Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Investigate missing suppliers on phase-1 keycloak #31

Open
idunbarh opened this issue Oct 1, 2024 · 1 comment
Open

Investigate missing suppliers on phase-1 keycloak #31

idunbarh opened this issue Oct 1, 2024 · 1 comment
Labels
enhancement New feature or request help wanted Extra attention is needed phase 1 Related to phase 1 deliverables for the tiger team

Comments

@idunbarh
Copy link
Contributor

idunbarh commented Oct 1, 2024

The phase-1 keycloak workflow has 14,530 / 23,683 have supplier names. We need to understand and investigate why this is not more.

SBOM Quality by Interlynk Score:8.5	components:23683	./enriched-keycloak-sbom-cyclonedx/enriched_keycloak-sbom.cdx.json
+-----------------------+--------------------------------+-----------+--------------------------------+
|       CATEGORY        |            FEATURE             |   SCORE   |              DESC              |
+-----------------------+--------------------------------+-----------+--------------------------------+
| NTIA-minimum-elements | comp_with_name                 | 10.0/10.0 | 23683/23683 have names         |
+                       +--------------------------------+-----------+--------------------------------+
|                       | comp_with_supplier             | 6.1/10.0  | 14530/23683 have supplier      |
|                       |                                |           | names                          |
+                       +--------------------------------+-----------+--------------------------------+
|                       | comp_with_uniq_ids             | 10.0/10.0 | 23683/23683 have unique ID's   |
+                       +--------------------------------+-----------+--------------------------------+
|                       | comp_with_version              | 9.9/10.0  | 23513/23683 have versions      |
+                       +--------------------------------+-----------+--------------------------------+
|                       | sbom_authors                   | 10.0/10.0 | doc has 2 authors              |
+                       +--------------------------------+-----------+--------------------------------+
|                       | sbom_creation_timestamp        | 10.0/10.0 | doc has creation timestamp     |
|                       |                                |           | 2024-10-01T05:39:04+00:00      |
+                       +--------------------------------+-----------+--------------------------------+
|                       | sbom_dependencies              | 10.0/10.0 | doc has 63307 relationships    |
+-----------------------+--------------------------------+-----------+--------------------------------+
@idunbarh idunbarh added enhancement New feature or request help wanted Extra attention is needed phase 1 Related to phase 1 deliverables for the tiger team labels Oct 1, 2024
@tiegz
Copy link
Collaborator

tiegz commented Oct 7, 2024

this might be unrelated bc it's SPDX instead of Cyclone, but I noticed this in the Keycloak "Augment Keycloak SPDX" step too:

{"level":"info","ts":1727921916.299821,"caller":"edit/spdx_edit.go:68","msg":"SPDX error updating supplier: not supported"}
{"level":"info","ts":1727921916.2998703,"caller":"edit/spdx_edit.go:68","msg":"SPDX error updating repository: not supported"}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed phase 1 Related to phase 1 deliverables for the tiger team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tiegz @idunbarh