Add CycloneDX read SBOM hook implementation #221

mws180000 · 2024-06-18T17:47:15Z

Latest working draft of the CycloneDX input SBOM hook.

This includes adding any vulnerabilities from the CycloneDX SBOM into the observations section of the CyTRICS SBOM
Change in mapping requirements: It turns out that a CycloneDX component can have nested subcomponents. Mapping these subcomponents to the components section of the CyTRICS software entry format would fit better than mapping the CycloneDX services section to the CyTRICS components section since CycloneDX services are it's won section in the SBOM (rather than being part of individual CycloneDX component entries)
Some CycloneDX-exclusive component data is currently added to the metadata section of the corresponding CyTRICS software entry, while the rest needs to be transformed into formats that are JSON-serializable

…RICS observations

for more information, see https://pre-commit.ci

…ations' of https://github.com/LLNL/Surfactant into CYT-615-Add-SPDX-and-CycloneDX-read_sbom-hook-implementations

for more information, see https://pre-commit.ci

…ations' of https://github.com/LLNL/Surfactant into CYT-615-Add-SPDX-and-CycloneDX-read_sbom-hook-implementations

for more information, see https://pre-commit.ci

…ations' of https://github.com/LLNL/Surfactant into CYT-615-Add-SPDX-and-CycloneDX-read_sbom-hook-implementations

…k-implementations

nightlark · 2024-08-20T19:36:59Z

In the CyTRICS schema working group I was thinking that it would be nice to be able to track what CycloneDX/SPDX identifier is associated with software entries, which would enable SBOM conversion to preserve a stable identifier for a roundtrip conversion from CycloneDX -> CyTRICS/internal -> CycloneDX. https://cyclonedx.org/capabilities/bomlink/ has an example of what a full ref looks like.

…RICS observations

for more information, see https://pre-commit.ci

…k-implementations

github-actions · 2025-08-26T19:36:07Z

🧪 SBOM Results (15/15)

❗️ mach_o_dylib_test_no1 (Link)

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 127, in generate_sbom_string
    ctx.invoke(
  File "/opt/hostedtoolcache/Python/3.10.18/x64/lib/python3.10/site-packages/click/core.py", line 814, in invoke
    return callback(*args, **kwargs)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/cmd/generate.py", line 303, in sbom
    new_sbom = input_reader.read_sbom(input_sbom)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/input_readers/cytrics_reader.py", line 14, in read_sbom
    return SBOM.from_json(infile.read())
AttributeError: 'Sentinel' object has no attribute 'read'

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 251, in test_gha
    new_data["sbom"] = generate_sbom_string(
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 133, in generate_sbom_string
    raise RuntimeError(f"Failed to invoke SBOM generation: {e}") from e
RuntimeError: Failed to invoke SBOM generation: 'Sentinel' object has no attribute 'read'

❗️ sample_sboms (Link)

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 127, in generate_sbom_string
    ctx.invoke(
  File "/opt/hostedtoolcache/Python/3.10.18/x64/lib/python3.10/site-packages/click/core.py", line 814, in invoke
    return callback(*args, **kwargs)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/cmd/generate.py", line 303, in sbom
    new_sbom = input_reader.read_sbom(input_sbom)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/input_readers/cytrics_reader.py", line 14, in read_sbom
    return SBOM.from_json(infile.read())
AttributeError: 'Sentinel' object has no attribute 'read'

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 251, in test_gha
    new_data["sbom"] = generate_sbom_string(
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 133, in generate_sbom_string
    raise RuntimeError(f"Failed to invoke SBOM generation: {e}") from e
RuntimeError: Failed to invoke SBOM generation: 'Sentinel' object has no attribute 'read'

❗️ Windows_dll_test_no1 (Link)

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 127, in generate_sbom_string
    ctx.invoke(
  File "/opt/hostedtoolcache/Python/3.10.18/x64/lib/python3.10/site-packages/click/core.py", line 814, in invoke
    return callback(*args, **kwargs)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/cmd/generate.py", line 303, in sbom
    new_sbom = input_reader.read_sbom(input_sbom)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/input_readers/cytrics_reader.py", line 14, in read_sbom
    return SBOM.from_json(infile.read())
AttributeError: 'Sentinel' object has no attribute 'read'

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 251, in test_gha
    new_data["sbom"] = generate_sbom_string(
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 133, in generate_sbom_string
    raise RuntimeError(f"Failed to invoke SBOM generation: {e}") from e
RuntimeError: Failed to invoke SBOM generation: 'Sentinel' object has no attribute 'read'

❗️ uimage_files (Link)

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 127, in generate_sbom_string
    ctx.invoke(
  File "/opt/hostedtoolcache/Python/3.10.18/x64/lib/python3.10/site-packages/click/core.py", line 814, in invoke
    return callback(*args, **kwargs)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/cmd/generate.py", line 303, in sbom
    new_sbom = input_reader.read_sbom(input_sbom)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/input_readers/cytrics_reader.py", line 14, in read_sbom
    return SBOM.from_json(infile.read())
AttributeError: 'Sentinel' object has no attribute 'read'

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 251, in test_gha
    new_data["sbom"] = generate_sbom_string(
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 133, in generate_sbom_string
    raise RuntimeError(f"Failed to invoke SBOM generation: {e}") from e
RuntimeError: Failed to invoke SBOM generation: 'Sentinel' object has no attribute 'read'

❗️ NET_app_config_test_no1 (Link)

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 127, in generate_sbom_string
    ctx.invoke(
  File "/opt/hostedtoolcache/Python/3.10.18/x64/lib/python3.10/site-packages/click/core.py", line 814, in invoke
    return callback(*args, **kwargs)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/cmd/generate.py", line 303, in sbom
    new_sbom = input_reader.read_sbom(input_sbom)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/input_readers/cytrics_reader.py", line 14, in read_sbom
    return SBOM.from_json(infile.read())
AttributeError: 'Sentinel' object has no attribute 'read'

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 251, in test_gha
    new_data["sbom"] = generate_sbom_string(
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 133, in generate_sbom_string
    raise RuntimeError(f"Failed to invoke SBOM generation: {e}") from e
RuntimeError: Failed to invoke SBOM generation: 'Sentinel' object has no attribute 'read'

❗️ java_class_no1 (Link)

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 127, in generate_sbom_string
    ctx.invoke(
  File "/opt/hostedtoolcache/Python/3.10.18/x64/lib/python3.10/site-packages/click/core.py", line 814, in invoke
    return callback(*args, **kwargs)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/cmd/generate.py", line 303, in sbom
    new_sbom = input_reader.read_sbom(input_sbom)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/input_readers/cytrics_reader.py", line 14, in read_sbom
    return SBOM.from_json(infile.read())
AttributeError: 'Sentinel' object has no attribute 'read'

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 251, in test_gha
    new_data["sbom"] = generate_sbom_string(
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 133, in generate_sbom_string
    raise RuntimeError(f"Failed to invoke SBOM generation: {e}") from e
RuntimeError: Failed to invoke SBOM generation: 'Sentinel' object has no attribute 'read'

❗️ mac_os_dmg (Link)

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 127, in generate_sbom_string
    ctx.invoke(
  File "/opt/hostedtoolcache/Python/3.10.18/x64/lib/python3.10/site-packages/click/core.py", line 814, in invoke
    return callback(*args, **kwargs)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/cmd/generate.py", line 303, in sbom
    new_sbom = input_reader.read_sbom(input_sbom)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/input_readers/cytrics_reader.py", line 14, in read_sbom
    return SBOM.from_json(infile.read())
AttributeError: 'Sentinel' object has no attribute 'read'

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 251, in test_gha
    new_data["sbom"] = generate_sbom_string(
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 133, in generate_sbom_string
    raise RuntimeError(f"Failed to invoke SBOM generation: {e}") from e
RuntimeError: Failed to invoke SBOM generation: 'Sentinel' object has no attribute 'read'

❗️ cd_iso_files (Link)

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 127, in generate_sbom_string
    ctx.invoke(
  File "/opt/hostedtoolcache/Python/3.10.18/x64/lib/python3.10/site-packages/click/core.py", line 814, in invoke
    return callback(*args, **kwargs)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/cmd/generate.py", line 303, in sbom
    new_sbom = input_reader.read_sbom(input_sbom)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/input_readers/cytrics_reader.py", line 14, in read_sbom
    return SBOM.from_json(infile.read())
AttributeError: 'Sentinel' object has no attribute 'read'

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 251, in test_gha
    new_data["sbom"] = generate_sbom_string(
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 133, in generate_sbom_string
    raise RuntimeError(f"Failed to invoke SBOM generation: {e}") from e
RuntimeError: Failed to invoke SBOM generation: 'Sentinel' object has no attribute 'read'

❗️ ELF_shared_obj_test_no1 (Link)

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 127, in generate_sbom_string
    ctx.invoke(
  File "/opt/hostedtoolcache/Python/3.10.18/x64/lib/python3.10/site-packages/click/core.py", line 814, in invoke
    return callback(*args, **kwargs)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/cmd/generate.py", line 303, in sbom
    new_sbom = input_reader.read_sbom(input_sbom)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/input_readers/cytrics_reader.py", line 14, in read_sbom
    return SBOM.from_json(infile.read())
AttributeError: 'Sentinel' object has no attribute 'read'

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 251, in test_gha
    new_data["sbom"] = generate_sbom_string(
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 133, in generate_sbom_string
    raise RuntimeError(f"Failed to invoke SBOM generation: {e}") from e
RuntimeError: Failed to invoke SBOM generation: 'Sentinel' object has no attribute 'read'

❗️ msitest_no1 (Link)

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 127, in generate_sbom_string
    ctx.invoke(
  File "/opt/hostedtoolcache/Python/3.10.18/x64/lib/python3.10/site-packages/click/core.py", line 814, in invoke
    return callback(*args, **kwargs)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/cmd/generate.py", line 303, in sbom
    new_sbom = input_reader.read_sbom(input_sbom)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/input_readers/cytrics_reader.py", line 14, in read_sbom
    return SBOM.from_json(infile.read())
AttributeError: 'Sentinel' object has no attribute 'read'

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 251, in test_gha
    new_data["sbom"] = generate_sbom_string(
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 133, in generate_sbom_string
    raise RuntimeError(f"Failed to invoke SBOM generation: {e}") from e
RuntimeError: Failed to invoke SBOM generation: 'Sentinel' object has no attribute 'read'

❗️ srectest_no1 (Link)

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 127, in generate_sbom_string
    ctx.invoke(
  File "/opt/hostedtoolcache/Python/3.10.18/x64/lib/python3.10/site-packages/click/core.py", line 814, in invoke
    return callback(*args, **kwargs)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/cmd/generate.py", line 303, in sbom
    new_sbom = input_reader.read_sbom(input_sbom)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/input_readers/cytrics_reader.py", line 14, in read_sbom
    return SBOM.from_json(infile.read())
AttributeError: 'Sentinel' object has no attribute 'read'

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 251, in test_gha
    new_data["sbom"] = generate_sbom_string(
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 133, in generate_sbom_string
    raise RuntimeError(f"Failed to invoke SBOM generation: {e}") from e
RuntimeError: Failed to invoke SBOM generation: 'Sentinel' object has no attribute 'read'

❗️ a_out_files (Link)

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 127, in generate_sbom_string
    ctx.invoke(
  File "/opt/hostedtoolcache/Python/3.10.18/x64/lib/python3.10/site-packages/click/core.py", line 814, in invoke
    return callback(*args, **kwargs)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/cmd/generate.py", line 303, in sbom
    new_sbom = input_reader.read_sbom(input_sbom)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/input_readers/cytrics_reader.py", line 14, in read_sbom
    return SBOM.from_json(infile.read())
AttributeError: 'Sentinel' object has no attribute 'read'

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 251, in test_gha
    new_data["sbom"] = generate_sbom_string(
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 133, in generate_sbom_string
    raise RuntimeError(f"Failed to invoke SBOM generation: {e}") from e
RuntimeError: Failed to invoke SBOM generation: 'Sentinel' object has no attribute 'read'

❗️ zstandard (Link)

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 127, in generate_sbom_string
    ctx.invoke(
  File "/opt/hostedtoolcache/Python/3.10.18/x64/lib/python3.10/site-packages/click/core.py", line 814, in invoke
    return callback(*args, **kwargs)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/cmd/generate.py", line 303, in sbom
    new_sbom = input_reader.read_sbom(input_sbom)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/input_readers/cytrics_reader.py", line 14, in read_sbom
    return SBOM.from_json(infile.read())
AttributeError: 'Sentinel' object has no attribute 'read'

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 251, in test_gha
    new_data["sbom"] = generate_sbom_string(
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 133, in generate_sbom_string
    raise RuntimeError(f"Failed to invoke SBOM generation: {e}") from e
RuntimeError: Failed to invoke SBOM generation: 'Sentinel' object has no attribute 'read'

❗️ coff_files (Link)

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 127, in generate_sbom_string
    ctx.invoke(
  File "/opt/hostedtoolcache/Python/3.10.18/x64/lib/python3.10/site-packages/click/core.py", line 814, in invoke
    return callback(*args, **kwargs)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/cmd/generate.py", line 303, in sbom
    new_sbom = input_reader.read_sbom(input_sbom)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/input_readers/cytrics_reader.py", line 14, in read_sbom
    return SBOM.from_json(infile.read())
AttributeError: 'Sentinel' object has no attribute 'read'

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 251, in test_gha
    new_data["sbom"] = generate_sbom_string(
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 133, in generate_sbom_string
    raise RuntimeError(f"Failed to invoke SBOM generation: {e}") from e
RuntimeError: Failed to invoke SBOM generation: 'Sentinel' object has no attribute 'read'

❗️ cpio_files (Link)

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 127, in generate_sbom_string
    ctx.invoke(
  File "/opt/hostedtoolcache/Python/3.10.18/x64/lib/python3.10/site-packages/click/core.py", line 814, in invoke
    return callback(*args, **kwargs)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/cmd/generate.py", line 303, in sbom
    new_sbom = input_reader.read_sbom(input_sbom)
  File "/home/runner/work/Surfactant/Surfactant/surfactant/input_readers/cytrics_reader.py", line 14, in read_sbom
    return SBOM.from_json(infile.read())
AttributeError: 'Sentinel' object has no attribute 'read'

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 251, in test_gha
    new_data["sbom"] = generate_sbom_string(
  File "/home/runner/work/Surfactant/Surfactant/scripts/regressions.py", line 133, in generate_sbom_string
    raise RuntimeError(f"Failed to invoke SBOM generation: {e}") from e
RuntimeError: Failed to invoke SBOM generation: 'Sentinel' object has no attribute 'read'

_{For commit bd2893e (Run 18302866834)}
_{Compared against commit bb99f5d (Run 18290057572)}
_{⚠️ Requested SHA f2e17da did not have a matching run. Used bb99f5d instead.}

wangmot · 2025-10-07T05:31:01Z

cyclonedx_reader.py script is not finished yet and is still a bit rough. Most cyclonedx fields in the components section are mapped out with comments and some example extraction code. Cyclonedx's services section and vulnerabilities section still need mapping. There are some obscure fields in the cyclonedx format that may not be completely necessary to be mapped so up to the dev's discretion.

Some notes:
-Ran into some serialization issues with objects
-script needs more testing with sample cyclonedx SBOMs with as many fields as possible
-code could be refactored for readability and reusability (ex. helper functions)

mws180000 and others added 7 commits June 10, 2024 15:04

committing current progress before rebase

2a5c0cf

rebase

1e95558

First draft of the CycloneDX reader hook

12333fd

Deleting old file

0348efb

Added support for converting CycloneDX vulnerability entries into CyT…

62ba77f

…RICS observations

Made adding metadata more stable for now

211741a

Updated metadata section

363211e

mws180000 requested a review from nightlark June 18, 2024 17:47

[pre-commit.ci] auto fixes from pre-commit.com hooks

2458f38

for more information, see https://pre-commit.ci

nightlark added a commit that referenced this pull request Jun 18, 2024

Fix hashlib.md5 error with FIPS-compliant OpenSSL builds (#221)

e62a5e9

mws180000 and others added 3 commits June 18, 2024 13:06

pre-commit fixes

4b17149

Merge branch 'CYT-615-Add-SPDX-and-CycloneDX-read_sbom-hook-implement…

b0fe6b4

…ations' of https://github.com/LLNL/Surfactant into CYT-615-Add-SPDX-and-CycloneDX-read_sbom-hook-implementations

[pre-commit.ci] auto fixes from pre-commit.com hooks

597d63d

for more information, see https://pre-commit.ci

nightlark added a commit that referenced this pull request Jun 18, 2024

Fix hashlib.md5 error with FIPS-compliant OpenSSL builds (#221)

5e4a0dc

mws180000 and others added 8 commits June 18, 2024 13:24

pre-commit fix

1edf207

Merge branch 'CYT-615-Add-SPDX-and-CycloneDX-read_sbom-hook-implement…

9cebe25

…ations' of https://github.com/LLNL/Surfactant into CYT-615-Add-SPDX-and-CycloneDX-read_sbom-hook-implementations

precommit-fix

fe86711

pre-commit fixes

ae4f5c1

[pre-commit.ci] auto fixes from pre-commit.com hooks

1177c0c

for more information, see https://pre-commit.ci

pre-commit fix

07a6c6a

Merge branch 'CYT-615-Add-SPDX-and-CycloneDX-read_sbom-hook-implement…

291abcb

…ations' of https://github.com/LLNL/Surfactant into CYT-615-Add-SPDX-and-CycloneDX-read_sbom-hook-implementations

Merge branch 'main' into CYT-615-Add-SPDX-and-CycloneDX-read_sbom-hoo…

8251d4b

…k-implementations

nightlark requested a review from theStache July 22, 2024 20:13

nightlark added a commit that referenced this pull request Jul 30, 2024

Fix hashlib.md5 error with FIPS-compliant OpenSSL builds (#221)

6d6fbe9

nightlark mentioned this pull request Aug 20, 2024

Merge throws an error with CycloneDX #243

Open

mws180000 and others added 4 commits March 3, 2025 11:54

committing current progress before rebase

0fce961

rebase

1d3f7d3

First draft of the CycloneDX reader hook

03de3ea

Deleting old file

6238a3f

mws180000 and others added 13 commits March 3, 2025 11:54

Added support for converting CycloneDX vulnerability entries into CyT…

c7f4419

…RICS observations

Made adding metadata more stable for now

b239b97

Updated metadata section

4f3e4d2

pre-commit fixes

b8ae21f

[pre-commit.ci] auto fixes from pre-commit.com hooks

8edd714

for more information, see https://pre-commit.ci

pre-commit fix

5266565

[pre-commit.ci] auto fixes from pre-commit.com hooks

ff03a32

for more information, see https://pre-commit.ci

precommit-fix

92455be

pre-commit fixes

97d1fc2

pre-commit fix

7e11df3

[pre-commit.ci] auto fixes from pre-commit.com hooks

0a734f6

for more information, see https://pre-commit.ci

merge

6a70a7e

[pre-commit.ci] auto fixes from pre-commit.com hooks

4832ea2

for more information, see https://pre-commit.ci

nightlark added the enhancement New feature or request label Apr 29, 2025

nightlark changed the title ~~Cyt 615 add spdx and cyclone dx read SBOM hook implementations~~ Cyt 615 add cyclone dx read SBOM hook implementation Aug 26, 2025

nightlark changed the title ~~Cyt 615 add cyclone dx read SBOM hook implementation~~ Add CycloneDX read SBOM hook implementation Aug 26, 2025

Merge branch 'main' into CYT-615-Add-SPDX-and-CycloneDX-read_sbom-hoo…

f4593ad

…k-implementations

wangmot added 2 commits October 5, 2025 22:47

map cyclonedx fields to cytrics schema

ef2ecbc

mapping cyclonedx to cytrics schema

3b56619

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add CycloneDX read SBOM hook implementation #221

Add CycloneDX read SBOM hook implementation #221

mws180000 commented Jun 18, 2024

Uh oh!

nightlark commented Aug 20, 2024 •

edited

Loading

Uh oh!

github-actions bot commented Aug 26, 2025 •

edited

Loading

❗️ mach_o_dylib_test_no1 (Link)

❗️ sample_sboms (Link)

❗️ Windows_dll_test_no1 (Link)

❗️ uimage_files (Link)

❗️ NET_app_config_test_no1 (Link)

❗️ java_class_no1 (Link)

❗️ mac_os_dmg (Link)

❗️ cd_iso_files (Link)

❗️ ELF_shared_obj_test_no1 (Link)

❗️ msitest_no1 (Link)

❗️ srectest_no1 (Link)

❗️ a_out_files (Link)

❗️ zstandard (Link)

❗️ coff_files (Link)

❗️ cpio_files (Link)

Uh oh!

wangmot commented Oct 7, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Add CycloneDX read SBOM hook implementation #221

Are you sure you want to change the base?

Add CycloneDX read SBOM hook implementation #221

Conversation

mws180000 commented Jun 18, 2024

Uh oh!

nightlark commented Aug 20, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions bot commented Aug 26, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🧪 SBOM Results (15/15)

❗️ mach_o_dylib_test_no1 (Link)

❗️ sample_sboms (Link)

❗️ Windows_dll_test_no1 (Link)

❗️ uimage_files (Link)

❗️ NET_app_config_test_no1 (Link)

❗️ java_class_no1 (Link)

❗️ mac_os_dmg (Link)

❗️ cd_iso_files (Link)

❗️ ELF_shared_obj_test_no1 (Link)

❗️ msitest_no1 (Link)

❗️ srectest_no1 (Link)

❗️ a_out_files (Link)

❗️ zstandard (Link)

❗️ coff_files (Link)

❗️ cpio_files (Link)

Uh oh!

wangmot commented Oct 7, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

nightlark commented Aug 20, 2024 •

edited

Loading

github-actions bot commented Aug 26, 2025 •

edited

Loading

wangmot commented Oct 7, 2025 •

edited

Loading