Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SBOM: add support for CycloneDX v1.5 and add HOST_IMAGE SBOMSourceType #286

Closed
wants to merge 2 commits into from
Closed

SBOM: add support for CycloneDX v1.5 and add HOST_IMAGE SBOMSourceType #286

wants to merge 2 commits into from

Conversation

jinroh
Copy link
Contributor

@jinroh jinroh commented Feb 7, 2024

What does this PR do?

Two changes in sbom.proto:

Motivation

cc @Bit-Doctor

Additional Notes

Possible Drawbacks / Trade-offs

Describe how to test/QA your changes

Reviewer's Checklist

Reviewers: please see the review guidelines.

@jinroh jinroh requested review from a team as code owners February 7, 2024 11:18
@jinroh jinroh force-pushed the jinroh/sbom-host-image branch from 8981c32 to 2a40370 Compare February 7, 2024 11:21
@jinroh jinroh requested review from a team as code owners February 7, 2024 11:21
@jinroh jinroh force-pushed the jinroh/sbom-host-image branch from 2a40370 to 64af5f2 Compare February 7, 2024 11:23
AliDatadog
AliDatadog reviewed Feb 7, 2024
View reviewed changes
proto/sbom/sbom.proto Outdated Show resolved Hide resolved
L3n41c
L3n41c reviewed Feb 7, 2024
View reviewed changes
proto/sbom/sbom.proto
@@ -29,7 +30,8 @@ message SBOMEntity {
string hash = 9; // Hash of the SBOM
oneof sbom {
cyclonedx.v1_4.Bom cyclonedx = 10; // only cyclonedx will be supported initially but putting it optional will allow us to move to another format later
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I’m wondering if it would make sense to rename that field cyclonedx_1_4 for homogeneity with the new field.

Suggested change
cyclonedx.v1_4.Bom cyclonedx = 10; // only cyclonedx will be supported initially but putting it optional will allow us to move to another format later
cyclonedx.v1_4.Bom cyclonedx_1_4 = 10; // only cyclonedx will be supported initially but putting it optional will allow us to move to another format later

It would be a non source compatible change that will require to update:

when bumping the version of agent-payload in those repositories.
But as long as the ID (10) remains unchanged, it has no impact on the on-wire message.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed. Can we plan that in another PR ?

Copy link
Contributor Author

@jinroh jinroh Feb 7, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or we can re-open two separate PRs. One for HOST_IMAGE and one for clyclonedx 1.5.x. That'll make things easier for us.

@jinroh jinroh mentioned this pull request Feb 7, 2024
Merged
@jinroh jinroh closed this Feb 7, 2024
@jinroh jinroh mentioned this pull request Feb 7, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AliDatadog AliDatadog AliDatadog left review comments

@L3n41c L3n41c L3n41c left review comments

@aleloup-dd aleloup-dd aleloup-dd approved these changes

@Bit-Doctor Bit-Doctor Bit-Doctor approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jinroh @Bit-Doctor @L3n41c @aleloup-dd @AliDatadog