Open alper opened 1 year ago
As you discovered, this can take awhile to generate a SBOM for a large repository, or fail altogether for very large repositories.
The Dependency Graph team was kind enough to implement a server-side SBOM generator for SPDX, which is much, much faster. The gh-sbom v0.0.9 release makes use of this feature - give it a try and let us know if that works for you?
You'll need to update gh-sbom
with:
$ gh ext remove advanced-security/gh-sbom
$ gh ext install advanced-security/gh-sbom
Are there plans to do the same for CycloneDX (or at least some other type of fix)?
I'm getting this error: