Skip to content

fix(ISV-5982): link to arch-specific images#34

Merged
jedinym merged 2 commits intomainfrom
fix-generate-index
Jun 6, 2025
Merged

fix(ISV-5982): link to arch-specific images#34
jedinym merged 2 commits intomainfrom
fix-generate-index

Conversation

@jedinym
Copy link
Copy Markdown
Contributor

@jedinym jedinym commented Jun 2, 2025

Link to arch-specific images in image index SBOM. The arch parameters are also removed from the PURLs to ensure that the SBOMs correctly link to the arch-specific image SBOMs. This should be reversed once we have arch parameters in the image SBOMs.

I updated ISV-5858 description to make sure this is handled properly once image SBOMs are generated via mobster.

https://issues.redhat.com/browse/ISV-5982

@jedinym jedinym changed the title fix: link to arch-specific images fix(ISV-5982): link to arch-specific images Jun 2, 2025
{
"referenceCategory": "PACKAGE_MANAGER",
"referenceLocator": "pkg:oci/ubi@sha256:4b4976d86eefeedab6884c9d2923206c6c3c2e2471206f97fd9d7aaaecbc04ac?arch=amd64&repository_url=registry.redhat.io/ubi10-beta/ubi",
"referenceLocator": "pkg:oci/ubi@sha256:e692418e4cbaf90ca69d05a66403747baa33ee08806650b51fab815ad7fc331f?arch=amd64&repository_url=registry.redhat.io/ubi10-beta/ubi",
Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In order to properly link the index with child manifests, you need to exclude the arch argument from the purl if you use the child digest. The child purls included in the child SBOMs don't have the arch parameter.

jedinym added 2 commits June 3, 2025 11:26
Our testing data contained an index SBOM, which had incorrect external
references. The SBOM was missing references to arch-specific images.

Signed-off-by: Martin Jediny <jedinym@proton.me>
Signed-off-by: Martin Jediny <jedinym@proton.me>
@jedinym jedinym force-pushed the fix-generate-index branch from e41564e to afc2b99 Compare June 3, 2025 09:26
@jedinym jedinym requested review from Allda and ezopezo June 3, 2025 09:47
@jedinym jedinym marked this pull request as ready for review June 3, 2025 09:47
@jedinym jedinym added this pull request to the merge queue Jun 6, 2025
Merged via the queue into main with commit 2eecb63 Jun 6, 2025
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants