Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: SBOM output format #115

Closed
wants to merge 1 commit into from
Closed

feat: SBOM output format #115

wants to merge 1 commit into from

Conversation

JamieMagee
Copy link
Member

This PR adds support for a new --ManifestFileFormat flag which accepts:

  • ComponentDetection
  • CycloneDx
  • SPDX

Currently ComponentDetection (default) and CycloneDx are implemented, with plans to implement SPDX once the proof-of-concept is accepted.

@JamieMagee JamieMagee requested a review from a team as a code owner May 2, 2022 21:50
@JamieMagee JamieMagee requested a review from astatide May 2, 2022 21:50
@JamieMagee JamieMagee force-pushed the users/jamagee/cyclonedx branch from 379fdc7 to 90e97ab Compare May 2, 2022 21:51
@github-actions
Copy link

github-actions bot commented May 2, 2022

👋 Hi! It looks like you modified some files in the Detectors folder.
You may need to bump the detector versions if any of the following scenarios apply:

  • The detector detects more or fewer components than before
  • The detector generates different parent/child graph relationships than before
  • The detector generates different devDependencies values than before

If none of the above scenarios apply, feel free to ignore this comment 🙂

@JamieMagee
Copy link
Member Author

@coderpatros does the CycloneDx mapper contain enough information? Is there anything I am missing?

coderpatros
coderpatros reviewed May 17, 2022
View reviewed changes
Copy link

@coderpatros coderpatros left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks pretty good to me. Although there are a couple of spots that could include more information.

@coderpatros
Copy link

@JamieMagee I can't remember if I've mentioned this to you before. But we also have a CycloneDX.Spdx NuGet package. It has SPDX data models and a JSON serializer implemented. Doco is here https://cyclonedx.github.io/cyclonedx-dotnet-library/api/CycloneDX.Spdx.Models.v2_2.html

@JamieMagee JamieMagee force-pushed the users/jamagee/cyclonedx branch 2 times, most recently from 2b62709 to 0317305 Compare June 15, 2022 16:19
@cobya cobya added type:feature Feature (new functionality) dependencies Pull requests that update a dependency file version:minor labels Jun 27, 2022
@JamieMagee JamieMagee force-pushed the users/jamagee/cyclonedx branch from 0317305 to 4fba698 Compare July 4, 2022 05:22
@JamieMagee
Copy link
Member Author

Build failures are related to dotnet/runtime#61602

@JamieMagee JamieMagee requested review from cobya and removed request for astatide July 4, 2022 05:22
@sailro
Copy link
Member

sailro commented Dec 15, 2022

@JamieMagee I'm really interested by this PR. Now that you fully switched to .NET 6, rebasing this work on top of main should solve previous build failures related to Json/.NET Core 3.x. What do you think ?
Thanks!

@JamieMagee JamieMagee force-pushed the users/jamagee/cyclonedx branch from 4fba698 to 96a8a85 Compare January 4, 2023 19:55
@github-actions
Copy link

github-actions bot commented Jan 4, 2023

👋 Hi! It looks like you modified some files in the Detectors folder.
You may need to bump the detector versions if any of the following scenarios apply:

  • The detector detects more or fewer components than before
  • The detector generates different parent/child graph relationships than before
  • The detector generates different devDependencies values than before

If none of the above scenarios apply, feel free to ignore this comment 🙂

@JuergenGutsch JuergenGutsch mentioned this pull request Jan 25, 2024
Open
@FernandoRojo
Copy link
Contributor

Closing due to low priority / large conflicts, We have an open issue tracking this effort here: #42 and we will revisit the work when resolving that issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderpatros coderpatros coderpatros left review comments

@cobya cobya Awaiting requested review from cobya

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file type:feature Feature (new functionality) version:minor
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@JamieMagee @coderpatros @sailro @FernandoRojo @cobya