feat: Generate SBOM for a single file #330
Open
+177
−43
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nightlark
force-pushed
the
single-file-sbom
branch
from
618c59e to
65aa392
Compare
nightlark
added a commit
that referenced
this pull request
Jan 28, 2025
nightlark
force-pushed
the
single-file-sbom
branch
from
65aa392 to
99b225e
Compare
nightlark
force-pushed
the
single-file-sbom
branch
from
99b225e to
d0caefe
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Enable users to generate an SBOM for a single file, without having to create a config file. If a file name ends with
.jsonit is treated as a specimen config file, rather than generating a single-file SBOM for the JSON file. To override this behavior, several prefixes can be prepended to the file path so the argument to Surfactant will be in the formprefix:filepath-- e.g.file:abc.json.The prefixes recognized are:
fileto force Surfactant to generate an SBOM from the single file given after the prefix. Likely only needed to generate a single file SBOM for a JSON file or a file whose name starts with one of the special prefixes as part of the file name, both of which should be rare. e.g.file:config:abc.xyzwould generate a single file SBOM for a file with the (odd) nameconfig:abc.xyzconfigto force Surfactant to treat the given file path as a Surfactant specimen config file. This should never be needed, unless a user decides to omit a.jsonfile extension for their Surfactant specimen config file names.dirto force Surfactant to treat the given file path as a specific directory to generate an SBOM for, with "implied" specimen config file settings (summarized below). This should only be needed if a directory has one of these special prefixes at the start of its name, which is very rare. e.g.dir:config:mydirectorywould generate an SBOM over the contents in a directory namedconfig:mydirectory.For generating a single file or single directory SBOM some assumptions are made for parameters that a specimen config file would usually contain:
extractPaths: the path given as an argument to SurfactantinstallPrefix: either the directory given as the argument to Surfactant, or the parent directory if the path given to Surfactant is for a single file SBOM; a relative path to a file will result in this being a relative path while an absolute path will result in this being the absolute path, which gives some control over the install paths present in the resulting SBOMResolves #126