Update Frontend SBOM to Support CycloneDX 1.5 or 1.6 #911

msymons · 2024-06-19T08:58:06Z

The latest release of DT Frontend is v4.11.3 and the BOM is published as a release asset and also available from DT itself via /.well-known/sbom

The BOM is generated using CycloneDX Webpack Plugin v2.0.2 which only supports CDX 1.3.

Upgrade plugin from 2.0.2 to 3.12.0 (or later)
Ensure that specVersion = 1.5 or 1.6. The latest version of the webpack-plugin does support CDX 1.6

I have read and understand the contributing guidelines
I have checked the existing issues for whether this enhancement was already requested

The text was updated successfully, but these errors were encountered:

nscuro · 2024-06-19T14:35:22Z

There is a Dependabot PR to bump the plugin version, but the build is failing: #912

Needs investigation. Perhaps we can't go directly to the latest plugin version due to other dependencies we need to upgrade first...

Gepardgame · 2024-09-30T11:40:06Z

That's the state on this PR? It has the 4.12 milestone, but had no activity for a while

nscuro · 2024-09-30T16:05:29Z

Will require a Webpack upgrade, which is bound to a Vue upgrade. Postponing.

msymons added the enhancement New feature or request label Jun 19, 2024

msymons added this to the 4.12 milestone Jun 19, 2024

msymons changed the title ~~Update Frontend to Support CycloneDX 1.5 or 1.6~~ Update Frontend SBOM to Support CycloneDX 1.5 or 1.6 Jun 19, 2024

nscuro added the size/S Small effort label Jun 19, 2024

nscuro modified the milestones: 4.12, 4.13 Sep 30, 2024

Provide feedback