Deprecated packages identification using SBOM scripts in CI steps #117
Comments
|
Here's a circleCI run on how this would look like: https://app.circleci.com/pipelines/github/mojaloop/sdk-standard-components/1138/workflows/4855ebe2-e9c1-4709-baa7-2b0b748417ea/jobs/5443 sample output (only WARNINGS now, not ERRORs): `Checking dependencies at root level...
Checking all dependencies (including transitive)...
|
|
Implemented in CI but currently only reports "warning". To be discussed at next available DA session in more detail. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Request Summary:
SBOMs for each repo generated during CI cycle (circleci) and specifically, "deprecated" packages at any level identified and listed as "warning" currently.
DA to decide whether to mark the step as fail or mark as warning to be addressed on a case-by-case basis (after currently identified issues are addressed)
Request Details:
Artifacts:
Dependencies:
Accountability:
Decision(s):
DA agreed to include this in the CI and print deprecations as warnings
A future decision is to be made when a deprecation in a package will be marked as an error and block the CI step.
Approved By:
Details
Follow-up:
The text was updated successfully, but these errors were encountered: