Add purl types for Container Scanning OS package types to rails monolith
Proposal
Once Generate SBOM in Container Scanning for Trivy-b... (#396381 - closed) has been completed, the container scanning analyzer will output SBOM
files for trivy
based analyzers.
The next step is to ensure that the rails monolith is able to ingest the components in these SBOM
files.
Implementation Plan
-
Add the following purl types to Enums::Sbom::PURL_TYPES and Enums::PackageMetadata::PURL_TYPES: apk
rpm
deb
cbl-mariner
The rails monolith will currently reject any components that do not have a supported_purl_type, so we need to ensure that we add the above
purl_types
. -
Add unit tests for the above changes -
Manually test to confirm that an SBOM
produced by container scanning is ingested into thesbom_*
tables in the rails monolith db.
Edited by Aditya Tiwari