Skip to content

chore: add provenance as an input CLI option #654

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Mar 1, 2024
Merged

chore: add provenance as an input CLI option #654

merged 5 commits into from
Mar 1, 2024

Conversation

tromai
Copy link
Member

@tromai tromai commented Mar 1, 2024
edited
Loading

Closes #34 .
This PR includes the following additions:

  • A CLI option --provenance-file is added to received the provenance path from the user.
  • The provenance content is loaded using the existing load_provenance_payload method.
  • The provenance payload is stored within the AnalyzeContext that we generate from the main software component.
    This PR does not implements the validation and extracting information from the provenances. That will be added within feat: use provenance to find commits for supported PURL types. #653.

@tromai tromai added the slsa-provenance The issues related to SLSA provenances label Mar 1, 2024
@tromai tromai self-assigned this Mar 1, 2024
@tromai tromai requested a review from behnazh-w as a code owner March 1, 2024 02:55
@oracle-contributor-agreement oracle-contributor-agreement bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label Mar 1, 2024
@benmss benmss self-requested a review March 1, 2024 02:58
@behnazh-w
Copy link
Member

Can you please add this new option to the CLI documentation?

behnazh-w
behnazh-w reviewed Mar 1, 2024
View reviewed changes
src/macaron/slsa_analyzer/analyzer.py Outdated
@@ -125,6 +131,8 @@ def run(self, user_config: dict, sbom_path: str = "", skip_deps: bool = False) -
The path to the SBOM.
skip_deps : bool
Flag to skip dependency resolution.
prov_payload : InToToPayload
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
prov_payload : InToToPayload
prov_payload : InToToPayload | None

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in dcb5386

@benmss
Copy link
Member

benmss commented Mar 1, 2024

Should the provenance_available_check be updated to check the analysis context for user provided provenance?

@behnazh-w
Copy link
Member

Should the provenance_available_check be updated to check the analysis context for user provided provenance?

Changing the provenance check and the related refactoring can be done in the next PR.

@tromai
Copy link
Member Author

tromai commented Mar 1, 2024

Can you please add this new option to the CLI documentation?

I have added it in this commit ca2061e

benmss
benmss approved these changes Mar 1, 2024
View reviewed changes
Copy link
Member

@benmss benmss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

@tromai tromai merged commit 085f280 into staging Mar 1, 2024
@tromai tromai deleted the tromai/provenance-as-an-input branch March 1, 2024 05:04
@tromai tromai mentioned this pull request Apr 10, 2024
Closed
art1f1c3R pushed a commit that referenced this pull request Nov 29, 2024
@tromai
chore: add provenance as an input CLI option (#654)
4a4771f 
Signed-off-by: Trong Nhan Mai <trong.nhan.mai@oracle.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benmss benmss benmss approved these changes

@behnazh-w behnazh-w behnazh-w approved these changes

Assignees

@tromai tromai

Labels
OCA Verified All contributors have signed the Oracle Contributor Agreement. slsa-provenance The issues related to SLSA provenances
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tromai @behnazh-w @benmss