Skip to content

BOM per binary, take 3 #619

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 15 commits into from
Feb 19, 2024
Merged

BOM per binary, take 3 #619

merged 15 commits into from
Feb 19, 2024

Conversation

Shnatsel
Copy link
Contributor

Adds --output-pattern=binary and --output-pattern=cargo-target modes that emit SBOMs for compiled binaries and for all compilation targets (including Rust libraries that do not exist as standalone binaries) respectively.

@lfrancke please test this and let me know if --output-pattern=binary fulfills your needs.

@Shnatsel Shnatsel requested a review from lfrancke February 17, 2024 01:10
@Shnatsel Shnatsel requested a review from a team as a code owner February 17, 2024 01:10
@Shnatsel
Flesh out the toplevel component replacement logic in per-binary SBOM…
464363d 
… writing

Signed-off-by: Sergey "Shnatsel" Davidoff <[email protected]>
@Shnatsel
Much more complete toplevel component in per-binary SBOMs
ab593fc 
Signed-off-by: Sergey "Shnatsel" Davidoff <[email protected]>
@Shnatsel
Wire up actually writing out the file
09d5d88 
Signed-off-by: Sergey "Shnatsel" Davidoff <[email protected]>
@Shnatsel
cargo fmt
5e77da9 
Signed-off-by: Sergey "Shnatsel" Davidoff <[email protected]>
@Shnatsel
Adjust the code to make 'cargo fmt' style less gross
74b8d5e 
Signed-off-by: Sergey "Shnatsel" Davidoff <[email protected]>
@Shnatsel
Move validation to the writing function so that all SBOMs from all co…
71a9220 
…depaths go through it

Signed-off-by: Sergey "Shnatsel" Davidoff <[email protected]>
@Shnatsel
Add target filename parameter to the filename-determining function an…
855d00a 
…d finish the filename logic for it

Signed-off-by: Sergey "Shnatsel" Davidoff <[email protected]>
@Shnatsel Shnatsel mentioned this pull request Feb 18, 2024
Merged
lfrancke
lfrancke approved these changes Feb 19, 2024
View reviewed changes
Copy link
Contributor

@lfrancke lfrancke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good to me.
I tried it on two repositories and the results look good.

When I had my PR for his (naive in comparison) I used the "lib" as a prefix so that the name of the artifact would look similar to the name of the SBOM.
But I also found out that the final name of an artifact is not currently exposed anywhere.

This might come with rust-lang/rfcs#3553
Anyway...good to go as is I think. There is no "correct" way to name these files so either way is good.

Just needs your DCO

@Shnatsel Shnatsel merged commit d55c6ed into CycloneDX:main Feb 19, 2024
@Shnatsel Shnatsel mentioned this pull request Jul 11, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lfrancke lfrancke lfrancke approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Shnatsel @lfrancke