-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: implement RFC 3553 to add SBOM support #13709
base: master
Are you sure you want to change the base?
Commits on May 28, 2024
-
Explore location to generate SBOM precursor files
Similar to the generation of `depinfo` files, a function is called to generated SBOM precursor file named `output_sbom`. It takes the `BuildRunner` & the current `Unit`. The `sbom` flag can be specified as a cargo build option, but it's currently not configured correctly. To test the generation the flag is set to `true`. This passes in the cargo build config `sbom`.
Configuration menu - View commit details
-
Copy full SHA for 4f15b21 - Browse repository at this point
Copy the full SHA 4f15b21View commit details -
Configuration menu - View commit details
-
Copy full SHA for d8db269 - Browse repository at this point
Copy the full SHA d8db269View commit details -
Configuration menu - View commit details
-
Copy full SHA for 78ad753 - Browse repository at this point
Copy the full SHA 78ad753View commit details -
Configuration menu - View commit details
-
Copy full SHA for e3bf57d - Browse repository at this point
Copy the full SHA e3bf57dView commit details -
Trying to fetch all dependencies
This ignores dependencies for custom build scripts. The output should be similar to what `cargo tree` reports.
Configuration menu - View commit details
-
Copy full SHA for 5296c9e - Browse repository at this point
Copy the full SHA 5296c9eView commit details -
This is similar to what the `cargo metadata` command outputs.
Configuration menu - View commit details
-
Copy full SHA for 4a6a363 - Browse repository at this point
Copy the full SHA 4a6a363View commit details -
Extract logic to fetch sbom output files
This extracts the logic to get the list of SBOM output file paths into its own function in `BuildRunner` for a given Unit.
Configuration menu - View commit details
-
Copy full SHA for 7c13dc7 - Browse repository at this point
Copy the full SHA 7c13dc7View commit details -
Configuration menu - View commit details
-
Copy full SHA for cbd874f - Browse repository at this point
Copy the full SHA cbd874fView commit details -
Add test to check project with bin & lib
* extract sbom config into helper function
Configuration menu - View commit details
-
Copy full SHA for 11dc92d - Browse repository at this point
Copy the full SHA 11dc92dView commit details -
Configuration menu - View commit details
-
Copy full SHA for 9b6e7f7 - Browse repository at this point
Copy the full SHA 9b6e7f7View commit details -
Configuration menu - View commit details
-
Copy full SHA for def6960 - Browse repository at this point
Copy the full SHA def6960View commit details -
Configuration menu - View commit details
-
Copy full SHA for fd0381a - Browse repository at this point
Copy the full SHA fd0381aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 5ba5f32 - Browse repository at this point
Copy the full SHA 5ba5f32View commit details -
Configuration menu - View commit details
-
Copy full SHA for c48d65f - Browse repository at this point
Copy the full SHA c48d65fView commit details -
* disable `sbom` config when `-Zsbom` is not passed as unstable option * refactor tests * add test
Configuration menu - View commit details
-
Copy full SHA for 755fa61 - Browse repository at this point
Copy the full SHA 755fa61View commit details -
This expands the tests to reflect end-to-end tests by comparing the generated JSON output files with expected strings. * add test helper to compare actual & expected JSON content * refactor setup of packages in test
Configuration menu - View commit details
-
Copy full SHA for 5c39a4a - Browse repository at this point
Copy the full SHA 5c39a4aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 3656e32 - Browse repository at this point
Copy the full SHA 3656e32View commit details -
Configuration menu - View commit details
-
Copy full SHA for 96f348a - Browse repository at this point
Copy the full SHA 96f348aView commit details -
Append SBOM file suffix instead of replacing
Instead of replacing the file extension, the `.cargo-sbom.json` suffix is appended to the output file. This is to keep existing file extensions in place. * refactor logic to set `sbom` property from build config * expand build script related test to check JSON output
Configuration menu - View commit details
-
Copy full SHA for 9fa3075 - Browse repository at this point
Copy the full SHA 9fa3075View commit details -
* use `PackageIdSpec` instead of only `PackageId` in SBOM output * change `version` of a dependency to `Option<Version>` * output `Vec<CrateType>` instead of only the first found crate type * output rustc workspace wrapper * update 'warning' string in test using `[WARNING]` * use `serde_json::to_writer` to serialize SBOM * set sbom suffix in tests explicitely, instead of using `with_extension`
Configuration menu - View commit details
-
Copy full SHA for e9e171d - Browse repository at this point
Copy the full SHA e9e171dView commit details -
Output additional fields to JSON
In case a unit's profile differs from the profile information on root level, it's added to the package information to the JSON output. The verbose output for `rustc -vV` is also written to the `rustc` field in the SBOM. * rename `fetch_packages` to `collect_packages` * update JSON in tests to include profile information
Configuration menu - View commit details
-
Copy full SHA for 809bc80 - Browse repository at this point
Copy the full SHA 809bc80View commit details -
Configuration menu - View commit details
-
Copy full SHA for ca659a1 - Browse repository at this point
Copy the full SHA ca659a1View commit details -
Configuration menu - View commit details
-
Copy full SHA for 1e9f5c7 - Browse repository at this point
Copy the full SHA 1e9f5c7View commit details