-
-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Record the rustc target platform into the SBOM #529
Conversation
Signed-off-by: Sergey "Shnatsel" Davidoff <[email protected]>
Signed-off-by: Sergey "Shnatsel" Davidoff <[email protected]>
…nsidered Signed-off-by: Sergey "Shnatsel" Davidoff <[email protected]>
Signed-off-by: Sergey "Shnatsel" Davidoff <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(didn't look at the code yet, just one question)
cargo-cyclonedx/src/generator.rs
Outdated
SingleTarget(target) => vec![Property::new("rustcTarget", &target)], | ||
AllTargets => all_known_targets() | ||
.into_iter() | ||
.map(|target| Property::new("rustcTarget", &target)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like the idea in general. Have you checked if there are any plans/standards/best practices for what this property could be called? Other tools must have the same idea/concept in general (e.g. Go/C/C++)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have not really checked for other uses of properties
(the free-form field), just skimmed the standardized fields of metadata
.
This encodes Rust target triples specifically, e.g. x86_64-unknown-linux-gnu
, so this is not going to be interoperable with anything else. Hence the use of properties
instead.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Understood. In that case, does it make sense to use a namespaced property instead?
https://github.com/CycloneDX/cyclonedx-property-taxonomy
https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx.md
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Found the property for Go: https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx/gomod.md
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, it does. Good point.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tried, tested, works etc.
Happy to approve in principle but I think I'd like to talk about the name of the property a bit first.
This is the first PR (I believe) to introduce a custom property so it'll be a bit more involved. The next one will be easier.
cargo-cyclonedx/src/generator.rs
Outdated
SingleTarget(target) => vec![Property::new("rustcTarget", &target)], | ||
AllTargets => all_known_targets() | ||
.into_iter() | ||
.map(|target| Property::new("rustcTarget", &target)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Understood. In that case, does it make sense to use a namespaced property instead?
https://github.com/CycloneDX/cyclonedx-property-taxonomy
https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx.md
Co-authored-by: Lars Francke <[email protected]> Signed-off-by: Sergey "Shnatsel" Davidoff <[email protected]>
f572613
to
7229bf9
Compare
Signed-off-by: Sergey "Shnatsel" Davidoff <[email protected]>
I think this is basically good to go, we just need to wait for the result of CycloneDX/cyclonedx-property-taxonomy#75 |
That property needs a fair bit of design work. We need to specify where it is legal for it to appear: on metadata only, or does it also appear on a |
I've opened CycloneDX/cyclonedx-property-taxonomy#78 upstream. Once that's merged, this PR will need to be reworked to match that schema. |
CycloneDX/cyclonedx-property-taxonomy#78 is merged, so it would be nice to revive this. |
Superseded by #762 |
Fixes #528