-
Notifications
You must be signed in to change notification settings - Fork 49
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add initial support for generating SPDX SBOM documents (COMPOSER-2274) #930
Conversation
fdd614e
to
9db4d0b
Compare
The PR is ready for review. |
The osbuild-composer test failures are expected (and not blocking), since the PR needs code changes to be integrated in osbuild-composer. |
Update the ref to a version, which supports SBOM documents. Signed-off-by: Tomáš Hozza <[email protected]>
Add a new `sbom` package for working with SBOM documents. It provides a very simple wrapper struct, which currently supports only SPDX standard. The SBOM document is for now stored in a raw JSON form, to not have to convert the raw data from and to the specific in-memory representation on the worker. The idea is to provide a bit of an abstraction from the specific SBOM implementation, so that in the future, it would be possible to create `sbom.Document` from SBOM documents of various standards and also serialize it back to various SBOM standards. Signed-off-by: Tomáš Hozza <[email protected]>
Extend the `Solver.Depsolve()` method to allow requesting SBOM document for the depsolved transaction. In case an SBOM document is requested, a pointer to `sbom.Document` instance is returned with the depsolve result. Signed-off-by: Tomáš Hozza <[email protected]>
Since the number of the `Solver.Depsolve()` return values is slowly getting out of hands, introduce a `DepsolveResult` struct containing all of the return values. `Depsolve()` now returns a pointer to `DepsolveResult`. Signed-off-by: Tomáš Hozza <[email protected]>
Signed-off-by: Tomáš Hozza <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TY! LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks!
This PR depends on osbuild/osbuild#1818
sbom
package for working with SBOM documents.dnfjson
Solver.Depsolve()
to support requesting SBOM documents for depsolved transactions.