Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add workflow file for blackduck scanning #1203

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Conversation

AAndrisa
Copy link
Collaborator

@AAndrisa AAndrisa commented Oct 2, 2024

PR Description

This check will be triggered when a push is made on the main branch or a release tag is created.
A blackduck scanning of the project will be made and uploaded on the product page from analogdevices blackduck server.

PR Type

  • Bug fix (a change that fixes an issue)
  • New feature (a change that adds new functionality)
  • Breaking change (a change that affects other repos or cause CIs to fail)

PR Checklist

  • I have conducted a self-review of my own code changes
  • I have commented new code, particulary complex or unclear areas
  • I have checked that I did not intoduced new warnings or errors (CI output)
  • I have checked that components that use libiio did not get broken
  • I have updated the documentation accordingly (GitHub Pages, READMEs, etc)

This check will be triggered when a push is made on the main branch or
a release tag is created.
A blackduck scanning of the project will be made and uploaded on the
product page from analogdevices blackduck server.

Signed-off-by: Andreea Andrisan <[email protected]>
@rgetz
Copy link
Contributor

rgetz commented Oct 4, 2024

Where is the "product page from analogdevices blackduck server."? Is that something that is publicly accessible?

flagging that there is GPL software in something that is released under GPL seems like a waste of resources.

Building a software BOM, is something else, and may be valuable for those involved, but that should end up in the release artifacts, not just on the blackduck server...

@stephenkilbaneadi
Copy link
Contributor

Where is the "product page from analogdevices blackduck server."? Is that something that is publicly accessible?

I concur. If there's a configuration that relies on internal tooling, that should be configured internally, and not part of the open repo. Conversely, if there's an open configuration, it should be one that is deployable by others (e.g. a configuration that works with OSS Review Toolkit or ScanOSS, etc.).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants