Skip to content

feat: human readable sbom integration #2893

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
terriko merged 3 commits into from
Apr 13, 2023
Merged

feat: human readable sbom integration #2893

terriko merged 3 commits into from
Apr 13, 2023

Conversation

@jarebear6expepjozn6rakjq5iczi3irqwphcvb
Copy link
Contributor

@jarebear6expepjozn6rakjq5iczi3irqwphcvb jarebear6expepjozn6rakjq5iczi3irqwphcvb commented Apr 8, 2023

this commit adds a build process for SBOM markdown files triggered by the docs build process.

From your review in the previous implementation:

Could we maybe make it so the human-friendly SBOM formats are generated only for the readthedocs site (e.g. run the >sbom to markdown conversion in doc/Makefile) but not checked in to github as md files every week?

The sbom/Makefile is triggered in doc/Makefile.

I like this one!

@jarebear6expepjozn6rakjq5iczi3irqwphcvb
human readable sbom integration
fd22749 
this commit adds a build process for SBOM markdown files triggered by
the docs build process.
@jarebear6expepjozn6rakjq5iczi3irqwphcvb
Copy link
Contributor Author

jarebear6expepjozn6rakjq5iczi3irqwphcvb commented Apr 8, 2023

fixes issue #2850

@terriko
Copy link
Collaborator

terriko commented Apr 10, 2023

Approving tests to run now. This looks like what I was hoping for, but I'll let the linters and stuff do their job before coming back to review.

@terriko terriko changed the title human readable sbom integration feat: human readable sbom integration Apr 10, 2023
@jarebear6expepjozn6rakjq5iczi3irqwphcvb
Copy link
Contributor Author

jarebear6expepjozn6rakjq5iczi3irqwphcvb commented Apr 10, 2023
edited
Loading

I've not added to the requirements.csv before and it is obviously different than the requirements.txt. How is that usually updated? Just add sbom2doc ?

terriko
terriko requested changes Apr 12, 2023
View reviewed changes
Copy link
Collaborator

@terriko terriko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You'll need to edit the doc/requirements.csv to add sbom2doc. The csv filet gives us a place to add the {vendor, product} pair for looking up CVEs. In this case, I'm rather sure sbom2doc doesn't have any yet, so you'd probably use the following pair in the file, similar to what I did in the main requirements.csv file:

anthonyharrison_not_in_db,sbom2doc

@terriko
Copy link
Collaborator

terriko commented Apr 13, 2023

Approving tests to run again. I think this should be the last time and we might be ready to merge, but I'll let the tests do their work first.

terriko
terriko approved these changes Apr 13, 2023
View reviewed changes
Copy link
Collaborator

@terriko terriko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like we're ready to merge! Thanks for iterating on this one a few times as we figured out the best way to do it, and congratulations on your first merged commit!

@terriko terriko merged commit 40b9280 into ossf:main Apr 13, 2023
@jarebear6expepjozn6rakjq5iczi3irqwphcvb
Copy link
Contributor Author

jarebear6expepjozn6rakjq5iczi3irqwphcvb commented Apr 14, 2023

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@terriko terriko terriko approved these changes

Assignees

No one assigned

Labels

awaiting CI

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jarebear6expepjozn6rakjq5iczi3irqwphcvb @terriko