Closed amanda-gonzalez closed 8 months ago
netlify[bot]
commented
9 months ago | Name | Link |
|---|---|
| Latest commit | ab8ac5e7672c3cfc3ad22669cdb17072208bfea7 |
| Latest deploy log | https://app.netlify.com/sites/tag-security/deploys/65a96b24d22db00008c86d62 |
eddie-knight
commented
9 months ago Hi there! I'm just getting started looking at your pull request, and I noticed the DCO check is failing.
You can look at the checks section of the PR (I believe it should always be below the last comment) and look for a red X highlighting the failed check. In this case, you can click Details for more information about how to get that check passing.
eddie-knight
commented
9 months ago I noticed that you included an SBOM along with the self assessment. There are two reasons that jump to the front of my mind for why this isn't needed...
SBOMs should be associated with releases, as the bill of materials is only accurate and useful if it is created at build time and associated to a particular point in the code history. If you need to link to an SBOM for some reason in the self-assessment, you can just provide a link out to the latest build artifacts that contain an SBOM. We still have plenty more to review, but as a starter— could you please remove the SBOM from this PR?
amanda-gonzalez
commented
9 months ago Thank you @eddie-knight and @ragashreeshekar. We have resolved all reviews/requests. Most recently updated are:
Contributors: