Yarn 1.x: Report devDependencies in the SBOM #631
Labels
yarn
Pull requests/issues related to our yarn handling module
Milestone
Comments
taylormadore
added
the
yarn
slimreaper35
added a commit
to slimreaper35/cachi2
that referenced
this issue
Dec 4, 2024
All SBOM components that are strict devDependencies should be reported with the property `cdx:npm:package:development`. Similarly as the previous patch by running integration tests and setting our custom env variable: `CACHI2_GENERATE_TEST_DATA=true` closes containerbuildsystem#631 Signed-off-by: Michal Šoltis <[email protected]>
slimreaper35
added a commit
to slimreaper35/cachi2
that referenced
this issue
Dec 9, 2024
closes containerbuildsystem#631 Signed-off-by: Michal Šoltis <[email protected]>
slimreaper35
added a commit
to slimreaper35/cachi2
that referenced
this issue
Dec 16, 2024
closes containerbuildsystem#631 closes containerbuildsystem#636 Signed-off-by: Michal Šoltis <[email protected]>
slimreaper35
added a commit
to slimreaper35/cachi2
that referenced
this issue
Dec 16, 2024
closes containerbuildsystem#631 closes containerbuildsystem#636 Signed-off-by: Michal Šoltis <[email protected]>
slimreaper35
added a commit
to slimreaper35/cachi2
that referenced
this issue
Dec 17, 2024
closes containerbuildsystem#631 closes containerbuildsystem#636 Signed-off-by: Michal Šoltis <[email protected]>
github-merge-queue bot
pushed a commit
that referenced
this issue
Dec 17, 2024
closes #631 closes #636 Signed-off-by: Michal Šoltis <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
All SBOM components that are strict devDependencies should be reported with the property
cdx:npm:package:development. Use the Cachito yarn module as inspiration for determining which dependencies are strictly dev.Acceptance criteria
cdx:npm:package:developmentpropertyThe text was updated successfully, but these errors were encountered: