sbom parser, Parser and Package classes, subclasses
Merge Request Description
This merge will reformat some of our work around defining SBOM parsers and packages, in addition to adding a new sbom_parser.py that @cmillerp1 created. It will also introduce a new stage called sbom-access-log (name pending feedback) that will parse the sbom created in the post-build stage and the access_log from the build stage. It currently does not do anything with the results.
Once discussion we should have is over my use of match, which was introduced in python 3.10 an seems to break black an pylama unless we update .gitlab-ci.yml for this repository. We may also not want to upgrade to such a new version of python if that will be majorly inconvenient.
UPDATE: Following discussions had during T/Th standup, we determined that we can hold off on merging this until after #563 (closed) is completed, which will now include an update to the version of python on-board the runner image to python 3.10.
Merge Request BOE
Risk
Access log and sbom parsing currently isn't being used for rebuild/rescan logic, but if the parser chokes because of a bug then the pipeline will die.
Rollback Plan
Revert MR
Testing
-
tested locally (touches almost everything) using real golang access_log, yumaccess_log, and realsbom-json.jsonSBOM -
tested in staging - successful pipeline