Description:
Currently, the generator version is hardcoded as "0.0.1" inside pkg/generator/generator.go when adding the sbom.Tool metadata to the SBOM document. This prevents accurate artifact tagging and version identification in releases.
Expected Behavior:
The tool version should be dynamically injected during the build process using linker flags (for example: -ldflags "-X main.Version=...").
Actual Behavior:
The version is hardcoded to "0.0.1" regardless of the actual release version.
Proposed Solution:
Expose a global Version variable that can be injected at build time, and use that variable when constructing the SBOM metadata.
Description:
Currently, the generator version is hardcoded as
"0.0.1"insidepkg/generator/generator.gowhen adding thesbom.Toolmetadata to the SBOM document. This prevents accurate artifact tagging and version identification in releases.Expected Behavior:
The tool version should be dynamically injected during the build process using linker flags (for example:
-ldflags "-X main.Version=...").Actual Behavior:
The version is hardcoded to
"0.0.1"regardless of the actual release version.Proposed Solution:
Expose a global
Versionvariable that can be injected at build time, and use that variable when constructing the SBOM metadata.