Question: For offline installation, are the manifest.json files no longer required?

microsoft / sbom-tool

The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.

MIT License

1.51k stars 121 forks source link

Question: For offline installation, are the manifest.json files no longer required? #605

Open richardzaat opened 5 days ago

richardzaat commented 5 days ago

Hi,

In v2.2.4 the release holds *-manifest.spdx.json files for each platform. Since v2.2.5 they are not deployed as part of a release. Are they no longer required as part of the release itself?

KR, Richard

DaveTryon commented 4 days ago

Adding some more detail here, the asset files in v2.2.4 included the SBOM's for the SBOM tool. The asset files in v2.2.5 and v2.2.6 do not. Specifically, the following files are not included in the newer releases:

linux-x64-manifest.spdx.json
osx-x64-manifest.spdx.json
win-x64-manifest.spdx.json