Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-93048

Add a validation in sbom linter to match the sbom component version with the import script version

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 8.1.0-rc0
    • Affects Version/s: None
    • Component/s: None
    • None
    • Server Security
    • Fully Compatible
    • Security 2024-08-05, Security 2024-08-19

      Third party libraries are checked for vulnerabilities with cycloneDX. https://github.com/10gen/mongo/blob/master/sbom.json is validated against bom-1.5.schema.json  before cycloneDX vulnerability check. sbom.json file may contain a version for a library/component.

      Third party libraries have import scripts (https://github.com/10gen/mongo/tree/master/src/third_party#readme) which may include a version.

       

      These two versions should be validated against each other in this ticket when possible.

            Assignee:
            niaz.pavel@mongodb.com Niaz Pavel (Inactive)
            Reporter:
            niaz.pavel@mongodb.com Niaz Pavel (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: