Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: mark deprecated #17

Merged
merged 6 commits into from
Jan 10, 2025
Merged

docs: mark deprecated #17

merged 6 commits into from
Jan 10, 2025

Conversation

jkowalleck
Copy link
Member

@jkowalleck jkowalleck commented Jul 8, 2024
edited
Loading

This GitHub Action is considered deprecated.
Instead, you may use one the following tools in your github workflow:

  • for NPM projects: @yclonedx/cyclonedx-npm 
    - name: Create SBOM step
  # see for usage: https://www.npmjs.com/package/%40cyclonedx/cyclonedx-npm
  run: npx @cyclonedx/cyclonedx-npm@^1 # your options here
  • for YARN projects: @cyclonedx/yarn-plugin-cyclonedx 
    - name: Create SBOM step
  # see for usage: https://www.npmjs.com/package/%40cyclonedx/yarn-plugin-cyclonedx
  run: yarn dlx -q @cyclonedx/yarn-plugin-cyclonedx@^1 # your options here
  • for PNPM projects: to be announced

For other Node.js related CycloneDX SBOM generators, see also: https://github.com/CycloneDX/cyclonedx-node-module/blob/master/README.md

@jkowalleck
docs: mark deprecated
6a1bdd1 
Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org>
@jkowalleck jkowalleck added the documentation Improvements or additions to documentation label Jul 8, 2024
@jkowalleck jkowalleck requested a review from a team as a code owner July 8, 2024 16:30
jkowalleck added 3 commits July 8, 2024 18:31
@jkowalleck
Update README.md
57225e9 
Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org>
@jkowalleck
Update README.md
7c91890 
Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org>
@jkowalleck
Update README.md
1109a5c 
Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org>
@jkowalleck
Copy link
Member Author

followup: create a minor release, to announce/communicate the deprecation of this thing

@jkowalleck
Update README.md
2bcf47a 
Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org>
@stevespringett
Copy link
Member

Is there a reason why this is being deprecated rather than being enhanced to support yarn? https://github.com/marketplace/actions/cyclonedx-node-js-generate-sbom is currently listed in the GitHub Marketplace along with several other CycloneDX GitHub Actions.

@jkowalleck
Copy link
Member Author

jkowalleck commented Jul 8, 2024
edited
Loading

Is there a reason why this is being deprecated rather than being enhanced to support yarn?

this tool already knows rudimentary yarn in the current version.

https://github.com/marketplace/actions/cyclonedx-node-js-generate-sbom is currently listed in the GitHub Marketplace along with several other CycloneDX GitHub Actions.

This is not planned to change. This action will stay.

Reminder: this GH-action utilizes an outdated CLI tool. see https://github.com/CycloneDX/gh-node-module-generatebom?tab=readme-ov-file#internals

The modern CLI tools evolved a lot. They are properly documented, and are easy to setup and easy to use.

Nowadays, is there any use of this GitHub action instead of directly using the appropriate CLI tools?

  • Both alternatives are a one-liner in GitHub workflows. I just can not see any benefit of this GH-action.
  • As a user: calling the actual CLI tools gives all the control to the end user
  • As a maintainer: modernizing this action would create a wrapper of the actual CLI, meaning to always chase the evolution of the actual tool. What would be the benefit of this?

@jkowalleck
Copy link
Member Author

jkowalleck commented Jul 8, 2024
edited
Loading

Deprecating this GH-action would close/obsolete #16 and #6

msymons
msymons reviewed Jul 15, 2024
View reviewed changes
README.md Outdated Show resolved Hide resolved
@jkowalleck
typo
a0cbb82 
Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org>
@jkowalleck jkowalleck merged commit 48bb575 into master Jan 10, 2025
7 checks passed
@jkowalleck jkowalleck deleted the jkowalleck-patch-1 branch January 10, 2025 10:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@msymons msymons msymons left review comments

Assignees
No one assigned
Labels
documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jkowalleck @stevespringett @msymons