diff --git a/docs/work/_system/_state.json b/docs/work/_system/_state.json index 1904d49..786a592 100644 --- a/docs/work/_system/_state.json +++ b/docs/work/_system/_state.json @@ -1,5 +1,5 @@ { - "updated_at": "2026-05-20T11:22:09.493Z", + "updated_at": "2026-05-20T11:33:08.030Z", "epics": { "binder-wrap-helper": { "status": "done", @@ -667,10 +667,10 @@ "blocks": [] }, "10-sbom-ci-workflow": { - "status": "todo", + "status": "done", "title": "SBOM CI workflow and ADR-023 amendment", "ac_total": 1, - "ac_completed": 0, + "ac_completed": 1, "depends_on": [], "blocks": [] }, @@ -686,11 +686,6 @@ } }, "ready": [ - { - "epic": "security-headers-rate-limit-sbom", - "story": "10-sbom-ci-workflow", - "title": "SBOM CI workflow and ADR-023 amendment" - }, { "epic": "security-headers-rate-limit-sbom", "story": "11-documentation", diff --git a/docs/work/epics/security-headers-rate-limit-sbom/10-sbom-ci-workflow/_story.md b/docs/work/epics/security-headers-rate-limit-sbom/10-sbom-ci-workflow/_story.md index ae535ff..b12fab4 100644 --- a/docs/work/epics/security-headers-rate-limit-sbom/10-sbom-ci-workflow/_story.md +++ b/docs/work/epics/security-headers-rate-limit-sbom/10-sbom-ci-workflow/_story.md @@ -3,12 +3,12 @@ id: 10-sbom-ci-workflow epic: security-headers-rate-limit-sbom title: SBOM CI workflow and ADR-023 amendment type: technical-story -status: todo +status: done feature: ci depends-on: [] blocks: [] created: 2026-05-20T00:00:00Z -updated: 2026-05-20T08:14:55.907Z +updated: 2026-05-20T11:33:07.860Z --- ## Goal @@ -42,4 +42,4 @@ Consumers pursuing SOC 2 / ISO 27001 / FedRAMP / EU CRA must answer "what's in v ## Tasks -- [ ] Add conditional SBOM generation step (`pnpm dlx @cyclonedx/cyclonedx-npm --output-file sbom-${{ steps.release.outputs.tag_name }}.cdx.json --output-format json`) and upload step (`softprops/action-gh-release@` with `files:` pointing to the SBOM and `tag_name:` from release-please output) to `.github/workflows/release-please.yml`; add amendment subsection to `docs/decisions/adr-023-ci-security-and-supply-chain.md` documenting the concrete step shape and rationale; all gates pass. +- [x] Add conditional SBOM generation step (`pnpm dlx @cyclonedx/cyclonedx-npm --output-file sbom-${{ steps.release.outputs.tag_name }}.cdx.json --output-format json`) and upload step (`softprops/action-gh-release@` with `files:` pointing to the SBOM and `tag_name:` from release-please output) to `.github/workflows/release-please.yml`; add amendment subsection to `docs/decisions/adr-023-ci-security-and-supply-chain.md` documenting the concrete step shape and rationale; all gates pass. diff --git a/docs/work/epics/security-headers-rate-limit-sbom/_epic.md b/docs/work/epics/security-headers-rate-limit-sbom/_epic.md index 6b21f1e..68f8010 100644 --- a/docs/work/epics/security-headers-rate-limit-sbom/_epic.md +++ b/docs/work/epics/security-headers-rate-limit-sbom/_epic.md @@ -7,7 +7,7 @@ status: in-progress features: [core-shared, core-testing, core-eslint, auth, web-next, web-tanstack, cms] created: 2026-05-20T00:00:00Z -updated: 2026-05-20T11:22:09.324Z +updated: 2026-05-20T11:33:07.860Z --- ## Goal @@ -29,5 +29,5 @@ Security scanners flag the absence of HSTS, X-Frame-Options, X-Content-Type-Opti - [x] [07 — Per-framework security header adapters](07-security-header-adapters/_story.md) - [x] [08 — App wiring: web-next](08-app-wiring-web-next/_story.md) - [x] [09 — App wiring: web-tanstack and cms](09-app-wiring-web-tanstack-and-cms/_story.md) -- [ ] [10 — SBOM CI workflow and ADR-023 amendment](10-sbom-ci-workflow/_story.md) +- [x] [10 — SBOM CI workflow and ADR-023 amendment](10-sbom-ci-workflow/_story.md) - [ ] [11 — Documentation and conformance reference updates](11-documentation/_story.md)