Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SBOM support to Software Inventory Info event class #1262

Merged
merged 14 commits into from
Dec 4, 2024
Merged

Add SBOM support to Software Inventory Info event class #1262

merged 14 commits into from
Dec 4, 2024

Conversation

SherifSec
Copy link
Contributor

Related Issue: N/A

Description of changes:

Updates the Software Inventory Info event class to enable attaching an SBOM. I wanted to start simple for now by representing one type of relationship which is "depends on" used in both SPDX and CycloneDX. This will allow users to map direct and transitive relationships expressed in SBOMs.

Also per the NTIA, I wanted to make sure the minimum data fields of an SBOM were included.

Ran locally on the OCSF server and confirmed working.

@SherifSec
Add sbom to Software Package object
4c5865d 
Signed-off-by: Sherif Clinch <sheriff129@protonmail.com>
@SherifSec
Update CHANGELOG.md
b5bf179
@SherifSec
Revert "Update CHANGELOG.md"
0b004c4 
This reverts commit b5bf179.
@SherifSec
Add sbom related objects and update software_info event class
3872bfa 
Signed-off-by: Sherif Clinch <sheriff129@protonmail.com>
jonrau-at-queryai
jonrau-at-queryai previously approved these changes Nov 26, 2024
View reviewed changes
Copy link
Contributor

@jonrau-at-queryai jonrau-at-queryai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I hate SBOMs 🤣 but this is a really good representation of them.

mikeradka
mikeradka previously approved these changes Dec 3, 2024
View reviewed changes
@SherifSec
Merge branch 'main' into add-sbom
02c01b4 
Signed-off-by: SherifSec <sheriff129@protonmail.com>
@SherifSec SherifSec dismissed stale reviews from mikeradka and jonrau-at-queryai via 02c01b4 December 4, 2024 11:23
@mikeradka mikeradka self-requested a review December 4, 2024 16:31
@zschmerber zschmerber merged commit f42effc into ocsf:main Dec 4, 2024
3 checks passed
@SherifSec SherifSec deleted the add-sbom branch December 5, 2024 09:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonrau-at-queryai jonrau-at-queryai jonrau-at-queryai approved these changes

@mikeradka mikeradka mikeradka approved these changes

@zschmerber zschmerber zschmerber approved these changes

@floydtree floydtree Awaiting requested review from floydtree floydtree is a code owner

@pagbabian-splunk pagbabian-splunk Awaiting requested review from pagbabian-splunk pagbabian-splunk is a code owner

@Aniak5 Aniak5 Awaiting requested review from Aniak5 Aniak5 is a code owner

@davemcatcisco davemcatcisco Awaiting requested review from davemcatcisco davemcatcisco is a code owner

@jasonbreimer jasonbreimer Awaiting requested review from jasonbreimer

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@SherifSec @zschmerber @mikeradka @jonrau-at-queryai @floydtree