Skip to content
Snippets Groups Projects
Select Git revision
  • renovate/major-opa
  • main default protected
  • spike/go-tools-124-gql
  • spike/go-tools-124
  • chore/deepmap
  • docs/mas
  • build/notify
  • fix/du
  • defect/diff
  • defect/json
  • chore/schema
  • feat/diff-json
  • chore/typo
  • build/binaries
  • build/changelog-
  • defect/otel
  • chore/otel
  • chore/dep
  • docs/changelog
  • defect/changelog
  • v0.116.0 protected
  • v0.115.3 protected
  • v0.115.2 protected
  • v0.115.1 protected
  • v0.115.0 protected
  • v0.114.0 protected
  • v0.113.5 protected
  • v0.113.4 protected
  • v0.113.3 protected
  • v0.113.2 protected
  • v0.113.1 protected
  • v0.113.0 protected
  • v0.112.0 protected
  • v0.111.1 protected
  • v0.111.0 protected
  • v0.110.2 protected
  • v0.110.1 protected
  • v0.110.0 protected
  • v0.109.0 protected
  • v0.108.0 protected
40 results

utils.go

  • Jamie Tanna's avatar
    2f0fd190
    Add support for importing SPDX-2.3 SBOMs · 2f0fd190
    Jamie Tanna authored
    As part of #21, we can add support for the parsing of SBOMs on the
    command-line through a new `import sbom` subcommand.
    
    Because the SBOM may not reliably tell us where it's come from
    (platform/org/repo-wise) we can require this on the command-line.
    
    Although it'd be good to use github.com/anchore/syft for the managing of
    parsing types of SBOMs, it's unfortunately blocked by [0], and is a
    fairly heavyweight library due to other functionality within it, which
    would bloat the project.
    
    Instead we can perform a lightweight version of the `formats.Identify`
    functionality to produce a consistent way to expand supported types of
    SBOMs.
    
    To start with, we can add support for SPDX-2.3 SBOMs.
    
    [0]: https://github.com/anchore/syft/issues/2112
    2f0fd190
    History
    Add support for importing SPDX-2.3 SBOMs
    Jamie Tanna authored
    As part of #21, we can add support for the parsing of SBOMs on the
    command-line through a new `import sbom` subcommand.
    
    Because the SBOM may not reliably tell us where it's come from
    (platform/org/repo-wise) we can require this on the command-line.
    
    Although it'd be good to use github.com/anchore/syft for the managing of
    parsing types of SBOMs, it's unfortunately blocked by [0], and is a
    fairly heavyweight library due to other functionality within it, which
    would bloat the project.
    
    Instead we can perform a lightweight version of the `formats.Identify`
    functionality to produce a consistent way to expand supported types of
    SBOMs.
    
    To start with, we can add support for SPDX-2.3 SBOMs.
    
    [0]: https://github.com/anchore/syft/issues/2112
Code owners
Assign users and groups as approvers for specific file changes. Learn more.