Skip to content

feat: add SBOM data model and support for npm and maven #35

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 16 commits into from
Aug 8, 2023
Merged

feat: add SBOM data model and support for npm and maven #35

merged 16 commits into from
Aug 8, 2023

Conversation

zvigrinberg
Copy link
Contributor

Description

  • Replace data model to be sent to backend - CycloneDX SBOM.
  • Add generic code to generate CycloneDX SBOM for all package managers, so each package manager only need to use the API interface exposed by it in order to create the SBOM.
  • Add support for NPM by generating SBOM both for stack analysis and component analysis request.
  • Generated Sbom for Maven for both requests, instead of json list and dot graph models.
  • Add tests and adapt current tests to the new data model.
  • update integration tests.

Related issue (if any): fixes #issue_number_goes_here

Checklist

  • I have followed this repository's contributing guidelines.
  • I will adhere to the project's code of conduct.

@zvigrinberg
add sbom and npm support with CycloneDX javascript library - the sbom…
9aeb7d6 
… data model structure is not consistent with the sbom data model of the CycloneDX Java SDK data model

Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
@zvigrinberg
feature: add sbom and npm support - modify sbom model from CycloneDX …
031596f 
…javascript library model, to javascript object self made Object model , so the generated SBOM will be consistent with the java api client and what the exhort-backend service is expecting

Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
@zvigrinberg
fix: prevent potential duplicates in dependencies' dependsOn list
bdd28ad 
Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
@zvigrinberg
fix: eliminate bug of duplicated components in components list
bb0c53d 
Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
@zvigrinberg
feature: add generic functionality of filterIgnoreDeps from CycloneDx…
f16bb35 
… SBOM

docs: add documentation to few functions

Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
@zvigrinberg
docs: fine tune functions' documentation
80818d0 
Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
@zvigrinberg
test: add 4 unitests for testing sbom generation for npm package manager
8587041 
feat : complete all missing parts in adding support for sbom and npm package manager

Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
@zvigrinberg
feat: adjust maven java provider to generate sbom json instead of jso…
eb09364 
…n list and dot graph

test: adjust and refactor all maven tests to check sbom instead of deprecated input/models to be sent to backend, and add new tests with bigger pom.xml

Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
@zvigrinberg
test: fix usage and cleanup of sinon' useFakeTimers Function
92c3e0d 
Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
@zvigrinberg zvigrinberg changed the title Add generic SBOM generation capability and support for npm and maven Add SBOM data model and support for npm and maven Aug 8, 2023
@zvigrinberg
test: adapt endpoints in tests
e0b525a 
Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
@zvigrinberg
test: adapt all 4 expected backend responses in integration tests
a4e092d 
Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
@zvigrinberg zvigrinberg changed the title Add SBOM data model and support for npm and maven feat: Add SBOM data model and support for npm and maven Aug 8, 2023
@zvigrinberg zvigrinberg changed the title feat: Add SBOM data model and support for npm and maven feat: add SBOM data model and support for npm and maven Aug 8, 2023
@zvigrinberg
refactor: fix lint errors, and encapsulate/hide CycloneDx sbom object…
635d860 
… behind a facade generic sbom object

Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
@zvigrinberg
test: adjust timestamp in expected sboms to be like mocked timer
5f74b6f 
Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
@zvigrinberg
test: fix broken integration tests
d48429b 
Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
@zvigrinberg
chore: run integration tests against real API Backend
c202b4f 
Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
@zvigrinberg
docs: complete documentation
d872a4f 
Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
@zvigrinberg zvigrinberg merged commit 2dc41cc into main Aug 8, 2023
@zvigrinberg zvigrinberg deleted the sbom-npm-mvn-api branch August 8, 2023 12:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@IlonaShishov IlonaShishov IlonaShishov approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@zvigrinberg @IlonaShishov