Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(SBOMER-225): Adjust bom-ref for container image manifests #1012

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

vibe13
Copy link
Contributor

@vibe13 vibe13 commented Dec 1, 2024

No description provided.

@vibe13 vibe13 requested a review from goldmann December 1, 2024 21:47
@goldmann
Copy link
Contributor

goldmann commented Dec 3, 2024

I think the problem with this approach is that it will get out of sync after the DefaultProcessor is run. In most cases we will update the purl to the new value, but bom-ref will stay as it is.

At the end of the day we will suggest that it is a purl, but in fact it isn't, because a purl of this value will not exist anymore.

@goldmann
Copy link
Contributor

goldmann commented Dec 3, 2024

I like to think of bom-ref as an identifier in the database sense, a random string. I know you don't agree with it, so we can use purl, but it needs to be consistent if we decide to do it this way.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants