[email protected]>

bestbeforetoday marked this pull request as ready for review June 29, 2024 12:24

bestbeforetoday requested a review from a team as a code owner June 29, 2024 12:24

bestbeforetoday enabled auto-merge (squash) June 29, 2024 12:24

denyeart approved these changes Jul 1, 2024

View reviewed changes

bestbeforetoday merged commit a645338 into hyperledger:main Jul 1, 2024
6 checks passed

bestbeforetoday deleted the osv-scanner branch July 1, 2024 06:03

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use Gradle lockfile instead of CycloneDX SBOM for scan #351

Use Gradle lockfile instead of CycloneDX SBOM for scan #351

bestbeforetoday commented Jun 29, 2024

Use Gradle lockfile instead of CycloneDX SBOM for scan #351

Use Gradle lockfile instead of CycloneDX SBOM for scan #351

Conversation

bestbeforetoday commented Jun 29, 2024