Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revert "Added inline SBOM for binaries downloaded outside package manager #1164

Merged
merged 1 commit into from
Dec 11, 2023
Merged

Revert "Added inline SBOM for binaries downloaded outside package manager #1164

merged 1 commit into from
Dec 11, 2023

Conversation

LaurentGoderre
Copy link
Member

This reverts commit 6f4ae83.

This is now supported by the Syft Scanner

whalelines
whalelines reviewed Dec 11, 2023
View reviewed changes
Copy link

@whalelines whalelines left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want to remove the templating too?

Has that change been merged infor syft, released, scout updated, scout released, and the build updated to use the new version of scout SBOM indexer?

@LaurentGoderre
Copy link
Member Author

@whalelines I tested with version 1.2.2 of the scanner.

@whalelines
Copy link

That response does not seem to address all the questions.

  1. Do we want to remove the templating too?
  2. Has that change been merged into syft
  3. Has the updated version of syft been released?
  4. Has the scout-sbom-indexer been updated to the updated version of syft?
  5. Has the updated scout-sbom-indexer been released
  6. Has the build scout-sbom-indexer pin bee updated to use the updated scout-sbom-indexer?

You response may address 2–5 if the "scanner" you refer to is scout-sbom-indexer. 1 and 6 still need clarification.

@tianon
Copy link
Member

tianon commented Dec 11, 2023

(sorry, I also made a merge conflict by bringing in #1162 🙈)

@LaurentGoderre
Copy link
Member Author

  1. It's not removing templating, just a helper that only does SBOM for now.
  2. Scanner is pinned to sha256:c2c2236a08a5e4efdc0a983ffcf0971911d22ed5238db4be40dadb6078286c10 which yields:
{
        "SPDXID": "SPDXRef-Package-d8ec3db3016d597f6b5ae1762b17941a",
        "downloadLocation": "",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:generic/[email protected]?os_name=alpine\u0026os_version=3.18",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "licenseDeclared": "PostgreSQL",
        "name": "postgres",
        "originator": "NOASSERTION",
        "supplier": "NOASSERTION",
        "versionInfo": "16.1"
      },
      {
        "SPDXID": "SPDXRef-Package-d8e661289d7235557bdd9d4aa2446929",
        "downloadLocation": "",
        "externalRefs": [
          {
            "referenceCategory": "PACKAGE-MANAGER",
            "referenceLocator": "pkg:generic/[email protected]",
            "referenceType": "purl"
          }
        ],
        "filesAnalyzed": false,
        "licenseConcluded": "NOASSERTION",
        "name": "postgresql",
        "originator": "NOASSERTION",
        "supplier": "NOASSERTION",
        "versionInfo": "16.1"
      }

@LaurentGoderre
Copy link
Member Author

@tianon merge conflicts happens :)

@tianon tianon merged commit def0855 into docker-library:master Dec 11, 2023
32 checks passed
@LaurentGoderre LaurentGoderre deleted the remove-inline-sbom branch December 11, 2023 19:19
docker-library-bot added a commit to docker-library-bot/official-images that referenced this pull request Dec 11, 2023
@docker-library-bot
Update postgres
d2934e6 
Changes:

- docker-library/postgres@def0855: Merge pull request docker-library/postgres#1164 from LaurentGoderre/remove-inline-sbom
- docker-library/postgres@1d4651c: Revert "Added inline SBOM for binaries downloaded outside package manager"
- docker-library/postgres@d8c3360: Merge pull request docker-library/postgres#1162 from infosiftr/eol-11
- docker-library/postgres@3e5f87d: Remove PostgreSQL 11 since it is end of life
@tianon tianon mentioned this pull request Dec 11, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@whalelines whalelines whalelines left review comments

@tianon tianon tianon approved these changes

@yosifkit yosifkit Awaiting requested review from yosifkit

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@LaurentGoderre @whalelines @tianon