Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Optionally skip SBOM generation #1507

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Optionally skip SBOM generation #1507

wants to merge 2 commits into from
+116 −43

Conversation

arewm
Copy link
Member

@arewm arewm commented Oct 14, 2024
edited
Loading

Since we can require SBOMs to be present with EC policies, we can enable
users to optionally speed up their builds by not analyzing repositories
to generate build-time SBOMs.

While we may have a partial SBOM from the prefetched data, we should
just not upload an SBOM at all in order to simplify decisions (i.e.
removing the need to decide if the SBOM is full or partial).

@arewm
Optionally skip SBOM generation
b37c8c5 
Since we can require SBOMs to be present with EC policies, we can enable
users to optionally speed up their builds by not analyzing repositories
to generate build-time SBOMs.

While we may have a partial SBOM from the prefetched data, we should
just not upload an SBOM at all in order to simplify decisions (i.e.
removing the need to decide if the SBOM is full or partial).

Signed-off-by: arewm <[email protected]>
@arewm arewm changed the title explore skipping SBOM generation Optionally skip SBOM generation Dec 19, 2024
@arewm arewm marked this pull request as ready for review December 19, 2024 20:36
@arewm arewm requested a review from a team as a code owner December 19, 2024 20:36
mmorhun
mmorhun approved these changes Dec 20, 2024
View reviewed changes
Copy link
Collaborator

@mmorhun mmorhun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@arewm
Copy link
Member Author

arewm commented Dec 20, 2024

I just need to wait for the Tekton change so that we can increase the size of buildah-remote. :)

@arewm
Copy link
Member Author

arewm commented Dec 20, 2024

This cannot be merged until the version of Tekton is updated. I think that is planned on Monday with redhat-appstudio/infra-deployments#5201

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mmorhun mmorhun mmorhun approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@arewm @mmorhun @openshift-merge-robot