Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Updating an existing SBOM? #308

javihernandez started this conversation in Ideas
Discussion options

First of all, thanks for providing such library. It works great, documentation is neat and saved our lives in the duty of tackling our approach to implement SBOM in the AlmaLinux Build System (from where we build AlmaLinux OS).

This is more a question rather than an issue and please, forgive me if it's a stupid question, but I'm pretty new to SBOM and I felt that before designing our workflow, it was worth asking here (maybe this is not even the right place to ask?).

So far, we're already generating SBOMs of some of the artifacts that the Build System creates. Since these artifacts can change over time, we were wondering what is the right approach to update an existing SBOM since I couldn't find anything relevant or any "good practices" on the subject. I tried to set the version field when generating a new BOM, but so far, it ends up being a new field called ersion.

Other than that, technically, it shouldn't be that difficult, we can store our generated SBOMs somewhere and then use these files to take the relevant serialNumber and increase the version manually, but still, we would like to know your thoughts on this.

Thanks again,
Javi
You must be logged in to vote

Replies: 1 comment 2 replies

Comment options

Updating and existing SBOM in JSON/XML format would start with reading ans SBOM, going through de-serializing and de-normalizing to having a SBOM data model that can be altered, so that this modified result can be put to JSON/XML later.
The described feature is powered by #185 - @madpah is working on this via #290 and it is planned to be part of release 4.0.0
You must be logged in to vote
2 replies
Comment options

Hi @jkowalleck,

and thanks for your quick response! I should have looked around a bit more before asking, but I guess your answer makes it crystal clear to anybody wondering the same as me. There's no rush on our side as we are now starting our work on SBOM generation.
I guess that, for now, I don't have any specific question about the upcoming changes on the library. I'll probably wait until they're ready and get back to you only in the case we still have questions/doubts about it.

Thanks!
Comment options

:-D feedback or discussions from downstream users of the library are highly appreciated.
Feel free to join the dedicated "#python" CycloneDX slack channel at : https://cyclonedx.org/slack/invite

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Ideas
Labels
None yet
Converted from issue

This discussion was converted from issue #307 on September 20, 2022 07:20.

AltStyle によって変換されたページ (->オリジナル) /