Validate generated SBOMs against gitlab-org/gitlab's CycloneDX schema
Why are we doing this work
This allows us to validate that the generated CycloneDX SBOMs are compatible with the schema used in the GitLab monolith.
Relevant links
Implementation plan
- Add cyclonedx sbom validation library (example) to project
- Create a test case using a representative sbom (or use each sbom in e2e as test case)
- Validate generated sbom against cyclonedx schema 1.4 (spec version used by analyzer)
Verification steps
n/a
- Check-out the corresponding branch
- ...
- Profit! -->
Edited by Igor Frenkel