SBOM import script

[swright-synopsys]

Script to import a given SPDX file and validate the components in the resulting SBOM. Any missing components will be added to the SBOM as needed. Any components not present in the KB will be added as a custom component.

usage: parse_spdx.py [-h] --base-url BASE_URL --token-file TOKEN_FILE
                     --spdx-file SPDX_FILE --out-file OUT_FILE --project
                     PROJECT_NAME --version VERSION_NAME
                     [--license LICENSE_NAME] [--no-verify]
                     [--no-spdx-validate]

[wangleo61]

That’s so cool.

Great job.

BR

Leo

On Nov 11, 2023, at 04:04, swright-synopsys @.***> wrote:

Script to import a given SPDX file and validate the components in the resulting SBOM. Any missing components will be added to the SBOM as needed. Any components not present in the KB will be added as a custom component.

usage: parse_spdx.py [-h] --base-url BASE_URL --token-file TOKEN_FILE --spdx-file SPDX_FILE --out-file OUT_FILE --project PROJECT_NAME --version VERSION_NAME [--license LICENSE_NAME] [--no-verify] [--no-spdx-validate]

---

You can view, comment on, or merge this pull request online at:

https://github.com/blackducksoftware/hub-rest-api-python/pull/254

Commit Summary

• 1f8c22dhttps://github.com/blackducksoftware/hub-rest-api-python/pull/254/commits/1f8c22d5a9d9bff734efbd88f981d6bdcf34ef02 Initial code for SPDX import/parse tool
• d9e788chttps://github.com/blackducksoftware/hub-rest-api-python/pull/254/commits/d9e788c8a045dac2d32a24f7a90df1839cfb08a3 - Start making more modular - added find_comp_in_bom
• 4392280https://github.com/blackducksoftware/hub-rest-api-python/pull/254/commits/4392280dd926c656ed99f0d17fda9d8875e5fb94 just print warnings from validation messages
• 9507969https://github.com/blackducksoftware/hub-rest-api-python/pull/254/commits/95079694fd19d255a5f0f688575eefbfed23d27b signficant refactoring, plus adding custom component lookup and add functionality. WIP.
• d13ae24https://github.com/blackducksoftware/hub-rest-api-python/pull/254/commits/d13ae2492d7a7296946b9ad76ec8e4d6e3fe249d tons of cleanup/bugfixes + add_to_sbom utility
• d832762https://github.com/blackducksoftware/hub-rest-api-python/pull/254/commits/d832762495a68ceabc8c8fa231d29347ab57d806 misc cleanup/bugfixes. make --license an optional arg that defaults to NOASSERTION
• 77046c8https://github.com/blackducksoftware/hub-rest-api-python/pull/254/commits/77046c8a67f753920cbd8a31407e033708a9d875 Add SPDX upload functionality and poll for successful scan. Tons of cleanup, assorted bugfixes, and comments.
• a84ed4ehttps://github.com/blackducksoftware/hub-rest-api-python/pull/254/commits/a84ed4eb45aa33ded89c71692d9ff07bfa3a8936 Debugging/cleanup/refactor. Add functionality to handle a situation where KB match was successful, but component was not located in BOM
• 678fb1ehttps://github.com/blackducksoftware/hub-rest-api-python/pull/254/commits/678fb1e3490c9bfb6ab3f702d35683131414edd1 note a situation that needs to get fixed in scan matching. added code to handle multiple ext refs more cleanly / non purl extrefs
• 28f3599https://github.com/blackducksoftware/hub-rest-api-python/pull/254/commits/28f3599ce493c76fcdcd265c08b4a756e328c67f minor formatting/whitespace fixup
• bf8d5fdhttps://github.com/blackducksoftware/hub-rest-api-python/pull/254/commits/bf8d5fd2e8361df44acc6645f18a89139f9ae71a Force custom components and comparisons to use all lowercase. Clean up some stray comments. Make a variable initialization cleaner. Improve some error messages
• 1fddbddhttps://github.com/blackducksoftware/hub-rest-api-python/pull/254/commits/1fddbdd0b86baf2b9071974df6cc8d5151e1b61e Clean up some error messages.
• 9ecb60fhttps://github.com/blackducksoftware/hub-rest-api-python/pull/254/commits/9ecb60facb8732d17d69fb5b47ff2ac853bad2d7 - add a secondary scan status function (possibly redundant)
• 023a764https://github.com/blackducksoftware/hub-rest-api-python/pull/254/commits/023a7644b6db0fc2e55e57ebd8718ee4f391c41c nuke some TODOs and remove unused function
• aa2af43https://github.com/blackducksoftware/hub-rest-api-python/pull/254/commits/aa2af4335e90d5541968b48453dbac0416508088 One more round of cleanup/refactor:
• abfc7e6https://github.com/blackducksoftware/hub-rest-api-python/pull/254/commits/abfc7e6dbdd3f3427168f11edf4105f220bef310 Bugfixes from testing:
• 4187620https://github.com/blackducksoftware/hub-rest-api-python/pull/254/commits/418762047007d605e69d004238e9087b1314e4ac checkpoint, saving improved scan detection code work in progress
• 2af0408https://github.com/blackducksoftware/hub-rest-api-python/pull/254/commits/2af04082941d135fcf8f47b2e0e43e625cbfad12 Improve detection of scan/BOM success. Clean up a few comments. Print package details for the case where a package name was empty.
• 3cad5d6https://github.com/blackducksoftware/hub-rest-api-python/pull/254/commits/3cad5d61e08107a229981f470395273b3a376944 Add more graceful HTTP response checks
• 8569896https://github.com/blackducksoftware/hub-rest-api-python/pull/254/commits/856989644aa10311559a1fdc21fa8835b0e620d5 skip blackduck-version extrefs
• 00cc421https://github.com/blackducksoftware/hub-rest-api-python/pull/254/commits/00cc4210892c165b00ed890d69acabf1df213795 updates to reflect API URL and parameter renaming
• 6182356https://github.com/blackducksoftware/hub-rest-api-python/pull/254/commits/618235682fa77a1dd0c07e500ea7208f7b5f99f2 make this modular:
• 2f6a8f9https://github.com/blackducksoftware/hub-rest-api-python/pull/254/commits/2f6a8f9a5ec3be5ccc6ef0d7a1f247a8e9a185f3 gracefully handle failure to locate scan info:
• 68291b1https://github.com/blackducksoftware/hub-rest-api-python/pull/254/commits/68291b16b74afe9f044d23935fb8ee1a0813b86d Add KB match on BD IDs
• 5a4b105https://github.com/blackducksoftware/hub-rest-api-python/pull/254/commits/5a4b1054c2549c54e56ce5ef01e3c647001a9260 - Handle BD component with no version
• 7942d15https://github.com/blackducksoftware/hub-rest-api-python/pull/254/commits/7942d1592a649b5f8e3ab320f6008601ac92a348 typo fix

File Changes

(1 filehttps://github.com/blackducksoftware/hub-rest-api-python/pull/254/files)

• A examples/client/parse_spdx.pyhttps://github.com/blackducksoftware/hub-rest-api-python/pull/254/files#diff-40bb2fc3939db0dd2e7d6224c3d33f58b527e260040a19213c014f69e0476bb5 (877)

Patch Links:

• https://github.com/blackducksoftware/hub-rest-api-python/pull/254.patch
• https://github.com/blackducksoftware/hub-rest-api-python/pull/254.diff

— Reply to this email directly, view it on GitHubhttps://github.com/blackducksoftware/hub-rest-api-python/pull/254, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AO5RA34YAOHRA4CA4XYRWLDYD2CFJAVCNFSM6AAAAAA7GUSY4GVHI2DSMVQWIX3LMV43ASLTON2WKOZRHE4DQMZRGA2DKMQ. You are receiving this because you are subscribed to this thread.Message ID: @.***>

[nichollsdave]

Approved - thanks Shane