Skip to content

Add SBOM test suite and make target#336

Merged
tschm merged 3 commits intoclaude2from
copilot/sub-pr-321
Jan 18, 2026
Merged

Add SBOM test suite and make target#336
tschm merged 3 commits intoclaude2from
copilot/sub-pr-321

Conversation

Copy link
Contributor

Copilot AI commented Jan 17, 2026
edited
Loading

Adds testing infrastructure for SBOM (Software Bill of Materials) generation to validate the output added to releases in commit 538f528.

Test Suite (tests/test_rhiza/test_sbom.py)

  • 4 tests covering SPDX and CycloneDX JSON format generation
  • Validates structure compliance and metadata completeness
  • Includes test on actual repository showing real output with package counts

Make Target

make sbom  # Generates sbom.spdx.json and sbom.cyclonedx.json

Uses uvx syft to generate both formats locally, matching CI/CD behavior.

Configuration

  • Added sbom*.json patterns to .gitignore
  • Documentation in tests/test_rhiza/README_SBOM.md covers SBOM concepts and usage

Addresses request to see SBOM output before releases.

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI mentioned this pull request Jan 17, 2026
Open
Copilot AI and others added 2 commits January 17, 2026 12:26
@tschm
Add SBOM test suite and make target
62fda93 
Co-authored-by: tschm <2046079+tschm@users.noreply.github.com>
@tschm
Fix redundant assertion in CycloneDX test
44032f1 
Co-authored-by: tschm <2046079+tschm@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Jan 17, 2026

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • astral.sh
    • Triggering command: /usr/bin/curl curl -LsSf REDACTED .github/workflows/rhiza_sync.yml .github/workflows/rhiza_docker.yml .github/workflows/rhiza_security.yml .github/workflows/rhiza_book.yml .github/workflows/rhiza_pre-commit.yml .github/workflows/rhiza_codeql.yml (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI changed the title [WIP] Add documentation for .rhiza including analysis and README Add SBOM test suite and make target Jan 17, 2026
Copilot AI requested a review from tschm January 17, 2026 12:29
@tschm tschm requested a review from HarryCampion January 17, 2026 12:29
@tschm tschm marked this pull request as ready for review January 17, 2026 12:29
@tschm tschm merged commit c260b21 into claude2 Jan 18, 2026
@tschm tschm deleted the copilot/sub-pr-321 branch January 18, 2026 11:57
tschm added a commit that referenced this pull request Jan 18, 2026
@tschm @claude
Update analysis.md: score improved 8.8 → 9.4
dea594a 
Reflects completed improvements:
- Documentation: 9→10 (glossary PR #356, quick reference PR #358)
- Developer Experience: 9→10 (quick reference card)
- Security: 8→9 (SLSA PR #353, SECURITY.md PR #354, SBOM PR #336)
- Dependency Management: 8→9 (upper bounds PR #355, docs PR #357)
- Shell Scripts: 8→9 (shellcheck/dry-run/set -eu PR #350)

12 of 15 priority improvements completed via PRs #336, #348-358.
Remaining: coverage thresholds, architecture diagrams, mypy.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tschm tschm Awaiting requested review from tschm

@HarryCampion HarryCampion Awaiting requested review from HarryCampion

Assignees

@tschm tschm

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tschm