Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds a reproducibility verification check #371

Merged
merged 1 commit into from
Aug 3, 2022
Merged

Adds a reproducibility verification check #371

merged 1 commit into from
Aug 3, 2022

Conversation

ForestEckhardt
Copy link
Contributor

Checklist

  • I have viewed, signed, and submitted the Contributor License Agreement.
  • I have linked issue(s) that this PR should close using keywords or the Github UI (See docs)
  • I have added an integration test, if necessary.
  • I have reviewed the styleguide for guidance on my code quality.
  • I'm happy with the commit history on this PR (I have rebased/squashed as needed).

@ForestEckhardt ForestEckhardt requested a review from a team as a code owner August 3, 2022 16:35
@ForestEckhardt ForestEckhardt added the semver:patch A change requiring a patch version bump label Aug 3, 2022
@sophiewigmore
Copy link
Member

@ForestEckhardt can you give an explainer on what this code is doing? It's not super clear to me what this is checking

@ForestEckhardt
Copy link
Contributor Author

ForestEckhardt commented Aug 3, 2022
edited
Loading

This is checking that the same output is generated in back to back runs to ensure that the encoding of the SBOMs is deterministic and reproducible in separate runs.

I am doing this by running two scans one at the beginning and one at the end and checking to see that the output of those two scans is identical which is should be cause the underlying thing being scanned has not changed.

@sophiewigmore sophiewigmore merged commit 3d5da08 into v2 Aug 3, 2022
@sophiewigmore sophiewigmore deleted the add-repro-verification-testing branch August 3, 2022 18:10
@ForestEckhardt ForestEckhardt added this to the v2.4.0 milestone Aug 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sophiewigmore sophiewigmore sophiewigmore approved these changes

@ryanmoran ryanmoran Awaiting requested review from ryanmoran ryanmoran is a code owner automatically assigned from paketo-buildpacks/tooling-maintainers

@paketo-bot-reviewer paketo-bot-reviewer Awaiting requested review from paketo-bot-reviewer paketo-bot-reviewer is a code owner automatically assigned from paketo-buildpacks/tooling-maintainers

Assignees
No one assigned
Labels
semver:patch A change requiring a patch version bump
Projects
None yet
Milestone
v2.4.0
Development

Successfully merging this pull request may close these issues.
2 participants
@ForestEckhardt @sophiewigmore