You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I just heard about sbom. I have a pnpm workspace and my goal is to analyze the used prod and dev dependencies - eventually check them against a allowed list of licenses and report if dependency changes introduce license violations. I read through the docs but have no clue if your cli is able to solve this task. Right now, we are using https://www.npmjs.com/package/license-checker but I wonder if sbom is a better solution.
The docs helped me create a sbom, but I wonder if the cli can also then take this sbom and return different exit codes based on some kind of criteria e.g. a allowed list of licenses:
export FETCH_LICENSE=true
pnpm dlx @cyclonedx/cdxgen --profile license-compliance -o sbom.json
# now what to do?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I just heard about sbom. I have a pnpm workspace and my goal is to analyze the used prod and dev dependencies - eventually check them against a allowed list of licenses and report if dependency changes introduce license violations. I read through the docs but have no clue if your cli is able to solve this task. Right now, we are using https://www.npmjs.com/package/license-checker but I wonder if sbom is a better solution.
The docs helped me create a sbom, but I wonder if the cli can also then take this sbom and return different exit codes based on some kind of criteria e.g. a allowed list of licenses:
Could you help us?
Beta Was this translation helpful? Give feedback.
All reactions