Add compliance policy for empty name and version #3257
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds a new compliance configuration to handle what to do when there is a missing name or version:
Above are the default values, but the possible values a user can put in are:
keep
, add a trace log but the non-compliant package is still added to the SBOMdrop
, exclude the package from results, add a debug logstub
, replace the non-compliant empty value withUNKNOWN
Open questions:
pkgcataloging
package? (instead of thecataloging
package?)Closes #2132
Closes #2652
Closes #2038
Closes #2039