** Description changed: cloud images are not currently producing spdx formatted SBOMs equally. Some builds do produce sboms continuously. all cloud images must produce SBOMs, across all Suites and products. # REQUIREMENTS # * Current calls to create_manifest in livecd-rootfs/live-build/functions must not break * sbom generation must only be done for ubuntu-cpc project. + # IMPACT # + + * will only affect `ubuntu-cpc` project + * will add the creation of a new file + * the SBOM requirement is part of Canonical's SSDLC efforts as well as partner contracts (multiple partners are requiring SBOMs for each generated artifact) + # TEST PLAN # * test all the ubuntu-cpc livecd-rootfs only hooks and series. ensure that an spdx formatted sbom, manifest, and filelist is generated and saved * test non-ubuntu-cpc hook and make sure that nothing is generated (check for calls of create_manifest. if they aren't even calling it, then it's safe) * test private ubuntu-cpc hooks. ensure that current calls to create_manifest are not broken + * test buildd builds to ensure no manifest is generated and no error is raised. - # POSSIBLE REGRESSIONS # + # POSSIBLE REGRESSIONS / WHERE PROBLEMS COULD OCCUR # * any hook calling create_manifest is at risk if there is an issue with create_manifest + * outside CPC specific hooks, the only build calling create_manifest is `buildd`. however this is not in the `ubuntu-cpc` project so it should skip the sbom generation. * any build where access to the snapstore is restricted, as this requires a snap - * NOTE: launchpad livefs builds have access to the snapstore + * NOTE: launchpad livefs builds have access to the snapstore
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2077105 Title: cloud-images do not produce sboms To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/2077105/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
