-
Type: Task
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
Server Security
-
Fully Compatible
-
Security 2024-05-13, Security 2024-05-27
- Translate BlackDuck BOM into CycloneDX (AKA SBOM Lite) stored in the repository as a one-time backfill.
- Set CycloneDX version to 1.5
- Pretty format the JSON representation
- Strip out BlackDuck properties arrays from all components
- Strip out "metadata.tools"
- Strip out "vulnerabilities"
- Ensure all PURLs are directed to Github
- Copy each component's team and scope from Server's attestations (item #2 above)
- After a successful transplant, the linter must be able to validate that all directories under src/third_party are covered by the CycloneDX SBOM.
- depends on
-
SERVER-89980 Ensure Black Duck correctness with the server (master)
- Closed
-
SERVER-89981 Create list describing owners for each component
- Closed
- is depended on by
-
SERVER-90122 Construct a CycloneDX document for 7.0
- Closed