You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What I'd propose as an alternative is (1) to add support for CycloneDX SBOMs, so that (2) folks can use cyclonedx diff to generate diffs between two different versions of a gem.
My concern here is that proposed approach sails perilously close to producing a new, gem-specific SBOM format in disguise, which would hamper adoption by generalised tooling (SCA tools, etc) that are developed outside of the Ruby ecosystem. By using CycloneDX and its diffing capability, I think your requirement to be able to find changes between gem versions would be served without needing a new format to be defined.
SBOM stands for "Software Bill of Materials" (Wikipedia has some more info), I'm not (yet) familiar with it but it sounds interesting to me. The diff tool linked above even more so.
The text was updated successfully, but these errors were encountered:
Saw an interesting comment from @jchestershopify (👋 ) over at rubygems/rfcs#43 (comment), I'll include it here because it sounds relevant to this project
SBOM stands for "Software Bill of Materials" (Wikipedia has some more info), I'm not (yet) familiar with it but it sounds interesting to me. The diff tool linked above even more so.
The text was updated successfully, but these errors were encountered: