Skip to content

sbom: include only runtime configs to the sbom #3018

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 3, 2025
Merged

sbom: include only runtime configs to the sbom #3018

merged 1 commit into from
Jun 3, 2025

Conversation

wsafonov
Copy link
Member

@wsafonov wsafonov commented Jun 2, 2025

Generated platform SBOM contains now only the runtime dependencies: bundled libraries, language libraries, mps and jbr.

@wsafonov wsafonov requested a review from sergej-koscejev June 2, 2025 12:19
@wsafonov wsafonov changed the base branch from master to maintenance/mps20251 June 2, 2025 12:19
@wsafonov wsafonov changed the base branch from maintenance/mps20251 to maintenance/mps20241 June 2, 2025 12:20
@wsafonov wsafonov force-pushed the feature/sbom-runtime-configs branch from 6c03c61 to ca80847 Compare June 2, 2025 12:32
@sergej-koscejev
Copy link
Member

What are runtime configurations and which configurations were included previously?

@wsafonov
Copy link
Member Author

wsafonov commented Jun 3, 2025

What are runtime configurations and which configurations were included previously?

it just contained all configurations previously, i.e. also test or build-time dependencies, which should not be part of the SBOM. Runtime covers basically everything this library requires to run, not just the directly bundled libs.

sergej-koscejev
sergej-koscejev previously approved these changes Jun 3, 2025
View reviewed changes
Copy link
Member

@sergej-koscejev sergej-koscejev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, please add the explanation about runtime configurations to the changelog.

@wsafonov wsafonov force-pushed the feature/sbom-runtime-configs branch from ca80847 to 7b78a31 Compare June 3, 2025 14:20
@wsafonov wsafonov enabled auto-merge June 3, 2025 16:56
@sergej-koscejev sergej-koscejev self-requested a review June 3, 2025 17:15
@wsafonov wsafonov merged commit 1c0930d into maintenance/mps20241 Jun 3, 2025
1 check passed
@wsafonov wsafonov deleted the feature/sbom-runtime-configs branch June 3, 2025 17:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sergej-koscejev sergej-koscejev sergej-koscejev approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wsafonov @sergej-koscejev