Skip to content

chore(ci): update to silkbomb 2.0 #2375

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Feb 21, 2025
Merged

chore(ci): update to silkbomb 2.0 #2375

merged 4 commits into from
Feb 21, 2025

Conversation

@wratner
Copy link
Contributor

@wratner wratner commented Feb 19, 2025

Silkbomb 2.0 introduces the augment command which will allow you to upload your sbom to be scanned by OSV and have an augmented SBOM returned with any vulnerabilities in a single step.

Let me know if I'm missing anything or if there is anything else that can be cleaned up or improved. Thanks!

@addaleax addaleax changed the title update to silkbomb 2.0 chore(ci): update to silkbomb 2.0 Feb 20, 2025
addaleax
addaleax reviewed Feb 20, 2025
View reviewed changes
addaleax
addaleax reviewed Feb 20, 2025
View reviewed changes
addaleax
addaleax approved these changes Feb 21, 2025
View reviewed changes
Copy link
Collaborator

@addaleax addaleax left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with one small question, thank you!

.evergreen.yml
silent: true
shell: bash
working_dir: src
include_expansions_in_env: [AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN]
Copy link
Collaborator

@addaleax addaleax Feb 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TIL!

@wratner wratner marked this pull request as ready for review February 21, 2025 14:48
@addaleax addaleax added the no-title-validation Skips validation of PR titles (conventional commit adherence + JIRA ticket inclusion) label Feb 21, 2025
@addaleax addaleax merged commit aba4ba1 into mongodb-js:main Feb 21, 2025
133 of 136 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@addaleax addaleax addaleax approved these changes

Assignees

No one assigned

Labels

no-title-validation Skips validation of PR titles (conventional commit adherence + JIRA ticket inclusion)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@wratner @addaleax