Skip to content

[sbom] Allow to skip test requires #227

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Ka0o0 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[sbom] Allow to skip test requires #227

Ka0o0 wants to merge 1 commit into from

Conversation

@Ka0o0
Copy link

@Ka0o0 Ka0o0 commented Dec 3, 2025

This PR adds an option to exclude the test requires dependencies from the resulting SBOM.

Closes #144

@CLAassistant
Copy link

CLAassistant commented Dec 3, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

memsharded
memsharded reviewed Dec 3, 2025
View reviewed changes
Copy link
Member

@memsharded memsharded left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution @Ka0o0

The SBOM generation has moved to Conan client as a built-in functionality, and the functions there already implement add_tests=False argument. Have you checked it?

I think this extension won't be maintained anymore, and will probably be fully deprecated and removed after some time.

@Ka0o0
Copy link
Author

Ka0o0 commented Dec 3, 2025

Hi @memsharded,

thanks for the hint. I have seen it, yes, but to my understanding this workflow requires me to edit my conanfile which does not work in my case where I am building a central CI job that generates SBOMs for a multiple different conan projects. In this case I think it's easier to have a tool that analyzes and generates the SBOM from "outside" based on the existing conanfile.

@memsharded
Copy link
Member

memsharded commented Dec 3, 2025

thanks for the hint. I have seen it, yes, but to my understanding this workflow requires me to edit my conanfile which does not work in my case where I am building a central CI job that generates SBOMs for a multiple different conan projects. In this case I think it's easier to have a tool that analyzes and generates the SBOM from "outside" based on the existing conanfile.

No, it is not necessary to modify the conanfile.py at all. The functionality can be used in hooks, and one of the benefits is that it also allows to store the sboms inside the package metadata too if desired. See for example the docs in https://docs.conan.io/2/security/sboms.html#usage-examples, the first usage example is not modifying the conanfile, but using a hook.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@memsharded memsharded memsharded left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[question] test_requires in lockfile/SBOM

3 participants

@Ka0o0 @CLAassistant @memsharded