Conversation
Signed-off-by: Rajan Ravi <rravi@rravi-thinkpadp1gen4i.bengluru.csb>
queria
left a comment
queria
left a comment
There was a problem hiding this comment.
See inline - there may be one issue with namespace != documentNamespace in spdx sbom json. So please confirm if it is correct.
Aside that it looks good to me.
One suggestion to think about for future:
I wonder if it would not be better to hide some of the exact column-to-sbom-property mapping details in implementation instead of having it exposed at feature-file level.
While it is nice to see the exact expected mapping details here in the Scenario,
it also makes it quite hard to follow/review (seems overwhelming with details to me).
Maybe there could be later bit more highlevel mapping/description instead, in more generic way like And each package license row values match cdx sbom (and leave the assert/matching of 'cve.name' == 'metadata.component.name' or such up to that steps implementation).
Or maybe it could be defined outside/above the scenario in some table-like format,
and scenario steps only reference that mapping?
|
@queria I am completely agree with you - but the scenarios are mostly one on one mapping for the SBOM to exported file and differs based on the SBOM format as well. So, I kept bit descriptive. Please let me know. |
3 participants
Feature file updates for TPA V2 design changes.
JIRA: TC-2176