Skip to content

feat: Output Sboms without Modification #210

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ashearin merged 8 commits into from
Nov 22, 2024
Merged

feat: Output Sboms without Modification #210

ashearin merged 8 commits into from
Nov 22, 2024

Conversation

@ashearin
Copy link
Member

@ashearin ashearin commented Nov 13, 2024
edited
Loading

Description

Adds infrastructure and special format flag to output sboms as original source content if appropriate. More information can be found in issue linked below.

** Dependent on a release to protobom storage **

Fixes #187

Type of change

Please delete options that are not relevant.

  • New feature (non-breaking change which adds functionality)
  • This change requires a documentation update

Checklist

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules
  • I have checked my code and corrected any misspellings

@ashearin ashearin self-assigned this Nov 13, 2024
@ashearin
Copy link
Member Author

ashearin commented Nov 13, 2024

Dependent on protobom/storage#42

@ashearin
Copy link
Member Author

ashearin commented Nov 14, 2024

Dependent on protobom/storage#42

Associated storage PR has been merged, updated this branch to point at the master branch for now until a new release is cut so review can be completed

@ashearin ashearin marked this pull request as ready for review November 14, 2024 17:54
@ashearin ashearin requested a review from a team as a code owner November 14, 2024 17:54
@idunbarh
Copy link
Member

idunbarh commented Nov 18, 2024

Something that I think we want to change is the "default" export format. Today its cyclonedx, but I think it should be changed to original.

@ashearin
Copy link
Member Author

ashearin commented Nov 18, 2024

I think that makes sense, It'll output the source bytes unless changes are made. Also aligns with 'format agnostic'

jhoward-lm
jhoward-lm approved these changes Nov 21, 2024
View reviewed changes
@ghost
Copy link

ghost commented Nov 22, 2024

Minder Vulnerability Report ✅

Minder analyzed this PR and found it does not add any new vulnerable dependencies.

Vulnerability scan of 20162772:

  • 🐞 vulnerable packages: 0
  • 🛠 fixes available for: 0

@ashearin @jhoward-lm
remove unnecessary cast
90c21a5 
Co-authored-by: jhoward-lm <140011346+jhoward-lm@users.noreply.github.com>
Signed-off-by: Allen Shearin <allen.p.shearin@gmail.com>
@ashearin ashearin merged commit ef2595a into bomctl:main Nov 22, 2024
7 checks passed
@ashearin ashearin deleted the retrieving-without-modification branch November 22, 2024 16:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jhoward-lm jhoward-lm jhoward-lm approved these changes

@idunbarh idunbarh idunbarh approved these changes

@lallevato-lm lallevato-lm lallevato-lm approved these changes

@lmphil lmphil Awaiting requested review from lmphil

@mfrystacky mfrystacky Awaiting requested review from mfrystacky

Assignees

@ashearin ashearin

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Storing and Retrieving Source SBOMs Without Modification

4 participants

@ashearin @idunbarh @jhoward-lm @lallevato-lm