Skip to content

fix(dependency-track): allow CPE version splitting for SBOM generation#657

Merged
HarryWaschkeit merged 5 commits into
omnect:mainfrom
HarryWaschkeit:hwt--2026-06-12-fix-sbom-creation
Jun 17, 2026
Merged

fix(dependency-track): allow CPE version splitting for SBOM generation#657
HarryWaschkeit merged 5 commits into
omnect:mainfrom
HarryWaschkeit:hwt--2026-06-12-fix-sbom-creation

Conversation

@HarryWaschkeit

@HarryWaschkeit HarryWaschkeit commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

Component versions in CPE entries of CVEs are used differently with respect to suffixes like p2, rc1 and so on:

  • for most components the full version (i.e. including any suffixes) is written to the CPE "version" field and CPE field "update" is set to *
  • some components however use the update field for suffixes, using - if none is present

This cannot be handled generically, so a mechanism was introduced to specify the split handling for respective components.

See classes/dependency-track.bbclass for a detailed description.

@HarryWaschkeit
fix(dependency-track): SBOM generation was wrong for a few components
309b6c8 
Component versions in CPE entries of CVEs are used differently with
respect to suffixes like `p2`, `rc1` and so on:
- for most components the full version (i.e. including any suffixes) is
  written to the CPE version field
- some components however use the update CPE field for suffixes, using
  `-` if none is present

This cannot be handled generically, so a machanism was introduced to
specify the split handling for respective components.

See classes/dependency-track.bbclass for a detailed description.

Signed-off-by: Harry Waschkeit <44188360+HarryWaschkeit@users.noreply.github.com>
mlilien
mlilien reviewed Jun 15, 2026
View reviewed changes
Comment thread classes/dependency-track.bbclass Outdated
Comment thread classes/dependency-track.bbclass Outdated
Comment thread classes/dependency-track.bbclass Outdated
Comment thread classes/dependency-track.bbclass Outdated
@HarryWaschkeit
qa
d38f075 
Signed-off-by: Harry Waschkeit <44188360+HarryWaschkeit@users.noreply.github.com>
@HarryWaschkeit HarryWaschkeit changed the title fix(dependency-track): SBOM generation was wrong for a few components fix(dependency-track): SBOM generation was wrong for some components Jun 15, 2026
@HarryWaschkeit HarryWaschkeit changed the title fix(dependency-track): SBOM generation was wrong for some components fix(dependency-track): introduced CPE version splitting for SBOM generation Jun 15, 2026
@HarryWaschkeit HarryWaschkeit changed the title fix(dependency-track): introduced CPE version splitting for SBOM generation fix(dependency-track): allow CPE version splitting for SBOM generation Jun 15, 2026
@HarryWaschkeit
refactor(dependency-track): prevent diverging of debugging output and…
c6e57ad 
… CPE version setting

Signed-off-by: Harry Waschkeit <44188360+HarryWaschkeit@users.noreply.github.com>
@HarryWaschkeit HarryWaschkeit requested a review from mlilien June 15, 2026 08:55
mlilien
mlilien reviewed Jun 15, 2026
View reviewed changes
Comment thread classes/dependency-track.bbclass Outdated
Comment thread classes/dependency-track.bbclass
JoergZeidler
JoergZeidler reviewed Jun 15, 2026
View reviewed changes
Comment thread classes/dependency-track.bbclass Outdated
JoergZeidler
JoergZeidler reviewed Jun 15, 2026
View reviewed changes
Comment thread classes/dependency-track.bbclass Outdated
JoergZeidler
JoergZeidler reviewed Jun 15, 2026
View reviewed changes
Comment thread classes/dependency-track.bbclass Outdated
JoergZeidler
JoergZeidler reviewed Jun 15, 2026
View reviewed changes
Comment thread classes/dependency-track.bbclass Outdated
@HarryWaschkeit
fix(dependency-track): regex match check for version split detection …
831ec0e 
…was broken (and typos)

Signed-off-by: Harry Waschkeit <44188360+HarryWaschkeit@users.noreply.github.com>
@HarryWaschkeit
refactor(dependency-track): bb-fatal instead of bb.error if split fails
a37a81c 
Signed-off-by: Harry Waschkeit <44188360+HarryWaschkeit@users.noreply.github.com>
mlilien
mlilien reviewed Jun 17, 2026
View reviewed changes

@mlilien mlilien left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

somehow the last review was not treated as one, but as a comment only
#657 (comment)

@HarryWaschkeit HarryWaschkeit requested a review from mlilien June 17, 2026 07:20
@HarryWaschkeit HarryWaschkeit merged commit 5a0fcb6 into omnect:main Jun 17, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mlilien mlilien mlilien approved these changes

@JoergZeidler JoergZeidler JoergZeidler approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@HarryWaschkeit @mlilien @JoergZeidler