New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introduce a single SBOM document #606
Conversation
Benchmark Test ResultsBenchmark results from the latest changes vs base branch
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
First pass.
I like the new SBOM
struct and how it just encapsulates current information. Is there a future where the underlying Artifacts
struct is changed as we build into developing relationships between everything?
Also small comments on data loss across the new outputs of the golden snapshots. I wasn't sure if we wanted to start excluding the information, or if it got lost as a consequence of moving to the new encode architecture.
internal/formats/spdx22json/test-fixtures/snapshot/TestSPDXJSONImagePresenter.golden
Show resolved
Hide resolved
internal/formats/syftjson/test-fixtures/snapshot/TestImagePresenter.golden
Show resolved
Hide resolved
bf6a2cd
to
4757c25
Compare
Indeed! I have some of that drafted out in #607, specifically: Line 13 in c3a65f5
This is where the relationships object gets promoted to in the end (the |
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
4757c25
to
95bd1fd
Compare
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
15a896f
to
7c142e5
Compare
dabefda
to
19b9013
Compare
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
19b9013
to
197c27b
Compare
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very nice work! 👏
I had just one question from curiosity
@spiffcs thanks a ton for solving what ended up being a caching issue I was having --I was starting to go a little crazy there 🙌 |
* [wip] single sbom doc Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix more tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update cli tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove scope in import path Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * swap SPDX tag-value formatter to single sbom document Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bust CLI cache Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update fixture to byte diff Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> * byte for byte Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> * bust the cache Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> * who needs cache Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> * add jar for testing Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> * no more bit flips Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> * update apk with the delta for image and directory cases Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> * restore cache workflow Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> Co-authored-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
This PR replaces
poweruser.JSONDocumentConfig
withsbom.SBOM
. Specifically this datastructure is being promoted as a first-class object to be used internally for tasking, presentation, and processing concerns. This is proposed in #555 (comment) but closely affects #554 and #556.The main proposal of the PR is the following datastructure:
syft/syft/sbom/sbom.go
Lines 10 to 23 in a26e9e4
All other changes attempt to promote usage of this data structure over passing parts of an SBOM around, for example... replacing:
with:
Notes:
sbom.SBOM
in other PRs implementing Prefer artifact relationships over package relationships #556source.Scope
was removed from any presenter output as described in Encapsulate all artifacts in syft JSON output #555 (comment)