The backend currently indexes the sboms by repo digests.
It currently has to look for it as a trivy-specific property inside the CycloneDX SBOM.
Having the field available in a dedicated field in SBOMPayload will make the process less dependent on potential future trivy changes.
What does this PR do?
Add a
repo_digestsfield to thesbommessage.Motivation
The backend currently indexes the sboms by repo digests. It currently has to look for it as a
trivy-specific property inside the CycloneDX SBOM. Having the field available in a dedicated field inSBOMPayloadwill make the process less dependent on potential future trivy changes.Additional Notes
Possible Drawbacks / Trade-offs
Describe how to test/QA your changes
Reviewer's Checklist
Reviewers: please see the review guidelines.