Create instructions for how to upgrade dependencies and keep SBOM up-to-date #1241
Assignees
Comments
This was referenced Dec 6, 2023
Merged
|
Is there any interest in having sbom tooling automate the addition of a new dependency, as opposed to hand-writing the JSON of a new dependency? It would be relatively straightforward to write, if mildly tedious, but it could save core devs some mental clock cycles/annoyance. Similar question for updating and removing. Or is the updating of dependencies such an infrequent task that more tooling wouldn't be needed/desired? Not a core dev, so unsure how frequently changes to the SBOM will happen. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the enhancement or feature you'd like
I've proposed SBOM tooling and document for dependencies of CPython. Core developers need to know what to do when dependencies are upgraded or the tool start to produce CI errors.
I'm happy to do the work to create this documentation.
The text was updated successfully, but these errors were encountered: