-
Notifications
You must be signed in to change notification settings - Fork 85
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for CycloneDX 1.4 to the "inspect-manifest" pipeline to import the SBOM into a Project #583
Comments
we need to provide a good example of an SPDX 2.3 import to indicate how this might best be done. |
This may depend on CycloneDX/cyclonedx-python-lib#290 |
- A CycloneDx `component` can have a `list of components`, those are dumped to extra_data as `nestedComponents`. Furthermore, these lists of components are recursively parsed and treated as normal package. - The Component may have multiple URLs in externalReferences. The first URL of the reference is added to the applicable package_data URL, while the rest are dumped in extra_data as externalReferences. fixes aboutcode-org#583 Signed-off-by: Keshav Priyadarshi <[email protected]>
- CycloneDx `component` can have a `list of components`, those are dumped to extra_data as `nestedComponents`. Furthermore, these lists of components are recursively parsed and treated as normal package. - The Component may have multiple URLs in externalReferences. The first URL of the reference is added to the applicable package_data URL, while the rest are dumped in extra_data as externalReferences. fixes aboutcode-org#583 Signed-off-by: Keshav Priyadarshi <[email protected]>
- CycloneDx `component` can have a `list of components`, those are dumped to extra_data as `nestedComponents`. Furthermore, these lists of components are recursively parsed and treated as normal package. - The Component may have multiple URLs in externalReferences. The first URL of the reference is added to the applicable package_data URL, while the rest are dumped in extra_data as externalReferences. fixes aboutcode-org#583 Signed-off-by: Keshav Priyadarshi <[email protected]>
- CycloneDx `component` can have a `list of components`, those are dumped to extra_data as `nestedComponents`. Furthermore, these lists of components are recursively parsed and treated as normal package. - The Component may have multiple URLs in externalReferences. The first URL of the reference is added to the applicable package_data URL, while the rest are dumped in extra_data as externalReferences. fixes aboutcode-org#583 Signed-off-by: Keshav Priyadarshi <[email protected]>
- CycloneDx `component` can have a `list of components`, those are dumped to extra_data as `nestedComponents`. Furthermore, these lists of components are recursively parsed and treated as normal package. - The Component may have multiple URLs in externalReferences. The first URL of the reference is added to the applicable package_data URL, while the rest are dumped in extra_data as externalReferences. Fixes aboutcode-org#583 Signed-off-by: Keshav Priyadarshi <[email protected]>
- CycloneDx `component` can have a `list of components`, those are dumped to extra_data as `nestedComponents`. Furthermore, these lists of components are recursively parsed and treated as normal package. - The Component may have multiple URLs in externalReferences. The first URL of the reference is added to the applicable package_data URL, while the rest are dumped in extra_data as externalReferences. Fixes aboutcode-org#583 Signed-off-by: Keshav Priyadarshi <[email protected]>
- CycloneDx `component` can have a `list of components`, those are dumped to extra_data as `nestedComponents`. Furthermore, these lists of components are recursively parsed and treated as normal package. - The Component may have multiple URLs in externalReferences. The first URL of the reference is added to the applicable package_data URL, while the rest are dumped in extra_data as externalReferences. Signed-off-by: Keshav Priyadarshi <[email protected]>
Signed-off-by: Thomas Druez <[email protected]>
Signed-off-by: Thomas Druez <[email protected]>
@keshav-space re-opening as the To reproduce, turn-off your internet connection and the following unit tests will fail:
The seems to be an issue with the validate_document function. That code and the tests should never depend on having internet connectivity. |
@keshav-space fix confirmed, thanks! |
Signed-off-by: Thomas Druez <[email protected]>
Add support for CycloneDX 1.4 to the "inspect-manifest" pipeline to import the SBOM into a Project
The text was updated successfully, but these errors were encountered: