Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[formulation] Capture workflow steps #1573

Open
prabhu opened this issue Jan 16, 2025 · 4 comments
Open

[formulation] Capture workflow steps #1573

prabhu opened this issue Jan 16, 2025 · 4 comments
Labels
formulation good first issue Good for newcomers

Comments

@prabhu
Copy link
Collaborator

prabhu commented Jan 16, 2025

It will be super cool to convert CI workflows such as .github/workflows and gitlab pipeline files into workflow steps. This would immensely help with troubleshooting as well, since the SBOM would list the OS commands and libraries needed to successfully build applications.

https://cyclonedx.org/docs/1.6/json/#formulation_items_workflows_items_steps
@prabhu prabhu added good first issue Good for newcomers formulation labels Jan 19, 2025
@prabhu
Copy link
Collaborator Author

prabhu commented Jan 19, 2025

Candidate for "Winter of Code"

@satwiksps
Copy link
Contributor

I am currently working on this.

@prabhu
Copy link
Collaborator Author

prabhu commented Jan 26, 2025

@satwiksps how are you planning to implement this? By enhancing parseGitHubWorkflowData?

@satwiksps
Copy link
Contributor

Yes, I plan to enhance parseGitHubWorkflowData. I will add logic to extract workflow steps from .github/workflows/*.yml files.
I am extremely sorry for delay in creating the PR. I am working in this issue.

Implementation Plan:

  • Parse Workflow Files:
    Enhance parseGitHubWorkflowData to read and parse YAML files for jobs, steps, and commands.
  • Map Data to CycloneDX Schema:
    Convert extracted steps into the CycloneDX JSON format for workflow steps.
  • Support Key Attributes:
    Capture attributes such as step name, run commands, and uses references.
  • Handle Edge Cases:
    Include error handling for missing or invalid workflow definitions.

Testing and Validation:

  • Create unit tests for different workflow file structures.
  • Ensure the output conforms to the CycloneDX schema.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
formulation good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@prabhu @satwiksps