This is an automated email from the ASF dual-hosted git repository.
sbp pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-release.git
The following commit(s) were added to refs/heads/main by this push:
new 9d913bc Integrate the CycloneDX CLI validator into the UI
9d913bc is described below
commit 9d913bc18e3b779fd545cfd61e697ee219a9ba2e
Author: Sean B. Palmer <[email protected]>
AuthorDate: Mon Sep 1 20:22:50 2025 +0100
Integrate the CycloneDX CLI validator into the UI
---
atr/models/results.py | 1 +
atr/routes/sbom.py | 6 ++++++
atr/sbomtool.py | 2 +-
atr/tasks/sbom.py | 2 ++
4 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/atr/models/results.py b/atr/models/results.py
index f069bb2..eb68fe4 100644
--- a/atr/models/results.py
+++ b/atr/models/results.py
@@ -105,6 +105,7 @@ class SBOMToolScore(schema.Strict):
warnings: list[str] = schema.description("Warnings from the SBOM tool")
errors: list[str] = schema.description("Errors from the SBOM tool")
outdated: str | None = schema.description("Outdated tool from the SBOM
tool")
+ cli_errors: list[str] | None = schema.description("Errors from the
CycloneDX CLI")
class SvnImportFiles(schema.Strict):
diff --git a/atr/routes/sbom.py b/atr/routes/sbom.py
index 5a5418c..32af892 100644
--- a/atr/routes/sbom.py
+++ b/atr/routes/sbom.py
@@ -195,6 +195,12 @@ async def report(session: routes.CommitterSession,
project: str, version: str, f
else:
block.p["No outdated tool found."]
+ block.h2["CycloneDX CLI validation errors"]
+ if task_result.cli_errors:
+ block.pre["\n".join(task_result.cli_errors)]
+ else:
+ block.p["No CycloneDX CLI validation errors found."]
+
return await template.blank("SBOM report", content=block.collect())
diff --git a/atr/sbomtool.py b/atr/sbomtool.py
index 5761424..aacd7c4 100644
--- a/atr/sbomtool.py
+++ b/atr/sbomtool.py
@@ -896,7 +896,7 @@ def validate_cyclonedx_atr(bundle: Bundle) -> Iterable[Any]
| None:
return None
-def validate_cyclonedx_cli(bundle: Bundle) -> Iterable[Any] | None:
+def validate_cyclonedx_cli(bundle: Bundle) -> list[str] | None:
args = [
"cyclonedx",
"validate",
diff --git a/atr/tasks/sbom.py b/atr/tasks/sbom.py
index 45db7b5..9ae2e71 100644
--- a/atr/tasks/sbom.py
+++ b/atr/tasks/sbom.py
@@ -169,6 +169,7 @@ async def score_tool(args: FileArgs) -> results.Results |
None:
bundle = sbomtool.path_to_bundle(pathlib.Path(full_path))
warnings, errors = sbomtool.ntia_2021_conformance_issues(bundle.bom)
outdated = sbomtool.maven_plugin_outdated_version(bundle.bom)
+ cli_errors = sbomtool.validate_cyclonedx_cli(bundle)
return results.SBOMToolScore(
kind="sbom_tool_score",
project_name=args.project_name,
@@ -178,6 +179,7 @@ async def score_tool(args: FileArgs) -> results.Results |
None:
warnings=[w.model_dump_json() for w in warnings],
errors=[e.model_dump_json() for e in errors],
outdated=outdated.model_dump_json() if outdated else None,
+ cli_errors=cli_errors,
)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
