Feat/multiple cboms by san-zrl · Pull Request #5 · cbomkit/cbomkit-action

san-zrl · 2025-03-07T11:17:54Z

Implements additional features:

Scans python code (Implement python support #1 )
Produces multiple CBOMs (Implement package/module based CBOM generation #2):
- One CBOM per maven/python package named cbom[_<group_id>]_<artifact_id>_<version>.json.
- One consolidated CBOM over all source code named cbom.json
- All CBOMs uploaded to github asset space via action variable pattern=cbom*.json
Includes giturl, branch, commit hash and subfolder in metadata properties of each CBOM
-> CBOM files can be loaded into CbomKit, links to source code work correctly

Signed-off-by: san-zrl <san@zurich.ibm.com>

n1ckl0sk0rtge

LGTM

san-zrl added 23 commits February 24, 2025 17:36

multiple cboms

91aa28b

Signed-off-by: san-zrl <san@zurich.ibm.com>

use cbom file pattern

eca4853

Signed-off-by: san-zrl <san@zurich.ibm.com>

use cbom file pattern

9d39006

Signed-off-by: san-zrl <san@zurich.ibm.com>

use cbom file pattern

de20d13

Signed-off-by: san-zrl <san@zurich.ibm.com>

use cbom file pattern

9b2c783

Signed-off-by: san-zrl <san@zurich.ibm.com>

fix: ignore parent packages, inherit metadata from parent

f74b25a

Signed-off-by: san-zrl <san@zurich.ibm.com>

fix: ignore parent packages, inherit metadata from parent

daced95

Signed-off-by: san-zrl <san@zurich.ibm.com>

fix: correcty ignore parent packages

fa2f045

Signed-off-by: san-zrl <san@zurich.ibm.com>

added python scanning and generation of consolidated cbom

a744af6

Signed-off-by: san-zrl <san@zurich.ibm.com>

debug version

9f81944

Signed-off-by: san-zrl <san@zurich.ibm.com>

fix: finding package medules

04e942f

Signed-off-by: san-zrl <san@zurich.ibm.com>

increaed heap size

18b3257

Signed-off-by: san-zrl <san@zurich.ibm.com>

increaed heap size

d5809ba

Signed-off-by: san-zrl <san@zurich.ibm.com>

generate consolidated cbom only

ed85139

Signed-off-by: san-zrl <san@zurich.ibm.com>

generate everything, fixed name of overall cbom

5644319

Signed-off-by: san-zrl <san@zurich.ibm.com>

generate everything

50d5b6f

Signed-off-by: san-zrl <san@zurich.ibm.com>

heap size to 8g

52becc9

Signed-off-by: san-zrl <san@zurich.ibm.com>

added cbomkit metadata properties

2d50679

Signed-off-by: san-zrl <san@zurich.ibm.com>

fix packageFolder and commit metadata

af596e2

Signed-off-by: san-zrl <san@zurich.ibm.com>

fix giturl metadata

a27b6fa

Signed-off-by: san-zrl <san@zurich.ibm.com>

increased heap

9cb043d

Signed-off-by: san-zrl <san@zurich.ibm.com>

fixed packageFolder metadata

178670a

Signed-off-by: san-zrl <san@zurich.ibm.com>

property name packageFolder -> subfolder

32b2eb3

Signed-off-by: san-zrl <san@zurich.ibm.com>

san-zrl added the enhancement New feature or request label Mar 7, 2025

san-zrl requested a review from n1ckl0sk0rtge March 7, 2025 11:20

n1ckl0sk0rtge approved these changes Mar 10, 2025

View reviewed changes

n1ckl0sk0rtge merged commit 9ee31c8 into main Mar 10, 2025

n1ckl0sk0rtge deleted the feat/multiple-cboms branch March 10, 2025 15:36

This was referenced Mar 10, 2025

Implement python support #1

Closed

Implement package/module based CBOM generation #2

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Feat/multiple cboms#5

Feat/multiple cboms#5
n1ckl0sk0rtge merged 23 commits intomainfrom
feat/multiple-cboms

san-zrl commented Mar 7, 2025 •

edited

Loading

Uh oh!

n1ckl0sk0rtge left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

san-zrl commented Mar 7, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

n1ckl0sk0rtge left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

san-zrl commented Mar 7, 2025 •

edited

Loading