Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remove support for CycloneDX SBOMs #1333

Merged
merged 2 commits into from
Jun 10, 2024
Merged

remove support for CycloneDX SBOMs #1333

merged 2 commits into from
Jun 10, 2024

Conversation

imjasonh
Copy link
Member

No description provided.

@imjasonh
remove support for CycloneDX SBOMs
9e5e280 
Signed-off-by: Jason Hall <[email protected]>
@imjasonh
remove more
25b0b1a 
Signed-off-by: Jason Hall <[email protected]>
@imjasonh imjasonh enabled auto-merge (rebase) June 10, 2024 04:32
@imjasonh imjasonh merged commit 065b56d into ko-build:main Jun 10, 2024
19 checks passed
@BrewTestBot BrewTestBot mentioned this pull request Aug 5, 2024
Merged
@caarlos0
Copy link
Contributor

caarlos0 commented Aug 9, 2024

sorry for being out of the loop, but, can I ask why its been removed?

@caarlos0
Copy link
Contributor

caarlos0 commented Aug 9, 2024

also, this removes go modules sboms as well 🤔

@caarlos0 caarlos0 mentioned this pull request Aug 9, 2024
Merged
caarlos0 added a commit to goreleaser/goreleaser that referenced this pull request Aug 9, 2024
@caarlos0
feat(deps): update ko and gocloud.dev (#5063)
47ff67b 
cyclonedx and go.version-m were removed from latest ko version

ko-build/ko#1333

---------

Signed-off-by: Carlos Alexandro Becker <[email protected]>
@imjasonh
Copy link
Member Author

also, this removes go modules sboms as well 🤔

That option was never really supported or documented.

As for cyclonedx, I'm not aware of any user that used it, and there were more than a few bugs in it. It seemed not worth the effort to fix them, based on usage.

If you're aware of users of either of these features, let me know, we can talk about next steps for them.

@caarlos0
Copy link
Contributor

ah, that's fair!

it was allowed on goreleaser's ko integration, but no idea if anyone used it (I have never seen).

fwiw, i removed both options from goreleaser too:

@chipzoller
Copy link

chipzoller commented Oct 16, 2024
edited
Loading

We were using it in our Kubecost disk-autoscaler program and this has broken our releaser workflows :) I guess we'll have to use SPDX from now on.

@chipzoller chipzoller mentioned this pull request Oct 16, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpanato cpanato cpanato approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@imjasonh @caarlos0 @chipzoller @cpanato