Skip to content

feat: SBOM linking #223

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jhoward-lm merged 27 commits into from
Dec 19, 2024
Merged

feat: SBOM linking #223

jhoward-lm merged 27 commits into from
Dec 19, 2024

Conversation

@jhoward-lm
Copy link
Contributor

@jhoward-lm jhoward-lm commented Nov 23, 2024

Description

This PR implements the link subcommand.

Miscellaneous

  • VSCode snippet to generate testify suite

Closes #81

Type of change

  • New feature (non-breaking change which adds functionality)

Checklist

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules
  • I have checked my code and corrected any misspellings

@jhoward-lm
chore: update protobom/storage dependency
18326c6 
Signed-off-by: Jonathan Howard <jonathan.w.howard@lmco.com>
@jhoward-lm
feat: link command stubs
f1a72d8 
chore:
- exclude `cobra.*Arg` from `mnd` linter and refactor

Signed-off-by: Jonathan Howard <jonathan.w.howard@lmco.com>
@jhoward-lm
chore: add coverage report to task tests
56d3cfc 
Signed-off-by: Jonathan Howard <jonathan.w.howard@lmco.com>
@jhoward-lm
feat: basic link functionality
e778533 
Signed-off-by: Jonathan Howard <jonathan.w.howard@lmco.com>
@jhoward-lm
refactor: implement LinkOptions instead of generic functions
3e097be 
Signed-off-by: Jonathan Howard <jonathan.w.howard@lmco.com>
@jhoward-lm
Merge branch 'main' of https://github.com/bomctl/bomctl into 81-sbom-…
6c0658f 
…link-feature
@jhoward-lm jhoward-lm self-assigned this Nov 23, 2024
@jhoward-lm jhoward-lm added the enhancement New feature or request label Nov 23, 2024
@jhoward-lm jhoward-lm added this to the v0.5 milestone Nov 23, 2024
ashearin
ashearin reviewed Nov 24, 2024
View reviewed changes
Copy link
Member

@ashearin ashearin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still need to mess with it a bit, only thing I'm not seeing that I'd expect is updates to documentation

@ashearin
Copy link
Member

ashearin commented Nov 24, 2024
edited
Loading

I guess there is something else, are we adding e2e tests for this cmd with this PR or create a follow on issue to do that?

@ashearin
Copy link
Member

ashearin commented Nov 24, 2024

Outside of the scope of this task, but would it make sense to have a flag for bomctl list <sbom-id> to list the nodes of that document, maybe just the name and native id? Potentially have to add a filter flag as well since some of these documents are quite long. Just an idea. (Speaking about base list cmd specifically, not bomctl link list)

ashearin
ashearin reviewed Nov 24, 2024
View reviewed changes
ashearin
ashearin reviewed Nov 24, 2024
View reviewed changes
@jhoward-lm
fix: remove links
f2fa276 
Signed-off-by: Jonathan Howard <jonathan.w.howard@lmco.com>
@jhoward-lm
feat: list incoming links for documents
4d3298e 
Signed-off-by: Jonathan Howard <jonathan.w.howard@lmco.com>
@jhoward-lm
Copy link
Contributor Author

jhoward-lm commented Nov 25, 2024

I guess there is something else, are we adding e2e tests for this cmd with this PR or create a follow on issue to do that?

I would imagine as part of this one

@idunbarh
Copy link
Member

idunbarh commented Dec 4, 2024

From a UX perspective, how does one find the nodeID?

In the SBOM Linking Docs we talk about using partial PURLs to identify components. I would push for something like this to improve the UX.

@jhoward-lm
Merge branch 'main' of https://github.com/bomctl/bomctl into 81-sbom-…
6764891 
…link-feature

Signed-off-by: Jonathan Howard <jonathan.w.howard@lmco.com>
@jhoward-lm
refactor: add option to force list table format
bd008d8 
Signed-off-by: Jonathan Howard <jonathan.w.howard@lmco.com>
@jhoward-lm
fix: handle document aliases, add initial unit test file
238f606 
Signed-off-by: Jonathan Howard <jonathan.w.howard@lmco.com>
lallevato-lm
lallevato-lm requested changes Dec 5, 2024
View reviewed changes
@jhoward-lm
test: add unit/e2e tests
b11d06a 
Signed-off-by: Jonathan Howard <jonathan.w.howard@lmco.com>
@jhoward-lm
refactor: replace arg prefixes with --type flag
95136b9 
Signed-off-by: Jonathan Howard <jonathan.w.howard@lmco.com>
@ghost
Copy link

ghost commented Dec 12, 2024
edited by ghost
Loading

Minder Vulnerability Report ✅

Minder analyzed this PR and found it does not add any new vulnerable dependencies.

Vulnerability scan of 0d7cf310:

  • 🐞 vulnerable packages: 0
  • 🛠 fixes available for: 0

@jhoward-lm
refactor: tracking and displaying links
0df218e 
Signed-off-by: Jonathan Howard <jonathan.w.howard@lmco.com>
@jhoward-lm
Merge branch 'main' of https://github.com/bomctl/bomctl into 81-sbom-…
dd83f98 
…link-feature

Signed-off-by: Jonathan Howard <jonathan.w.howard@lmco.com>
@jhoward-lm
chore: revert unintended table output changes
89ee7d1 
Signed-off-by: Jonathan Howard <jonathan.w.howard@lmco.com>
@jhoward-lm
chore: address lint findings
eda9124 
Signed-off-by: Jonathan Howard <jonathan.w.howard@lmco.com>
@jhoward-lm
Merge branch 'main' of https://github.com/bomctl/bomctl into 81-sbom-…
395ed04 
…link-feature
@jhoward-lm
Merge branch 'main' of https://github.com/bomctl/bomctl into 81-sbom-…
c0e384e 
…link-feature
@jhoward-lm
chore: address lint findings, fix tests, list output
010cf20 
refactor:
- sliceutil.isTruthy logic
- update golangci-lint config

Signed-off-by: Jonathan Howard <jonathan.w.howard@lmco.com>
@jhoward-lm
Merge branch 'main' of https://github.com/bomctl/bomctl into 81-sbom-…
5aa4f54 
…link-feature

Signed-off-by: Jonathan Howard <jonathan.w.howard@lmco.com>
@jhoward-lm jhoward-lm marked this pull request as ready for review December 19, 2024 19:45
@jhoward-lm jhoward-lm requested a review from a team as a code owner December 19, 2024 19:45
lallevato-lm
lallevato-lm reviewed Dec 19, 2024
View reviewed changes
@jhoward-lm
chore: add completions to cobra commands
9b40f94 
Signed-off-by: Jonathan Howard <jonathan.w.howard@lmco.com>
@jhoward-lm
test: link add with invalid document ID
599400c 
Signed-off-by: Jonathan Howard <jonathan.w.howard@lmco.com>
@jhoward-lm
chore: update vulnerable dependency
2881a7a 
Signed-off-by: Jonathan Howard <jonathan.w.howard@lmco.com>
@lmphil
Copy link
Contributor

lmphil commented Dec 19, 2024

Looks good. Only missing changes to the README for the new command.

@jhoward-lm
docs: update README.md
0d7cf31 
Signed-off-by: Jonathan Howard <jonathan.w.howard@lmco.com>
@jhoward-lm
Copy link
Contributor Author

jhoward-lm commented Dec 19, 2024

Looks good. Only missing changes to the README for the new command.

@lmphil README updated

@jhoward-lm jhoward-lm merged commit 8ceaaa1 into bomctl:main Dec 19, 2024
8 checks passed
@jhoward-lm jhoward-lm deleted the 81-sbom-link-feature branch December 19, 2024 21:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lallevato-lm lallevato-lm lallevato-lm approved these changes

@ashearin ashearin ashearin approved these changes

@lmphil lmphil lmphil approved these changes

@eddiezane eddiezane Awaiting requested review from eddiezane

@idunbarh idunbarh Awaiting requested review from idunbarh

@mfrystacky mfrystacky Awaiting requested review from mfrystacky

Assignees

@jhoward-lm jhoward-lm

Labels

enhancement New feature or request

Projects

bomctl
Status: Done

Milestone

v0.4.2

Development

Successfully merging this pull request may close these issues.

SBOM "link" feature

5 participants

@jhoward-lm @ashearin @idunbarh @lmphil @lallevato-lm