Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate SBOMs without .git contents #654

Merged
merged 12 commits into from
Feb 17, 2022
Merged

Generate SBOMs without .git contents #654

merged 12 commits into from
Feb 17, 2022

Conversation

glennmusa
Copy link
Contributor

Description

Previously, the generated bill of materials would include all the contents of the .git directory which are irrelevant for an SBOM.

This change makes the SBOM generation task not include any .git contents when it does its generation for files under ./_manifest

Issue reference

The issue this PR will close: #607

Checklist

Please make sure you've completed the relevant tasks for this PR out of the following list:

  • All acceptance criteria in the backlog item are met
  • The documentation is updated to cover any new or changed features
  • Manual tests have passed
  • Relevant issues are linked to this PR

@glennmusa glennmusa requested a review from a team as a code owner February 16, 2022 22:20
@glennmusa glennmusa marked this pull request as draft February 16, 2022 22:31
@glennmusa
Copy link
Contributor Author

/azp run mlz-pr-sbom-pipelines

@azure-pipelines
Copy link

No pipelines are associated with this pull request.

@glennmusa glennmusa marked this pull request as ready for review February 17, 2022 16:17
@glennmusa glennmusa enabled auto-merge (squash) February 17, 2022 16:17
@glennmusa glennmusa merged commit 0219828 into main Feb 17, 2022
@glennmusa glennmusa deleted the glenn/sbomNoGit branch February 17, 2022 16:30
@glennmusa glennmusa mentioned this pull request Feb 17, 2022
Merged
4 tasks
Breanna-Stryker added a commit that referenced this pull request Feb 21, 2022
@Breanna-Stryker @glennmusa
@brooke-hamilton @vidyambala @jjansen23
Pull in Main (#660)
5411212 
* Check that Portal UI form outputs map to template parameter inputs on pull requests (#620)

* Move the workflow scripts to where they're used (#632)

* Update descriptions in alt text on main README.md (#633)

* Add spike issue template and remove feature request issue template (#635)

* Fix for Terraform issue in which the tier 2 subscription parameter is ignored (#638)

* Process for handling a broken build (#641)

* Clean-up nightly deployments using Azure CLI (#642)

* Add instructions for ASC/Defender cleanup (#643)

* Pin Bicep to v0.4.1272 (#650)

* SBOM generation in PR (#648)

* Update policy assignment resource provider version (#652)

* Generate SBOMs without .git contents (#654)

* Generate SBOM files during PR events (#656)

* check to see if the SBOM needs to be regenerated before running the pipeline again

* Update Software Bill of Materials (SBOM)

Co-authored-by: Microsoft.VisualStudio.Services.TFS <>

Co-authored-by: Glenn Musa <4622125+glennmusa@users.noreply.github.com>
Co-authored-by: Brooke Hamilton <45323234+brooke-hamilton@users.noreply.github.com>
Co-authored-by: Vidya Bala <vidbala@microsoft.com>
Co-authored-by: JeromeJansen <jjansen23@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vidyambala vidyambala vidyambala approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Generate a bill of materials in a pipeline
2 participants
@glennmusa @vidyambala