Skip to content

sbom: add S3 scanning, restore mandatory cbomkit-theia, rename cbom format#1651

Merged
ccwienk merged 1 commit into
masterfrom
feat/sbom-s3-scanning
Jun 26, 2026
Merged

sbom: add S3 scanning, restore mandatory cbomkit-theia, rename cbom format#1651
ccwienk merged 1 commit into
masterfrom
feat/sbom-s3-scanning

Conversation

@ccwienk

@ccwienk ccwienk commented Jun 26, 2026

Copy link
Copy Markdown
Member

Summary

  • Add S3-backed resource SBOM/CBOM scanning via sbom/inject.scan_s3_resource +
    build_s3_sbom_ocm_resources; downloads S3 objects using stdlib only (no boto3)
  • Restore check_cbomkit_theia() as a mandatory pre-flight check (reverts the
    try/except softening from the sbom-s3-scanning branch)
  • Rename cbom-format extraIdentity value cyclonedx-1.6cyclonedx-1.6+cbom
    (RFC 6838 structured-syntax suffix, aligns with CBOM_ARTIFACT_TYPE which uses
    profile=cbom)
  • Simplify upload.py _fmt_id: CBOM format value is now self-descriptive, no prefix needed
  • Wire inject_s3_sboms flag through ctt/process_dependencies.py

Test plan

  • ctt/test/process_deps_test.py — 11 tests pass (SBOM resource identity + format values)
  • test/sbom/upload_fmt_test.py — format ID and filename tests pass with new cbom-format value
  • CI (full suite)

@ccwienk
sbom: add S3 scanning, restore mandatory cbomkit-theia, rename cbom f…
ecf4759 
…ormat

- sbom/s3.py: S3 object download helper (stdlib only, no boto3)
- sbom/inject.py: add scan_s3_resource + build_s3_sbom_ocm_resources;
  restore check_cbomkit_theia() as mandatory; restore hard failure in
  scan_image (revert try/except softening)
- sbom/cbom.py, inject.py: rename cbom-format value cyclonedx-1.6 →
  cyclonedx-1.6+cbom (RFC 6838 structured-syntax suffix convention)
- upload.py: simplify _fmt_id — cbom-format value is now self-descriptive
- ctt/process_dependencies.py: call check_cbomkit_theia() pre-flight;
  wire inject_s3_sboms flag through to process_replication_plan_step
@gardener-prow

gardener-prow Bot commented Jun 26, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign ccwienk for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@gardener-prow gardener-prow Bot added do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jun 26, 2026
@ccwienk ccwienk removed the do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. label Jun 26, 2026
@ccwienk ccwienk merged commit 8d2b037 into master Jun 26, 2026
22 of 23 checks passed
@ccwienk ccwienk deleted the feat/sbom-s3-scanning branch June 26, 2026 07:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Michael5601 Michael5601 Awaiting requested review from Michael5601 Michael5601 is a code owner
@TuanAnh17N TuanAnh17N Awaiting requested review from TuanAnh17N TuanAnh17N is a code owner

Assignees

No one assigned

Labels

cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ccwienk