UNCLASSIFIED - NO CUI

Skip to content

sbom parser, Parser and Package classes, subclasses

Tim Seagren requested to merge 564-parse-sbom-and-rerwite into master

Merge Request Description

This merge will reformat some of our work around defining SBOM parsers and packages, in addition to adding a new sbom_parser.py that @cmillerp1 created. It will also introduce a new stage called sbom-access-log (name pending feedback) that will parse the sbom created in the post-build stage and the access_log from the build stage. It currently does not do anything with the results.

Once discussion we should have is over my use of match, which was introduced in python 3.10 an seems to break black an pylama unless we update .gitlab-ci.yml for this repository. We may also not want to upgrade to such a new version of python if that will be majorly inconvenient.

UPDATE: Following discussions had during T/Th standup, we determined that we can hold off on merging this until after #563 (closed) is completed, which will now include an update to the version of python on-board the runner image to python 3.10.

Merge Request BOE

Risk

Access log and sbom parsing currently isn't being used for rebuild/rescan logic, but if the parser chokes because of a bug then the pipeline will die.

Rollback Plan

Revert MR

Testing

  • tested locally (touches almost everything) using real golang access_log, yum access_log, and real sbom-json.json SBOM
  • tested in staging - successful pipeline
Edited by Tim Seagren

Merge request reports