Skip to content

plugin: Add SBOM to build#904

Draft
ddl-rliu wants to merge 1 commit intoflyteorg:masterfrom
ddl-rliu:rliu/add-cyclonedx-sbom
Draft

plugin: Add SBOM to build#904
ddl-rliu wants to merge 1 commit intoflyteorg:masterfrom
ddl-rliu:rliu/add-cyclonedx-sbom

Conversation

@ddl-rliu
Copy link
Copy Markdown
Contributor

@ddl-rliu ddl-rliu commented Apr 17, 2026

TL;DR

Add the SBOM to the build, which is useful for vulnerability scanners. Reference PR, which may be helpful/interesting: Graylog2/graylog2-server#18159 Also aquasecurity/trivy#6263

Type

  • Bug Fix
  • Feature
  • Plugin

Are all requirements met?

  • Code completed
  • Smoke tested
  • Unit tests added
  • Code documentation added
  • Any pending items have an associated Issue

Complete description

Webpack-only build artifacts lose package metadata needed by vulnerability scanners. The PR uses the CycloneDX SBOM webpack plugin. See aquasecurity/trivy#6263

Tracking Issue

n/a

@ddl-rliu ddl-rliu marked this pull request as draft April 17, 2026 22:16
@ddl-rliu ddl-rliu changed the title Add CycloneDX SBOM generation to webpack build feat: Add SBOM to build Apr 17, 2026
Signed-off-by: ddl-rliu <richard.liu@dominodatalab.com>
@ddl-rliu ddl-rliu force-pushed the rliu/add-cyclonedx-sbom branch from 0f6f258 to 7fe4579 Compare April 17, 2026 23:01
@ddl-rliu ddl-rliu changed the title feat: Add SBOM to build plugin: Add SBOM to build Apr 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant