Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support --normalize flag (sort+) for CycloneDX BOM on trim command output #81

Merged
merged 43 commits into from
Apr 26, 2024
Merged

Support --normalize flag (sort+) for CycloneDX BOM on trim command output #81

merged 43 commits into from
Apr 26, 2024

Conversation

mrutkows
Copy link
Contributor

@mrutkows mrutkows commented Apr 5, 2024
edited
Loading

This would be a first step to fully normalize all BOM structures (e.g., Components, Services, Vulns., ExternalRefs. Properties, etc.) which should help Diff and potential future Merge commands.

mrutkows added 30 commits April 5, 2024 17:39
@mrutkows
Sort CycloneDX BOM top-level arrays before diff
69c9067 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Sort CycloneDX BOM top-level arrays before diff
2e82781 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Add initial support for a sort flag on the Trim command
4138911 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Add more sort tiebreaker fields for Component struct
b903e80 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Add more sort tiebreaker fields for Services and Vulnerabilites structs
79ead2c 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Add more sort tiebreaker fields for Services and Vulnerabilites structs
d97f439 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
clean up sort function comments
9aca51f 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
break out sort functions and support recursive Components sort
0172560 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Continue to support more data schema for sort/comparison
5bb773f 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Organize sort hierarchy to use top-down sort and comparator functions
f16485f 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Refactor sort-named entites to normalize
c317539 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Add initial validation method to test normalized file output
df69659 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Continue to improve use of the Normalizer interface
0f46061 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Add more normalize test cases using large application BOMs
ec76800 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Propagate the use of the Normalizer interface on more named Cdx types
73e3ad4 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Support sort of DependsOn slice
dcdf7f8 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Complete transition to uniformly using the Normalizer interface
2e95661 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Support Normalizer interface for all Formulation data types
51b42f9 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Support Normalizer interface for all Formulation data types
34a1fa4 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Support Normalizer interface for LicenseChoice
4a1f7ce 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Support Normalizer interface for Vulnerability
5f61da9 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Support Normalizer interface for Compositions slice and struct
fcdfc85 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Support full normalization of the Vulnerability structure and all its…
575dbdf 
… child elements

Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Support full normalization of the Vulnerability structure and all its…
19017ba 
… child elements

Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Organize Formulation normalization into separate files
352ccfd 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Support full normalization of the Vulnerability structure and all its…
9a70f8e 
… child elements

Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Support full normalization of the Vulnerability structure and all its…
5b5bce9 
… child elements

Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Handle Diff command if normalized files still cause underyling panics
9c51b85 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Add vulnerability Diff tests
3b6dd80 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
remove temp test files
6efa4eb 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows mrutkows changed the title Sort CycloneDX BOM top-level arrays before diff Support --mormalize flag (sort+) for most CycloneDX BOM structures Apr 24, 2024
@mrutkows mrutkows changed the title Support --mormalize flag (sort+) for most CycloneDX BOM structures Support --normalize flag (sort+) for most CycloneDX BOM structures Apr 24, 2024
@mrutkows mrutkows changed the title Support --normalize flag (sort+) for most CycloneDX BOM structures Support --normalize flag (sort+) for CycloneDX BOM on Trim command output Apr 24, 2024
@mrutkows mrutkows self-assigned this Apr 24, 2024
@mrutkows
Copy link
Contributor Author

Please note that using BOMRef as an identifier for normalization is NOT correct as different iterations of BOMs generated by tools create random UIDs for many components.

mrutkows added 8 commits April 25, 2024 15:03
@mrutkows
Renamed HashXXX functions to HashmapXXX to reflect what is actually h…
375fa3a 
…appening

Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Abstract out BOMRef comparator
b3ca980 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Do not use bom-ref for normalization if it us a UUID
68cfb58 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Fix some minor bugs in resource list command formatting
59c969d 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Add Trim --normalize flag example with new testcase to README
2eaaf85 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Add Trim --normalize flag example with new testcase to README
de7d247 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Adjust normative order of fields for Component and Service based-upon…
9f79b10 
… required or composite keys

Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows
Add extra advice on diff panic to use trim and normalize
9e8b781 
Signed-off-by: Matt Rutkowski <[email protected]>
@mrutkows mrutkows marked this pull request as ready for review April 26, 2024 17:33
@mrutkows mrutkows merged commit 6064e7c into main Apr 26, 2024
6 checks passed
@mrutkows mrutkows deleted the list-policy branch April 26, 2024 17:33
@mrutkows mrutkows changed the title Support --normalize flag (sort+) for CycloneDX BOM on Trim command output Support --normalize flag (sort+) for CycloneDX BOM on trim command output May 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@mrutkows mrutkows

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mrutkows