Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Should amend set compositions to unknown rather than incomplete? #161

Closed
mmarseu opened this issue Apr 15, 2024 · 3 comments · Fixed by #160
Closed

Should amend set compositions to unknown rather than incomplete? #161

mmarseu opened this issue Apr 15, 2024 · 3 comments · Fixed by #160
Assignees
@mmarseu

Comments

@mmarseu
Copy link
Collaborator

mmarseu commented Apr 15, 2024
edited
Loading

As of now, the amend command creates a compositions entry with .aggregate == "incomplete".

The stated goal of this is to explicitly disclaim any completeness of the provided information in the interest of revealing known unknowns. Shouldn't the value then not rather be unknown, which expresses exactly that? "Incomplete" means: this SBOM is known to be incomplete, which it might not actually be. "Unknown" only says: we don't guarantee completeness, which seems to be exactly our intent.
@italvi
Copy link
Collaborator

italvi commented Apr 15, 2024
edited
Loading

Agree, however, I would like to debate about not adding the bom.metadata.component to the list, as we should at least try to know our top-level dependencies. Your opinion?

@mmarseu
Copy link
Collaborator Author

mmarseu commented Apr 15, 2024

@italvi Seems reasonable to me.
In any case, this feature is a result of internal requirements and you're the person to set those requirements. So I don't get a say 😉

@italvi
Copy link
Collaborator

italvi commented Apr 15, 2024

But I'm the guy sitting in the ivory tower, so the view of an user is always valuable 😉.
So: Let's change incomplete to unknown and not add the metadata.component to the list.

mmarseu added a commit that referenced this issue Apr 15, 2024
@mmarseu
fix: Amend no longer overwrites composition of metadata component
0b65dee 
Fixes #161
@italvi italvi mentioned this issue Apr 16, 2024
Merged
mmarseu added a commit that referenced this issue Apr 22, 2024
@mmarseu
fix: Amend now sets correct aggregate
5279c02 
Fixes #161
@mmarseu mmarseu self-assigned this Apr 22, 2024
@mmarseu mmarseu linked a pull request Apr 22, 2024 that will close this issue
feat: Rework amend command, add optional operations #160
Merged
mmarseu added a commit that referenced this issue Apr 23, 2024
@mmarseu
fix: Amend no longer overwrites composition of metadata component
0a3a37c 
Fixes #161
mmarseu added a commit that referenced this issue Apr 23, 2024
@mmarseu
fix: Amend now sets correct aggregate
041ce0e 
Fixes #161
mmarseu added a commit that referenced this issue May 13, 2024
@mmarseu
fix: Amend no longer overwrites composition of metadata component
b86c4a6 
Fixes #161
mmarseu added a commit that referenced this issue May 13, 2024
@mmarseu
fix: Amend now sets correct aggregate
0b0cf15 
Fixes #161
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mmarseu mmarseu

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Rework amend command, add optional operations Festo-se/cyclonedx-editor-validator
2 participants
@mmarseu @italvi