Skip to content

feat(docs): Some SBOM policies #1125

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
migmartri merged 7 commits into from
Jul 29, 2024
Merged

feat(docs): Some SBOM policies #1125

migmartri merged 7 commits into from
Jul 29, 2024

Conversation

@jiparis
Copy link
Member

@jiparis jiparis commented Jul 24, 2024
edited
Loading

This improves and adds some new policies, including:

  • SBOM is present
  • all components have license
  • no banned licenses
  • no banned packages
  • required packages
  • SBOM freshness (not older than xxxx)

All of them will output an individual message for each violation (for example, the list of packages without licenses)

Closes #1124

jiparis added 3 commits July 23, 2024 18:23
@jiparis
feat(policies): SBOM policies examples
91c5f64 
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
@jiparis
improve policies
1fab692 
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
@jiparis
add freshness policy
ab4fc37 
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
@jiparis jiparis requested review from danlishka and migmartri July 24, 2024 07:34
jiparis added 2 commits July 24, 2024 12:34
@jiparis
remove unneeded rule
0469551 
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
@jiparis
add metadata
224b70a 
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
migmartri
migmartri approved these changes Jul 25, 2024
View reviewed changes
Copy link
Member

@migmartri migmartri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome

@migmartri
Copy link
Member

migmartri commented Jul 29, 2024

@jiparis any reason you are holding the merge? Maybe review from @javirln?

@jiparis
Copy link
Member Author

jiparis commented Jul 29, 2024
edited
Loading

@jiparis any reason you are holding the merge? Maybe review from @javirln?

I'll add your suggestions and merge it right away. @javirln feel free to add your suggestions/comments. Thanks!

jiparis added 2 commits July 29, 2024 13:51
@jiparis
apply suggestions
6c02aff 
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
@jiparis
Merge branch 'main' into PFM-774
8824355
@migmartri migmartri merged commit 5dc73d6 into chainloop-dev:main Jul 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@migmartri migmartri migmartri approved these changes

@danlishka danlishka Awaiting requested review from danlishka

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Create SBOM policies

2 participants

@jiparis @migmartri