Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add manifest content to sbom' metadata #142

Merged
merged 1 commit into from
Jun 13, 2024
Merged

feat: add manifest content to sbom' metadata #142

merged 1 commit into from
Jun 13, 2024

Conversation

zvigrinberg
Copy link
Collaborator

Description

In order to ease troubleshooting and boost recreation of issues in order to solve them, adding manifest content into sbom metadata field in the sbom json , that is, create two new fields under sbom->metadata.properties -> rhda:manifest:content and rhda:manifest:filename

{
    "bomFormat": "CycloneDX",
    "specVersion": "1.4",
    "version": 1,
    "metadata": {
        "timestamp": "2024-06-13T11:00:18.855Z",
        "component": {
            "group": "example.com",
            "name": "software",
            "version": "v0.0.0",
            "purl": "pkg:golang/example.com/software@v0.0.0",
            "type": "application",
            "bom-ref": "pkg:golang/example.com/software@v0.0.0"
        },
        "properties": [
            {
                "name": "rhda:manifest:content",
                "value": "bW9kdWxlIGV4YW1wbGUuY29tL3NvZnR3YXJlCgoKZ28gMS4yMi40ICAgICAgICAgICAgICAgICAgICAgICAgICAKCgoKCgo="
            },
            {
                "name": "rhda:manifest:filename",
                "value": "go.mod"
            }
        ]
    },
    "components": [
        {
            "group": "example.com",
            "name": "software",
            "version": "v0.0.0",
            "purl": "pkg:golang/example.com/software@v0.0.0",
            "type": "application",
            "bom-ref": "pkg:golang/example.com/software@v0.0.0"
        },
        {
            "name": "go",
            "version": "1.22.4",
            "purl": "pkg:golang/go@1.22.4",
            "type": "library",
            "bom-ref": "pkg:golang/go@1.22.4"
        },
        {
            "name": "toolchain",
            "version": "go1.22.4",
            "purl": "pkg:golang/toolchain@go1.22.4",
            "type": "library",
            "bom-ref": "pkg:golang/toolchain@go1.22.4"
        }
    ],
    "dependencies": [
        {
            "ref": "pkg:golang/example.com/software@v0.0.0",
            "dependsOn": [
                "pkg:golang/go@1.22.4"
            ]
        },
        {
            "ref": "pkg:golang/go@1.22.4",
            "dependsOn": [
                "pkg:golang/toolchain@go1.22.4"
            ]
        },
        {
            "ref": "pkg:golang/toolchain@go1.22.4",
            "dependsOn": []
        }
    ]
}

Checklist

  • I have followed this repository's contributing guidelines.
  • I will adhere to the project's code of conduct.

Additional information

Anything else?

@zvigrinberg zvigrinberg force-pushed the feature/add-manifest-content-to-sbom-metadata branch from 9108631 to 2a43995 Compare June 13, 2024 11:24
@zvigrinberg
feat: add manifest content to sbom' metadata
286be90 
Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
@zvigrinberg zvigrinberg force-pushed the feature/add-manifest-content-to-sbom-metadata branch from 2a43995 to 286be90 Compare June 13, 2024 11:26
@zvigrinberg zvigrinberg merged commit 20ed5df into main Jun 13, 2024
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@zvigrinberg