srikanthccv
commented
8 months ago I assume you are going to add some GitHub workflow for this?
Closed ocelotl closed 5 months ago
srikanthccv
commented
8 months ago I assume you are going to add some GitHub workflow for this?
ocelotl
commented
8 months ago I assume you are going to add some GitHub workflow for this?
Right, added it.
I tested it, here is the run: https://github.com/SecuringCarter/opentelemetry-python/actions/runs/8384110904
Here is the resulting SBOM file: https://github.com/SecuringCarter/opentelemetry-python/releases/tag/1
ocelotl
commented
8 months ago The issue mentions using some tools to generate the SBOM but the PR is making a github API call. I'm not familiar with this API can you explain what it's doing?
Sure, I first tried Syft but I had problems with it detecting pyproject.toml files, if I remember correctly. So, I used instead the Github REST API to generate an SBOM file.
ocelotl
commented
5 months ago I'm no longer pursuing this, closing.
Fixes #3540