Yarn 1.x: Generate SBOM Components #636
Labels
yarn
Pull requests/issues related to our yarn handling module
Milestone
Comments
taylormadore
added
the
yarn
slimreaper35
added a commit
to slimreaper35/cachi2
that referenced
this issue
Nov 18, 2024
After a successful pre-fetching of all packages, report all downloaded packages as components in the final SBOM. Create the `Component` object from each package based on package attributes. Dev packages should have `cdx:npm:package:development` property, that is added to the component if package is marked for development -> `dev` attribute is set to True. Move the rest of the unit test logic to `test_fetch_yarn_source` from its predecessor in yarn-berry implementation. closes containerbuildsystem#636 Signed-off-by: Michal Šoltis <[email protected]>
slimreaper35
added a commit
to slimreaper35/cachi2
that referenced
this issue
Nov 19, 2024
After a successful pre-fetching of all packages, report all downloaded packages as components in the final SBOM. Create the `Component` object from each package based on package attributes. Dev packages should have `cdx:npm:package:development` property, that is added to the component if package is marked for development -> `dev` attribute is set to True. closes containerbuildsystem#636 Signed-off-by: Michal Šoltis <[email protected]>
slimreaper35
added a commit
to slimreaper35/cachi2
that referenced
this issue
Nov 19, 2024
After a successful pre-fetching of all packages, report all downloaded packages as components in the final SBOM. Create the `Component` object from each package based on package attributes. Dev packages should have `cdx:npm:package:development` property, that is added to the component if package is marked for development -> `dev` attribute is set to True. closes containerbuildsystem#636 Signed-off-by: Michal Šoltis <[email protected]>
slimreaper35
added a commit
to slimreaper35/cachi2
that referenced
this issue
Nov 19, 2024
After a successful pre-fetching of all packages, report all downloaded packages as components in the final SBOM. Create the `Component` object from each package based on package attributes. Dev packages should have `cdx:npm:package:development` property, that is added to the component if package is marked for development -> `dev` attribute is set to True. Move the rest of the unit test logic to `test_fetch_yarn_source` from its predecessor in yarn-berry implementation. closes containerbuildsystem#636 Signed-off-by: Michal Šoltis <[email protected]>
slimreaper35
added a commit
to slimreaper35/cachi2
that referenced
this issue
Nov 19, 2024
After a successful pre-fetching of all packages, report all downloaded packages as components in the final SBOM. Create the `Component` object from each package based on package attributes. Dev packages should have `cdx:npm:package:development` property, that is added to the component if package is marked for development -> `dev` attribute is set to True. Move the rest of the unit test logic to `test_fetch_yarn_source` from its predecessor in yarn-berry implementation. closes containerbuildsystem#636 Signed-off-by: Michal Šoltis <[email protected]>
slimreaper35
added a commit
to slimreaper35/cachi2
that referenced
this issue
Nov 19, 2024
After a successful pre-fetching of all packages, report all downloaded packages as components in the final SBOM. Create the `Component` object from each package based on package attributes. Dev packages should have `cdx:npm:package:development` property, that is added to the component if package is marked for development -> `dev` attribute is set to True. Move the rest of the unit test logic to `test_fetch_yarn_source` from its predecessor in yarn-berry implementation. closes containerbuildsystem#636 Signed-off-by: Michal Šoltis <[email protected]>
slimreaper35
added a commit
to slimreaper35/cachi2
that referenced
this issue
Nov 22, 2024
After a successful pre-fetching of all packages, report all downloaded packages as components in the final SBOM. Create the `Component` object from each package based on package attributes. Dev packages should have `cdx:npm:package:development` property, that is added to the component if package is marked for development -> `dev` attribute is set to True. Move the rest of the unit test logic to `test_fetch_yarn_source` from its predecessor in yarn-berry implementation. closes containerbuildsystem#636 Signed-off-by: Michal Šoltis <[email protected]>
slimreaper35
added a commit
to slimreaper35/cachi2
that referenced
this issue
Dec 3, 2024
After a successful pre-fetching of all packages, report all downloaded packages as components in the final SBOM. Create the `Component` object from each package based on package attributes. Dev packages should have `cdx:npm:package:development` property, that is added to the component if package is marked for development -> `dev` attribute is set to True. Move the rest of the unit test logic to `test_fetch_yarn_source` from its predecessor in yarn-berry implementation. closes containerbuildsystem#636 Signed-off-by: Michal Šoltis <[email protected]>
slimreaper35
added a commit
to slimreaper35/cachi2
that referenced
this issue
Dec 4, 2024
After a successful pre-fetching of all packages, report all downloaded packages as components in the final SBOM. Create the `Component` object from each package based on package attributes. Dev packages should have `cdx:npm:package:development` property, that is added to the component if package is marked for development -> `dev` attribute is set to True. Move the rest of the unit test logic to `test_fetch_yarn_source` from its predecessor in yarn-berry implementation. closes containerbuildsystem#636 Signed-off-by: Michal Šoltis <[email protected]>
slimreaper35
added a commit
to slimreaper35/cachi2
that referenced
this issue
Dec 9, 2024
After a successful pre-fetching of all packages, report all downloaded packages as components in the final SBOM. Create the `Component` object from each package based on package attributes. Dev packages should have `cdx:npm:package:development` property, that is added to the component if package is marked for development -> `dev` attribute is set to True. Move the rest of the unit test logic to `test_fetch_yarn_source` from its predecessor in yarn-berry implementation. closes containerbuildsystem#636 Signed-off-by: Michal Šoltis <[email protected]>
slimreaper35
added a commit
to slimreaper35/cachi2
that referenced
this issue
Dec 11, 2024
After a successful pre-fetching of all packages, report all downloaded packages as components in the final SBOM. Create the `Component` object from each package based on package attributes. Dev packages should have `cdx:npm:package:development` property, that is added to the component if package is marked for development -> `dev` attribute is set to True. Move the rest of the unit test logic to `test_fetch_yarn_source` from its predecessor in yarn-berry implementation. closes containerbuildsystem#636 Signed-off-by: Michal Šoltis <[email protected]>
slimreaper35
added a commit
to slimreaper35/cachi2
that referenced
this issue
Dec 12, 2024
After a successful pre-fetching of all packages, report all downloaded packages as components in the final SBOM. Create the `Component` object from each package based on package attributes. Dev packages should have `cdx:npm:package:development` property, that is added to the component if package is marked for development -> `dev` attribute is set to True. Move the rest of the unit test logic to `test_fetch_yarn_source` from its predecessor in yarn-berry implementation. closes containerbuildsystem#636 Signed-off-by: Michal Šoltis <[email protected]>
slimreaper35
added a commit
to slimreaper35/cachi2
that referenced
this issue
Dec 12, 2024
After a successful pre-fetching of all packages, report all downloaded packages as components in the final SBOM. Create the `Component` object from each package based on package attributes. Dev packages should have `cdx:npm:package:development` property, that is added to the component if package is marked for development -> `dev` attribute is set to True. Move the rest of the unit test logic to `test_fetch_yarn_source` from its predecessor in yarn-berry implementation. closes containerbuildsystem#636 Signed-off-by: Michal Šoltis <[email protected]>
slimreaper35
added a commit
to slimreaper35/cachi2
that referenced
this issue
Dec 13, 2024
After a successful pre-fetching of all packages, report all downloaded packages as components in the final SBOM. Create the `Component` object from each package based on package attributes. Dev packages should have `cdx:npm:package:development` property, that is added to the component if package is marked for development -> `dev` attribute is set to True. Move the rest of the unit test logic to `test_fetch_yarn_source` from its predecessor in yarn-berry implementation. closes containerbuildsystem#636 Signed-off-by: Michal Šoltis <[email protected]>
slimreaper35
added a commit
to slimreaper35/cachi2
that referenced
this issue
Dec 13, 2024
After a successful pre-fetching of all packages, report all downloaded packages as components in the final SBOM. Create the `Component` object from each package based on package attributes. Dev packages should have `cdx:npm:package:development` property, that is added to the component if package is marked for development -> `dev` attribute is set to True. Move the rest of the unit test logic to `test_fetch_yarn_source` from its predecessor in yarn-berry implementation. closes containerbuildsystem#636 Signed-off-by: Michal Šoltis <[email protected]>
slimreaper35
added a commit
to slimreaper35/cachi2
that referenced
this issue
Dec 13, 2024
After a successful pre-fetching of all packages, report all downloaded packages as components in the final SBOM. Create the `Component` object from each package based on package attributes. Dev packages should have `cdx:npm:package:development` property, that is added to the component if package is marked for development -> `dev` attribute is set to True. Move the rest of the unit test logic to `test_fetch_yarn_source` from its predecessor in yarn-berry implementation. closes containerbuildsystem#636 Signed-off-by: Michal Šoltis <[email protected]>
slimreaper35
added a commit
to slimreaper35/cachi2
that referenced
this issue
Dec 13, 2024
After a successful pre-fetching of all packages, report all downloaded packages as components in the final SBOM. Create the `Component` object from each package based on package attributes. Dev packages should have `cdx:npm:package:development` property, that is added to the component if package is marked for development -> `dev` attribute is set to True. Move the rest of the unit test logic to `test_fetch_yarn_source` from its predecessor in yarn-berry implementation. closes containerbuildsystem#636 Signed-off-by: Michal Šoltis <[email protected]>
slimreaper35
added a commit
to slimreaper35/cachi2
that referenced
this issue
Dec 16, 2024
After a successful pre-fetching of all packages, report all downloaded packages as components in the final SBOM. Create the `Component` object from each package based on package attributes. Dev packages should have `cdx:npm:package:development` property, that is added to the component if package is marked for development -> `dev` attribute is set to True. Move the rest of the unit test logic to `test_fetch_yarn_source` from its predecessor in yarn-berry implementation. closes containerbuildsystem#636 Signed-off-by: Michal Šoltis <[email protected]>
slimreaper35
added a commit
to slimreaper35/cachi2
that referenced
this issue
Dec 16, 2024
closes containerbuildsystem#631 closes containerbuildsystem#636 Signed-off-by: Michal Šoltis <[email protected]>
slimreaper35
added a commit
to slimreaper35/cachi2
that referenced
this issue
Dec 16, 2024
closes containerbuildsystem#631 closes containerbuildsystem#636 Signed-off-by: Michal Šoltis <[email protected]>
slimreaper35
added a commit
to slimreaper35/cachi2
that referenced
this issue
Dec 17, 2024
closes containerbuildsystem#631 closes containerbuildsystem#636 Signed-off-by: Michal Šoltis <[email protected]>
github-merge-queue bot
pushed a commit
that referenced
this issue
Dec 17, 2024
closes #631 closes #636 Signed-off-by: Michal Šoltis <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
After dependency metadata has been parsed from package.json and yarn.lock, this metadata should be used to create Components for the SBOM. These components should include accurate PURLs and properties denoting devDependencies and whether the component is missing hashes.
Acceptance Criteria
The text was updated successfully, but these errors were encountered: