Skip to content

Return a single zip file with SBOM scan results #1640

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mcasperson merged 2 commits into from
Dec 1, 2025
Merged

Return a single zip file with SBOM scan results #1640

mcasperson merged 2 commits into from
Dec 1, 2025

Conversation

@mcasperson
Copy link
Contributor

@mcasperson mcasperson commented Dec 1, 2025
edited
Loading

Background

The SBOM scan will attach an artifact for every sbom it finds. This change returns a single zip file with all the JSON files included.

Pre-requisites

  • Id should be a GUID that is not 00000000-0000-0000-0000-000000000000
    • NOTE If you are modifying an existing step template, please make sure that you do not modify the Id property (updating the Id will break the Library sync functionality in Octopus).
  • Version should be incremented, otherwise the integration with Octopus won't update the step template correctly
  • Parameter names should not start with $
  • Step template parameter names (the ones declared in the JSON, not the script body) should be prefixed with a namespace so that they are less likely to clash with other user-defined variables in Octopus (see this issue). For example, use an abbreviated name of the step template or the category of the step template).
  • LastModifiedBy field must be present, and (optionally) updated with the correct author
  • The best practices documented here have been applied
  • If a new Category has been created:
    • An image with the name {categoryname}.png must be present under the step-templates/logos folder
    • The switch in the humanize function in gulpfile.babel.js must have a case statement corresponding to it

Fixes # . If there is an open issue that this PR fixes add it here, otherwise just remove this line

@github-actions
Copy link

github-actions bot commented Dec 1, 2025

Start Hyponome locally

docker pull ghcr.io/hnrkndrssn/hyponome:main
docker run --rm -p 8000:8080 -it ghcr.io/hnrkndrssn/hyponome:main

Review in Hyponome

@mcasperson mcasperson enabled auto-merge (squash) December 1, 2025 19:25
@mcasperson mcasperson disabled auto-merge December 1, 2025 19:58
@mcasperson mcasperson enabled auto-merge (squash) December 1, 2025 20:11
twerthi
twerthi approved these changes Dec 1, 2025
View reviewed changes
Copy link
Contributor

@twerthi twerthi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mcasperson mcasperson merged commit 62a64ba into master Dec 1, 2025
2 checks passed
@mcasperson mcasperson deleted the mattc/sbom-output branch December 1, 2025 20:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@twerthi twerthi twerthi approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mcasperson @twerthi