Skip to content

fix(eol-shared): preserve only EOL-relevant SBOM properties#26

Merged
facundo-herodevs merged 1 commit into
mainfrom
fix/trim-cdx-bom-properties
Jun 3, 2026
Merged

fix(eol-shared): preserve only EOL-relevant SBOM properties#26
facundo-herodevs merged 1 commit into
mainfrom
fix/trim-cdx-bom-properties

Conversation

@facundo-herodevs

@facundo-herodevs facundo-herodevs commented Jun 3, 2026

Copy link
Copy Markdown
Member

What This Branch Does

This branch tightens SBOM trimming for EOL scans by making trimCdxBom remove non-EOL component properties before upload. It keeps the existing trimming behavior for external references, evidence, and hashes, while preserving the Maven/Gradle property currently used by EOL report analysis.

SBOM Trimming

  • Adds EOL_SCAN_PROPERTY_ALLOWLIST in src/trim-cdx-bom.ts to keep only EOL-relevant CycloneDX component properties.
  • Updates trimCdxBom to filter component properties case-insensitively and preserve gradleProfileName while dropping unrelated property payloads.
  • Keeps empty property arrays for components without allowlisted properties in src/trim-cdx-bom.ts, matching the existing trimmed-output style for hashes, evidence, and external references.

Test Coverage

@facundo-herodevs facundo-herodevs force-pushed the fix/trim-cdx-bom-properties branch from 25f282e to cd5d0bf Compare June 3, 2026 20:37
@facundo-herodevs facundo-herodevs enabled auto-merge (squash) June 3, 2026 20:38
@facundo-herodevs facundo-herodevs merged commit bb57227 into main Jun 3, 2026
7 checks passed
@facundo-herodevs facundo-herodevs deleted the fix/trim-cdx-bom-properties branch June 3, 2026 20:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants