Skip to content

Commit

Permalink
transformer: omit serial number
Browse files Browse the repository at this point in the history 
The serial number is not required per spec but only recommended. Since,
by default, it is generated randomly, it prohibits reproducibility.
  • Loading branch information
@nikstur
nikstur committed May 8, 2024
1 parent 5937318 commit 5ddf1c1
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions rust/transformer/src/cyclonedx.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@ impl CycloneDXBom {
Self(Bom {
components: Some(components.into()),
metadata: Some(metadata_from_derivation(target)),
// Do not include a serial number to improve reproducibility.
serial_number: None,
..Bom::default()
})
}
Expand Down

0 comments on commit 5ddf1c1

Please sign in to comment.