Skip to content

docs: ADR-0002: import subcommand #102

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
idunbarh merged 3 commits into from
Aug 5, 2024
Merged

docs: ADR-0002: import subcommand #102

idunbarh merged 3 commits into from
Aug 5, 2024

Conversation

@jhoward-lm
Copy link
Contributor

@jhoward-lm jhoward-lm commented Jul 9, 2024
edited by idunbarh
Loading

2. Import subcommand

Date: 2024-07-09

Status

Accepted

Context

There is currently no capability of importing SBOM or protobom data from either stdin or local filesystem path(s).

Decision

Introduce an import command that will accept one of the following options as input:

  • stream of bytes piped from stdin by using the argument -
  • path to a local file or files as optional positional arguments
    • alternatively, input files could could be specified with an explicit flag, such as --input, --file, --path, etc.

The supported input types will be:

  • CycloneDX SBOM
  • SPDX SBOM
  • Protobom Document (such as the serialized protocol buffer storage format used by the Protobom FileSystemBackend)

The fetch command will now be able to simply fetch raw bytes data and leverage the new import logic to store.

Consequences

Integration between CLI tools

Promotes integration with other CLI tools by accepting their piped output.

For example, this could enable usage patterns such as:

curl --silent --url https://acme.example.com/sbom.cdx.json | bomctl import

Input flexibility

Presents additional input options for users that may feel more natural.

Feature parity

Adds a counterpart to the export command for feature parity and completeness.

References

@jhoward-lm
docs: add ADR for import subcommand
b03a2cc 
Signed-off-by: Jonathan Howard <jonathan.w.howard@lmco.com>
@jhoward-lm jhoward-lm added the documentation Improvements or additions to documentation label Jul 9, 2024
@jhoward-lm jhoward-lm self-assigned this Jul 9, 2024
@jhoward-lm jhoward-lm requested a review from a team as a code owner July 9, 2024 18:27
idunbarh
idunbarh reviewed Jul 9, 2024
View reviewed changes
eddiezane
eddiezane reviewed Jul 29, 2024
View reviewed changes
@idunbarh
chore: updates from community call feedback and acceptance of ADR
be71889 
Signed-off-by: Ian Dunbar-Hall <ian.dunbar-hall@lmco.com>
@idunbarh
Copy link
Member

idunbarh commented Jul 29, 2024

Assuming the last comment gets resolved, this ADR was updated and accepted during the community call on 7/29/2024.

@idunbarh idunbarh merged commit e707061 into main Aug 5, 2024
@idunbarh idunbarh deleted the adr/import-subcommand branch August 5, 2024 15:49
@idunbarh idunbarh added the adr Architecture Decision Records use to decide architecture or implementation details of `bomctl` label Aug 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eddiezane eddiezane eddiezane left review comments

@idunbarh idunbarh idunbarh approved these changes

@ashearin ashearin ashearin approved these changes

@houdini91 houdini91 Awaiting requested review from houdini91

@mfrystacky mfrystacky Awaiting requested review from mfrystacky

Assignees

@jhoward-lm jhoward-lm

Labels

adr Architecture Decision Records use to decide architecture or implementation details of `bomctl` documentation Improvements or additions to documentation

Projects

bomctl
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@jhoward-lm @idunbarh @eddiezane @ashearin @mfrystacky