Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ALBS-638: Added CycloneDX formatter #3

Merged
merged 20 commits into from
Sep 22, 2022
Merged

ALBS-638: Added CycloneDX formatter #3

merged 20 commits into from
Sep 22, 2022

Conversation

javihernandez
Copy link
Member

No description provided.

anfimovdm
anfimovdm approved these changes Sep 16, 2022
View reviewed changes
Copy link
Contributor

@anfimovdm anfimovdm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

anfimovdm
anfimovdm reviewed Sep 19, 2022
View reviewed changes
sbom_generator.py Outdated Show resolved Hide resolved
anfimovdm
anfimovdm reviewed Sep 19, 2022
View reviewed changes
libsbom/cyclonedx.py
def generate_package_sbom(self):
# TODO: Figure out how to set the SBOM version, because
# self._bom.version = self.input_data['version'] results
# in adding 'ersion: 1' to the final SBOM
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume that here should be version: 1

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nope, you're reading it correctly 😅. If you try setting the bom version manually, it ends up in a field called "ersion". I left the TODO item to address it later, when we decide how we're going to provide the ability to update already generated sboms.

anfimovdm
anfimovdm approved these changes Sep 19, 2022
View reviewed changes
Copy link
Contributor

@anfimovdm anfimovdm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, but as far I can remember, Eugene told about changing name for our generator, because sbom_generator is too generic

@javihernandez
Copy link
Member Author

lgtm, but as far I can remember, Eugene told about changing name for our generator, because sbom_generator is too generic

Yes, I wanted to dump the comments from Eugene into another ticket and then address them, mostly, because this PR is starting to include things out of scope - although nothing against including all them into it

@javihernandez
Copy link
Member Author

javihernandez commented Sep 19, 2022
edited
Loading

Yes, I wanted to dump the comments from Eugene into another ticket and then address them, mostly, because this PR is starting to include things out of scope - although nothing against including all them into it

I renamed the script into alma_sbom.py. If memory serves me well, the only remaining comment from Eugene is that we should merge the arguments type and format into one, so we enter cyclonedx-json or cylonedx-xml (Created #5)

Korulag
Korulag reviewed Sep 21, 2022
View reviewed changes
README.md Outdated Show resolved Hide resolved
@javihernandez javihernandez requested review from soksanichenko and Korulag and removed request for Korulag and soksanichenko September 21, 2022 19:59
@javihernandez javihernandez merged commit ba2d2d4 into main Sep 22, 2022
@soksanichenko soksanichenko deleted the ALBS-638 branch October 23, 2022 10:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Korulag Korulag Korulag left review comments

@maccelf maccelf maccelf approved these changes

@anfimovdm anfimovdm anfimovdm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@javihernandez @Korulag @maccelf @anfimovdm