Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CycloneDX predicate #169

Merged
merged 1 commit into from
Jul 9, 2022
Merged

Add CycloneDX predicate #169

merged 1 commit into from
Jul 9, 2022

Conversation

puerco
Copy link
Contributor

@puerco puerco commented Jun 8, 2022

Fixes issue:

None

Description:

This PR adds CycloneDX as a recognized predicate type

Signed-off-by: Adolfo García Veytia (Puerco) [email protected]

Please verify and check that the pull request fulfills the following
requirements:

  • Tests have been added for the bug fix or new feature (NA)
  • Docs have been added for the bug fix or new feature (NA)

@puerco
Add CycloneDX predicate
4a7af4e 
This commit adds CycloneDX as a recognized predicate type

Signed-off-by: Adolfo García Veytia (Puerco) <[email protected]>
@puerco puerco force-pushed the cyclonedx-predicate branch from dc9c576 to 4a7af4e Compare June 8, 2022 18:18
@puerco puerco mentioned this pull request Jun 8, 2022
Merged
jdolitsky
jdolitsky reviewed Jun 8, 2022
View reviewed changes
in_toto/model.go
@@ -79,6 +79,8 @@ const (
// The SPDX mandates 'spdxVersion' field, so predicate type can omit
// version.
PredicateSPDX = "https://spdx.dev/Document"
// PredicateCycloneDX represents a CycloneDX SBOM
PredicateCycloneDX = "https://cyclonedx.org/schema"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reason for /schema vs. /Document (as in SPDX version)?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think Document in spdx tries to refer to a SPDX document somehow. I pointed the URL to where the CycloneDX schemas live to make it more in line with the other predicate URLs.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@SantiagoTorres
Copy link
Member

Bump here, I think things seem reasonable? @puerco @jdolitsky agreed?

@jdolitsky
Copy link

lgtm!

@SantiagoTorres SantiagoTorres merged commit fa494aa into in-toto:master Jul 9, 2022
@SantiagoTorres
Copy link
Member

Merging! sorry to the long RTT!

@masahiro331
Copy link

@puerco @jdolitsky

Thank you all for a lovely product!
I have one question.

"https://cyclonedx.org/schema" does not seem to be the URL of the document.
For example, this non-existent URL refers to the same page.

https://cyclonedx.org/schemaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

This URL may refer to the correct schema.
https://cyclonedx.org/docs/1.4/json/

However, the challenge is that currently, it is not possible to identify the version unless cyclonedx is parsed.

I consider the correct URL should be set as a specification.
I want to discuss this problem.

Apologies if this is out of place.

This was referenced Oct 17, 2022
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jdolitsky jdolitsky jdolitsky left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@puerco @SantiagoTorres @jdolitsky @masahiro331