Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-89983

Translate BlackDuck BOM into CycloneDX

    • Server Security
    • Fully Compatible
    • Security 2024-05-13, Security 2024-05-27

      • Translate BlackDuck BOM into CycloneDX (AKA SBOM Lite) stored in the repository as a one-time backfill.
      • Set CycloneDX version to 1.5
      • Pretty format the JSON representation
      • Strip out BlackDuck properties arrays from all components
      • Strip out "metadata.tools"
      • Strip out "vulnerabilities"
      • Ensure all PURLs are directed to Github
      • Copy each component's team and scope from Server's attestations (item #2 above)
      • After a successful transplant, the linter must be able to validate that all directories under src/third_party are covered by the CycloneDX SBOM.

            Assignee:
            adrian.gonzalez@mongodb.com Adrian Gonzalez Montemayor
            Reporter:
            adrian.gonzalez@mongodb.com Adrian Gonzalez Montemayor
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: