SBOM Mapper

[charleshu-8]

trafficstars

[kemley76]

SBOM specific view, that leverages this mapper, is being worked on in #6035

[charleshu-8]

Suggestions by @kemley76:

• [x] The control title should probably be more informative than a UUID. I think the description would fit well there, even if it is already listed in the control description.
• [x] Maybe cherrypick a few of the most useful data to put in the result details (name, version, group). We don't need to show everything because we have the components view.
• [x] Since you're duplicating the components (in passthrough and in each impactful vulnerability), you can trim down the component info that you nest in the vulns quite a bit. The passthrough is where the full component data (for the components table) can be stored.
• [x] Also, it would be helpful, if possible, to put a reference of some kind (probably bom-ref) to any vulnerabilites in the passthrough components section.

[mergify[bot]]

This pull request has a conflict. Could you fix it @charleshu-8?

[charleshu-8]

Another suggestion by @kemley76:

• [ ] A sample SBOM file in the file loader section would be nice. It would allow one to easily demonstrate the mapper functionality.

[mergify[bot]]

This pull request has a conflict. Could you fix it @charleshu-8?

[charleshu-8]

add syft test

[Amndeep7]

add spdx -> converted to cylonedx sbom as test as well

[sonarqubecloud[bot]]

Quality Gate passed

Issues
0 New issues
14 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.1% Duplication on New Code

See analysis details on SonarCloud