Skip to content

Upload SBOM from jar file #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 16, 2021
Merged

Upload SBOM from jar file #12

merged 1 commit into from
Dec 16, 2021

Conversation

@eccles
Copy link
Contributor

@eccles eccles commented Dec 8, 2021

Problem:
SBOMS from jar files xmllint checks.

Solution:
Add optional -P flag to suppress validation and allow
either versiosn aor hashes.

Signed-off-by: Paul Hewlett phewlett76@gmail.com

@eccles eccles force-pushed the dev/eccles/sbomscraper-jar-files branch from f5d1e0c to adc4c9f Compare December 8, 2021 15:50
@eccles eccles force-pushed the dev/eccles/sbomscraper-jar-files branch 2 times, most recently from 1291f31 to 1c6a112 Compare December 8, 2021 16:23
@eccles eccles changed the title Upload SBOM from jar filee Upload SBOM from jar file Dec 8, 2021
@eccles eccles force-pushed the dev/eccles/sbomscraper-jar-files branch 5 times, most recently from fff564f to d787a93 Compare December 9, 2021 14:11
@eccles eccles requested a review from landintrees December 9, 2021 17:30
j-hartley
j-hartley reviewed Dec 10, 2021
View reviewed changes
@eccles eccles force-pushed the dev/eccles/sbomscraper-jar-files branch 2 times, most recently from d7edeec to 0620243 Compare December 14, 2021 14:17
landintrees
landintrees reviewed Dec 16, 2021
View reviewed changes
landintrees
landintrees approved these changes Dec 16, 2021
View reviewed changes
Copy link

@landintrees landintrees left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Look good, thanks

@eccles
Upload SBOM from jar file
1a50db7 
Problem:
Deriving SBOMS from jar files requires extra steps and
extra consolidation of internal fields.

Solution:
If a jar URL then fetch and execute syft with 'file:' qualifier.
Add conditional mods to fields in generated sbom to comply with
NTIA requirements.

Signed-off-by: Paul Hewlett <phewlett76@gmail.com>
@eccles eccles force-pushed the dev/eccles/sbomscraper-jar-files branch from eaf945c to 1a50db7 Compare December 16, 2021 10:36
@eccles eccles merged commit 4ecb604 into main Dec 16, 2021
@eccles eccles deleted the dev/eccles/sbomscraper-jar-files branch December 16, 2021 10:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@j-hartley j-hartley j-hartley left review comments

@henry739 henry739 Awaiting requested review from henry739

@honourfish honourfish Awaiting requested review from honourfish

@leflambeur leflambeur Awaiting requested review from leflambeur

@waarg waarg Awaiting requested review from waarg

@wp0pw wp0pw Awaiting requested review from wp0pw

+1 more reviewer

@landintrees landintrees landintrees approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@eccles @j-hartley @landintrees