Closed CBeck-96 closed 2 weeks ago
github-actions[bot]
commented
1 month ago 
Coverage Report •
File Stmts Miss Cover Missing build_public_bom.py 63 0 100% auxiliary sbomFunctions.py 149 3 97% 68, 76, 153 TOTAL 1684 91 94%
| Tests | Skipped | Failures | Errors | Time |
|---|---|---|---|---|
| 297 | 2 :zzz: | 0 :x: | 0 :fire: | 4.968s :stopwatch: |
mmarseu
commented
3 weeks ago After including the compositions from #154, just for double-check, into my SBOM, where the
bom-refs are not used for any component, I made the observation that you delete thebom-refs.Looking at your code, you are using
list_of_componentsto get yourbom-refs and as they are not within thecomponentsof my SBOM you remove thebom-refs from #154 incomposition. This is definitely a "plausibility check", not something I would expect frombuild-public. Therefore, please change this behavior.Do you agree, @mmarseu? (Let's not talk about the irony that we just closed the PR #14 for plausibility check 😆)
Yes, I agree. build-public should strictly only delete bom-refs for deleted components
closes #154