You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For projects which vendor dependencies into their source tree, having a simple way to keep those SBOMs up-to-date in CI seems important. CPython already has this in the form of a custom tool which regenerates hashes and checks them against a known SBOM file. If there are differences, CI fails and points the contributor at documentation asking questions like:
Are you updating a bundled project?
If so, please update other SBOM metadata.
If not: maybe that file isn't /actually/ a part of the project?
The text was updated successfully, but these errors were encountered:
For projects which vendor dependencies into their source tree, having a simple way to keep those SBOMs up-to-date in CI seems important. CPython already has this in the form of a custom tool which regenerates hashes and checks them against a known SBOM file. If there are differences, CI fails and points the contributor at documentation asking questions like:
The text was updated successfully, but these errors were encountered: