Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Parse CycloneDX Legal information #1985

Merged
merged 3 commits into from
Jul 16, 2024
Merged

Parse CycloneDX Legal information #1985

merged 3 commits into from
Jul 16, 2024

Conversation

pxp928
Copy link
Collaborator

@pxp928 pxp928 commented Jun 27, 2024
edited
Loading

Description of the PR

Update CDX parser to capture legal information that is contained in the SBOM. Unit tests have been updated to test the new functionality.

Related to the open issue: #1014, and completes the update to the CycloneDX Parser.

Updates were made based on the design doc: https://docs.google.com/document/d/1NmLlU5wuP2X9CK7QCWZkkOciNn1QFLKQCFCW9CEI8HQ/edit

PR Checklist

  • All commits have a Developer Certificate of Origin (DCO) -- they are generated using -s flag to git commit.
  • All new changes are covered by tests
  • If GraphQL schema is changed, make generate has been run
  • If GraphQL schema is changed, GraphQL client updates/additions have been made
  • If OpenAPI spec is changed, make generate has been run
  • If collectsub protobuf has been changed, make proto has been run
  • All CI checks are passing (tests and formatting)
  • All dependent PRs have already been merged

@pxp928
update cdx parser to capture license information
c19cedb 
Signed-off-by: pxp928 <parth.psu@gmail.com>
@pxp928
complete update for cdx legal parser and update unit tests
b8971f8 
Signed-off-by: pxp928 <parth.psu@gmail.com>
@pxp928 pxp928 requested a review from jeffmendoza June 27, 2024 21:21
@pxp928 pxp928 added the needs-review Needs writer LGTM label Jul 1, 2024
@jeffmendoza
Copy link
Collaborator

Did you get small-legal-cyclonedx.json from somewhere? It seems to be not correct according to the spec.

name

"If SPDX does not define the license used, this field may be used to provide the license name"

@pxp928
Copy link
Collaborator Author

pxp928 commented Jul 1, 2024

Did you get small-legal-cyclonedx.json from somewhere? It seems to be not correct according to the spec.

name

"If SPDX does not define the license used, this field may be used to provide the license name"

oh yeah its not real. I made it up to capture multiple usecases

@pxp928
make updates based on comments, add missing options for license for C…
fd69979 
…DX and fix unit tests

Signed-off-by: pxp928 <parth.psu@gmail.com>
@pxp928
Copy link
Collaborator Author

pxp928 commented Jul 8, 2024

@jeffmendoza PTAL, I made the changes based on the comments and updated the unit tests.

@kodiakhq kodiakhq bot merged commit 9d51e44 into guacsec:main Jul 16, 2024
8 checks passed
@pxp928 pxp928 deleted the cdx-legal branch July 16, 2024 18:37
@pxp928 pxp928 mentioned this pull request Jul 16, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mihaimaruseac mihaimaruseac mihaimaruseac approved these changes

@jeffmendoza jeffmendoza jeffmendoza approved these changes

Assignees
No one assigned
Labels
needs-review Needs writer LGTM size/XL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pxp928 @jeffmendoza @mihaimaruseac