Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SBoM validation should check OS Architecture is valid #3621

Open
sxa opened this issue Jan 26, 2024 · 0 comments
Open

SBoM validation should check OS Architecture is valid #3621

sxa opened this issue Jan 26, 2024 · 0 comments
Labels
aarch Issues that affect or relate to the aarch ARCHITECTURE arm Issues that affect or relate to the ARM OS docker Issues related to our docker files and docker scripts enhancement Issues that enhance the code or documentation of the repo in any way macos Issues that affect or relate to the MAC OS

Comments

@sxa
Copy link
Member

sxa commented Jan 26, 2024

Follow-on activity to #3484
We do not currently check the OS Architecture field in the SBoM. This came up as part of #3602 where, in the cross-compiled situation, the architecture is that of the host system instead of the target. This example is from https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.2%2B13/OpenJDK21U-sbom_x64_mac_hotspot_21.0.2_13.json:

    "properties" : [
      {
        "name" : "OS version",
        "value" : "Darwin 23.1.0"
      },
      {
        "name" : "OS architecture",
        "value" : "arm64"
      },

For other non-native compilations:

  • This will also affect the evaluation Windows/aarch64 which is cross-compiled from x64
  • Arm32 (built in a docker container on aarch64) is unaffected as the build image has a uname wrapper to fix the value to that of the guest container
  • riscv64 is unaffected as the qemu layer used for running the build containers on aarch64 returns the correct value in the container, not the host kernel.
@sxa sxa added the enhancement Issues that enhance the code or documentation of the repo in any way label Jan 26, 2024
@github-actions github-actions bot added aarch Issues that affect or relate to the aarch ARCHITECTURE arm Issues that affect or relate to the ARM OS docker Issues related to our docker files and docker scripts macos Issues that affect or relate to the MAC OS labels Jan 26, 2024
@sxa sxa changed the title SBoM validation shold check OS Architecture is valid SBoM validation should check OS Architecture is valid Jan 31, 2024
This was referenced Feb 19, 2024
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
aarch Issues that affect or relate to the aarch ARCHITECTURE arm Issues that affect or relate to the ARM OS docker Issues related to our docker files and docker scripts enhancement Issues that enhance the code or documentation of the repo in any way macos Issues that affect or relate to the MAC OS
Projects
Adoptium Backlog
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sxa