Skip to content

Add new benchmark_purls pipeline #1804 #1832

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Sep 2, 2025
Merged

Add new benchmark_purls pipeline #1804 #1832

merged 3 commits into from
Sep 2, 2025

Conversation

@tdruez
Copy link
Contributor

@tdruez tdruez commented Sep 2, 2025
edited
Loading

Changes

This PR introduces a new benchmark_purls pipeline. See TODO: docref

Documentation: checking an SBOM against a list of expected PURLs:

Create a new project:

  • Provide 2 inputs:
    • SBOM you want to check
    • The list of expected PURLs as a filename-purls.txt file including 1 PURL per line.
      (You may also flag any filename using the "purls" input tag)
  • Select the load_sbom pipeline and run it
  • Run the benchmark_purls pipeline
  • Download the results from the "output" section

About the results:

  • Lines starting with '-' are missing from the project.
  • Lines starting with '+' are unexpected in the project.

Notes:

  • You can provide multiple expected PURLs files.
  • The load_sbom is presented as an example to benchmark external tools using SBOM to load the data.
    You are welcome to run this pipeline directly after any SCIO pipeline to validate the discovered PURLs.

@tdruez
Add new benchmark_purls pipeline #1804
29383f0 
Signed-off-by: tdruez <tdruez@nexb.com>
@pombredanne
Copy link
Member

pombredanne commented Sep 2, 2025

This works beautifully. I tried using the alpine CDX SBOM from @chinyeungli
scancodeio_alpine_3.22.1_results-2025-09-02-10-15-59.cdx.json

and a modified PURLs as attached
alpine-3.22.1-less-.txt

and I get this correct diff result:
benchmark_purls-2025-09-02-12-48-34.txt

@tdruez
Add unit test for the benchmark_purls pipeline #1804
4a02b63 
Signed-off-by: tdruez <tdruez@nexb.com>
@tdruez
Add documentation about the benchmark_purls pipeline #1804
323bc28 
Signed-off-by: tdruez <tdruez@nexb.com>
@tdruez tdruez merged commit ba53d70 into main Sep 2, 2025
14 of 18 checks passed
@tdruez tdruez deleted the 1804-purl-benchmark branch September 2, 2025 15:07
@tdruez tdruez mentioned this pull request Sep 2, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tdruez @pombredanne