Skip to content

Persist analysis data in CycloneDX BOM #694

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mscottford merged 17 commits into from
Sep 26, 2023
Merged

Persist analysis data in CycloneDX BOM #694

mscottford merged 17 commits into from
Sep 26, 2023

Conversation

@mscottford
Copy link
Member

@mscottford mscottford commented Sep 26, 2023
edited
Loading

  • Ensures that a new CycloneDX BOM is generated for each manifest that is analyzed (this was technically a bug that was discovered during this implementation)
  • Stores analysis metadata in each CycloneDX BOM that is generated
  • Stores LibYear values as component metadata
  • Store release history as component metadata

Addresses the following issues:

mscottford and others added 17 commits September 24, 2023 00:34
@mscottford
Fires event after all packages from BOM has been processed
03a5183
@mscottford
Adds activity workflow for processing BOM files
041a618 
The `IBillOfMaterialsProcessor` will be responsible for actually inserting the CycloneDX "properties" into the BOM file. This commit just focuses on the orchestration of kicking off that work.
@mscottford
Ensures that manifest is passed to BOM processor
28d9130
@mscottford
Ensures that multiple boms are cached if there are multiple manifest …
8d46c8f 
…files
@mscottford
Adds timestamps to all cache database entities
610ad01
@mscottford
Switches to different SHA256 hashing method
370005d
@mscottford
Adds helper utility for working with file in the Fixtures directory
d25017c
@mscottford
Adds sample CycloneDX bom
ad511ab
@mscottford
Stores analysis metadata in CycloneDX BOM
848f696 
* Starts implementation of `IBillOfMaterialsProcessor` that is used by activities
    * Right now it just knows how to store analysis metadata. More to come.
* Adds a new field and a new relationship to `CachedHistoryStopPoint` to facilitate metadata generation

Fixes #541.
@mscottford @github-actions
Committing auto generated diagram.
9b20ef8
@mscottford
Extracts thread method
481093a
@mscottford @github-actions
Committing auto generated diagram.
fa028a4
@mscottford
Moves fixture data to parent class
9cf2c2e
@mscottford
Stores libyear as CycloneDX component property values
55c2e6e 
Fixes #542.
@mscottford
Merge branch 'bom-metadata' of github.com:corgibytes/freshli-cli into…
f61fa86 
… bom-metadata
@mscottford
Merge branch 'main' into bom-metadata
7aebf9e
@mscottford
Stores package release history in BOM
aa2127f 
Fixes #540.
@mscottford mscottford marked this pull request as ready for review September 26, 2023 18:27
@mscottford mscottford merged commit 630bfd8 into main Sep 26, 2023
@mscottford mscottford deleted the bom-metadata branch September 26, 2023 18:28
@github-actions github-actions bot locked and limited conversation to collaborators Sep 26, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Store LibYear information in CycloneDX SBOM Store analysis metadata in the CycloneDX SBOM

2 participants

@mscottford