add ntia compliance report #286
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>
Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>
|
@viveksahu26 this does not look accurate to me. |
|
No, it's not yet completed. It's in process. I have simply added NTIA compliance readme fow now, code part is still left. |
|
Hey @riteshnoronha , can you go through this NTIA minimum elements compliance report readme and let me know what changes to be made. The recommended data-fields are there in the NTIA minimum elements report - on page 15, so that's why I have added. We can also mark it as optional field. Apart from that one thing I have noticed that the |
|
@riteshnoronha , any update here ? |
viveksahu26
force-pushed
the
feat_ntia_compliance_report
branch
from
764dab0
to
4240071
Compare
Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com> rename relation interface Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>
Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>
Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com> remove duplicate Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com> increase the visiblity of variables, interfaces, struct for reuse Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com> add pass test for ntia cdx as well as spdx part Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com> update readme ntia compliance for remaining ones Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com> fix alligment Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com> re-update readme Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com> re structure fields to ntia complaince report Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>
Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>
Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>
viveksahu26
force-pushed
the
feat_ntia_compliance_report
branch
from
0a6bd27
to
a089309
Compare
Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>
Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>
Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>
|
Hey @riteshnoronha, somewhat it's ready for review. Checkout this ntia compliance feature. And if changes let me know. |
Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>
Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>
Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>
riteshnoronha
requested changes
Sep 2, 2024
Compliance.md
Outdated
| | NTIA minimum elements | Section ID | NTIA Fields | CycloneDX |SPDX(2.3) | Notes | | ||
| | :--- | :--- |:--- | :--- | :--- | :--- | | ||
| | Automation Support | 1.1 | `Machine Readable Format` | BomFormat & data forrmat | SPDXversion & data forrmat | | | ||
| | SBOM Data Fields | 2.1 | `Author of the SBOM` | metadata->authors, metadata->supplier | creator | | |
There was a problem hiding this comment.
For SPDX it should be creator->Person, creator->organization or creator->tool
Compliance.md
Outdated
| | Automation Support | 1.1 | `Machine Readable Format` | BomFormat & data forrmat | SPDXversion & data forrmat | | | ||
| | SBOM Data Fields | 2.1 | `Author of the SBOM` | metadata->authors, metadata->supplier | creator | | | ||
| | | 2.2 | `Timestamp` | metadata->timestamp | created | | | ||
| | | 2.3 | `present` | | | all package elements | |
Compliance.md
Outdated
| | | 2.2 | `Timestamp` | metadata->timestamp | created | | | ||
| | | 2.3 | `present` | | | all package elements | | ||
| | Package Data Fields | 2.4 | `Package Name` | component->name | package->name | | | ||
| | | 2.5 | `Dependency Relationship` | dependencies, composition | relationships | | |
There was a problem hiding this comment.
Just dependencies here, composition is for depth.
Compliance.md
Outdated
| | | 2.5 | `Dependency Relationship` | dependencies, composition | relationships | | | ||
| | | 2.6 | `Supplier Name` | component->supplier | packageSupplier, packageOriginator | | | ||
| | | 2.7 | `Version of Component` | component->version | package->version | | | ||
| | | 2.8 | `Other Uniq IDs` | component->cpe, component->purl | DocumentNamespace, SPDXID | | |
There was a problem hiding this comment.
For SPDX it should also be cpe/purl
| @@ -66,3 +66,21 @@ The [OpenChain Telco](https://github.com/OpenChain-Project/Reference-Material/bl | |||
| | Timing of SBOM delivery | 3.6 | `SBOM delivery time` | delivery time | | | |||
| | Method of SBOM delivery | 3.7 | `SBOM delivery method` | delivery method | | | |||
| | SBOM Scope | 3.8 | `SBOM scope` | sbom scope | | | |||
|
|
|||
| ## NTIA minimum elements: SBOM Requirements for NTIA | |||
There was a problem hiding this comment.
We should also denotes field which are mandatory vs optional with an *
Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>
Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>
Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>
Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>
Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>
Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>
Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>
Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>
viveksahu26
force-pushed
the
feat_ntia_compliance_report
branch
from
029b692
to
567737e
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
closes: #242
This PR will add NTIA minimum element compliance report. For now I have only updated README for NTIA minimum element compliance report.