Thanks to visit codestin.com
Credit goes to github.com

Skip to content

add integration tests for validating CycloneDX output using cyclonedx-cli #1000

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
May 12, 2022
Merged

add integration tests for validating CycloneDX output using cyclonedx-cli #1000

merged 6 commits into from
May 12, 2022

Conversation

@spiffcs
Copy link
Contributor

@spiffcs spiffcs commented May 11, 2022

Summary

Syft currently has a way to validate generated SBOM against the CycloneDX v1.4 schema. This functionality can be found at syft/schema/cyclonedx. This check is manual at the moment and runs against ubuntu:latest. The image ubuntu:latest does not exercise the whole CycloneDX schema for validation.

This PR adds a test that is run during the CLI checks that leverages cyclonedx-cli to validate results.

Signed-off-by: Christopher Phillips [email protected]

spiffcs added 3 commits May 11, 2022 14:47
@spiffcs
add failing test for validating cyclonedx output
8cb89b3 
Signed-off-by: Christopher Phillips <[email protected]>
@spiffcs
failing test with assertions added
f517f76 
Signed-off-by: Christopher Phillips <[email protected]>
@spiffcs
update valid algorithm
d3fce42 
Signed-off-by: Christopher Phillips <[email protected]>
@spiffcs spiffcs requested review from a team and wagoodman May 11, 2022 21:44
@github-actions
Copy link

github-actions bot commented May 11, 2022
edited
Loading

Benchmark Test Results

Benchmark results from the latest changes vs base branch 
name                                                       old time/op    new time/op    delta
ImagePackageCatalogers/ruby-gemspec-cataloger-2              1.41ms ± 1%    1.15ms ± 1%  -18.05%  (p=0.008 n=5+5)
ImagePackageCatalogers/python-package-cataloger-2            3.38ms ± 2%    2.85ms ± 1%  -15.66%  (p=0.029 n=4+4)
ImagePackageCatalogers/php-composer-installed-cataloger-2    1.10ms ± 3%    0.94ms ± 1%  -14.58%  (p=0.008 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2         723µs ± 1%     626µs ± 1%  -13.42%  (p=0.008 n=5+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                     876µs ± 3%     748µs ± 1%  -14.67%  (p=0.008 n=5+5)
ImagePackageCatalogers/rpmdb-cataloger-2                      768µs ± 2%     660µs ± 1%  -14.12%  (p=0.008 n=5+5)
ImagePackageCatalogers/java-cataloger-2                      15.7ms ± 2%    13.3ms ± 2%  -15.22%  (p=0.008 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                     1.30ms ± 1%    1.06ms ± 1%  -18.42%  (p=0.008 n=5+5)
ImagePackageCatalogers/go-module-binary-cataloger-2          2.45µs ± 2%    2.03µs ± 1%  -17.17%  (p=0.008 n=5+5)
ImagePackageCatalogers/dotnet-deps-cataloger-2               1.48ms ± 5%    1.23ms ± 3%  -17.20%  (p=0.008 n=5+5)

name                                                       old alloc/op   new alloc/op   delta
ImagePackageCatalogers/ruby-gemspec-cataloger-2               184kB ± 0%     184kB ± 0%   +0.16%  (p=0.008 n=5+5)
ImagePackageCatalogers/python-package-cataloger-2             890kB ± 0%     889kB ± 0%     ~     (p=0.841 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2     195kB ± 0%     196kB ± 0%   +0.13%  (p=0.008 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2         140kB ± 0%     140kB ± 0%     ~     (p=0.548 n=5+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                     175kB ± 0%     175kB ± 0%     ~     (p=0.310 n=5+5)
ImagePackageCatalogers/rpmdb-cataloger-2                      163kB ± 0%     164kB ± 0%   +0.06%  (p=0.008 n=5+5)
ImagePackageCatalogers/java-cataloger-2                      3.28MB ± 0%    3.27MB ± 0%     ~     (p=0.222 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                     1.23MB ± 0%    1.23MB ± 0%   -0.04%  (p=0.008 n=5+5)
ImagePackageCatalogers/go-module-binary-cataloger-2            672B ± 0%      672B ± 0%     ~     (all equal)
ImagePackageCatalogers/dotnet-deps-cataloger-2                351kB ± 0%     351kB ± 0%   -0.12%  (p=0.008 n=5+5)

name                                                       old allocs/op  new allocs/op  delta
ImagePackageCatalogers/ruby-gemspec-cataloger-2               3.70k ± 0%     3.70k ± 0%     ~     (all equal)
ImagePackageCatalogers/python-package-cataloger-2             14.9k ± 0%     14.9k ± 0%     ~     (p=0.056 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2     4.98k ± 0%     4.98k ± 0%     ~     (p=0.095 n=5+4)
ImagePackageCatalogers/javascript-package-cataloger-2         2.76k ± 0%     2.76k ± 0%     ~     (p=0.238 n=4+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                     3.99k ± 0%     3.99k ± 0%     ~     (all equal)
ImagePackageCatalogers/rpmdb-cataloger-2                      4.06k ± 0%     4.06k ± 0%     ~     (all equal)
ImagePackageCatalogers/java-cataloger-2                       52.6k ± 0%     52.6k ± 0%     ~     (p=0.762 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                      4.87k ± 0%     4.87k ± 0%     ~     (all equal)
ImagePackageCatalogers/go-module-binary-cataloger-2            15.0 ± 0%      15.0 ± 0%     ~     (all equal)
ImagePackageCatalogers/dotnet-deps-cataloger-2                6.72k ± 0%     6.72k ± 0%     ~     (all equal)

@spiffcs spiffcs marked this pull request as draft May 11, 2022 22:40
@spiffcs
Merge branch 'main' into 995-invalidcyclonedx
0e89e5f 
* main:
  Fix potential race condition during event subscription (#993)
kzantow
kzantow approved these changes May 11, 2022
View reviewed changes
kzantow
kzantow reviewed May 12, 2022
View reviewed changes
spiffcs added 2 commits May 12, 2022 11:57
@spiffcs
update decode path to parse digest
71ec3a7 
Signed-off-by: Christopher Phillips <[email protected]>
@spiffcs
rename function and update expression
232c886 
Signed-off-by: Christopher Phillips <[email protected]>
@spiffcs spiffcs marked this pull request as ready for review May 12, 2022 16:00
@spiffcs
Copy link
Contributor Author

spiffcs commented May 12, 2022

Thanks @kzantow for the comments! If the tests pass here I'll merge it in.

@spiffcs spiffcs merged commit 03ee4fd into main May 12, 2022
@spiffcs spiffcs deleted the 995-invalidcyclonedx branch May 12, 2022 16:56
This was referenced May 12, 2022
Closed
Closed
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@spiffcs
add integration tests for validating CycloneDX output using cyclonedx…
4ce50ca 
…-cli (anchore#1000)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kzantow kzantow kzantow approved these changes

@wagoodman wagoodman Awaiting requested review from wagoodman

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@spiffcs @kzantow