Uploaded image for project: 'Red Hat Internal Developer Platform'
  1. Red Hat Internal Developer Platform
  2. RHIDP-6870

could the kfuxRelease.sh script automatically validate if there's a .sbom available for the images in the Snapshot?

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Minor Minor
    • 1.7.0
    • 1.5.0
    • Build, Operator, Release
    • None
    • RHDH COPE 3276

      Followup to https://issues.redhat.com/browse/RHIDP-6564?focusedId=26941652&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-26941652

      Manual eyeball method:

      https://gitlab.cee.redhat.com/rhidp/rhdh/-/commit/2c0d4ff7454c525786ba8a6af67d88cd509ebb54

      Better would before pushing images to stage or prod, the script would check for a matching .sbom tag, and if NOT found, fail with an error.

              joskimca Joseph Kim
              nickboldt Nick Boldt
              RHDH Cope
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: