rido-min
commented
1 year ago why do we need the SBOM here? who will consume it?
Closed c-ryan-k closed 1 year ago
rido-min
commented
1 year ago why do we need the SBOM here? who will consume it?
c-ryan-k
commented
1 year ago Because this is marked as a "production" pipeline, we're getting flagged for not having it regardless of whether we rely on dependencies or not.
Even if it isn't consumed by a release process, I think just having it in the pipeline as an artifact will take us off the naughty list and can be checked periodically to ensure nothing new gets added.
We can discuss offline as well, perhaps we can avoid this with an exception process.
c-ryan-k
commented
1 year ago Closing for now as I believe we no longer require an SBOM for this pipeline
Leaving this as draft for a moment - want to get the change started but need to setup a test run before I'll mark it as ready for review.
Thank you for contributing to the IoT Plug and Play Models repository
:memo: Please review this checklist before submission
dtmi:namespace, I have completed the PR Info Template below.:zap: PR validation steps are described in the tools Wiki.
PR Info Template
When submitting models to the repository we ask that you provide as much of the following meta information around your models and related devices as possible. This info will be used to improve the IoT Plug and Play ecosystem.
👇: Please replace the markdown comment examples with your own values.
Company Info