Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added support for lifecycle and other args to server #1271

Merged
merged 2 commits into from
Jul 24, 2024
Merged

Added support for lifecycle and other args to server #1271

merged 2 commits into from
Jul 24, 2024

Conversation

prabhu
Copy link
Collaborator

@prabhu prabhu commented Jul 24, 2024
edited
Loading

Both of these query parameters are valid:

lifecycle=pre-build
installDeps=false

Tested with:

curl "http://127.0.0.1:9090/sbom?path=/Volumes/Work/sandbox/server-lifecycle&type=python&lifecycle=pre-build" > bom.json
curl "http://127.0.0.1:9090/sbom?path=/Volumes/Work/sandbox/server-lifecycle&type=python&installDeps=false" > bom.json

@prabhu prabhu requested a review from setchy as a code owner July 24, 2024 10:34
prabhu
prabhu commented Jul 24, 2024
View reviewed changes
server.js Show resolved Hide resolved
@potiuk
Copy link

potiuk commented Jul 24, 2024

Nice: 🙏

prabhu
prabhu commented Jul 24, 2024
View reviewed changes
lib/server/openapi.yaml
default: false
profile:
type: string
description: BOM profile to use for generation. Default generic. Choices are appsec, research.
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To support license-compliance, we need to move away from using environment variables.

@prabhu
Copy link
Collaborator Author

prabhu commented Jul 24, 2024

We definitely have a reproducibility bug for netty, where the SrcFile attributes are not getting collected correctly.

@prabhu
Copy link
Collaborator Author

prabhu commented Jul 24, 2024

@cerrussell simply rerunning the workflow is making the snapshot tests pass. I am suspecting that something related to sdkman is making things flaky.

@prabhu prabhu merged commit be4e4f4 into master Jul 24, 2024
25 checks passed
@prabhu prabhu deleted the feature/server-lifecycle branch July 24, 2024 12:38
@setchy setchy added the mode:server cdxgen used as server label Jul 24, 2024
@potiuk
Copy link

potiuk commented Jul 24, 2024

I can confirm that the latest release works with lifecycle=pre-build and speeds up our SBOM generation a LOT (from 6 minutes for 25 SBOM files down to ~2 minutes when running in parallel). And we don not have the nasty "build probably failed" messages any more :)

Thanks A LOT for that one.

@potiuk
Copy link

potiuk commented Jul 24, 2024

See apache/airflow#41015

@prabhu
Copy link
Collaborator Author

prabhu commented Jul 25, 2024

Thank you so much for your trust and support! Could you kindly blog about your experience, so that more people can learn about our project.

@potiuk
Copy link

potiuk commented Jul 25, 2024

Thank you so much for your trust and support! Could you kindly blog about your experience, so that more people can learn about our project.

I am working on an interesting security project with supply chain and yeah - I will add cdxgen to it (but this will ceme in ~ September)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@potiuk potiuk potiuk approved these changes

@setchy setchy Awaiting requested review from setchy

Assignees
No one assigned
Labels
mode:server cdxgen used as server
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@prabhu @potiuk @setchy