Fix SBOM component ref compare #618

kerenr-jfrog · 2025-12-10T14:05:20Z

The pull request is targeting the dev branch.
The code has been validated to compile successfully by running go vet ./....
The code has been formatted properly using go fmt ./....
All static analysis checks passed.
All tests have passed. If this feature is not already covered by the tests, new tests have been added.
Updated the Contributing page / ReadMe page / CI Workflow files if needed.
All changes are detailed at the description. if not already covered at JFrog Documentation, new documentation have been added.

Added logic for cases we want to compare between SBOM components from two different scans and exclude the similar components.

…sbom-component-ref-compare

utils/formats/cdxutils/cyclonedxutils.go

# Conflicts: # go.mod # go.sum

attiasas

LGTM!
Please add another test case where PackageURL values has the hash suffix so you can see it works

attiasas

LGTM, don't forget to merge dev before merge

github-actions · 2025-12-24T11:53:25Z

🐸 JFrog Frogbot

kerenr-jfrog and others added 10 commits December 8, 2025 18:22

add SearchComponentByRefGitDiff for frogbot usage

3ded95a

Update froggit to v1.20.6

bd0d9b3

fix static test unused vars

339bbc5

Merge remote-tracking branch 'upstream/dev' into update_ftoggit_1_20_6

3b15179

Merge branch 'dev' into fix-sbom-component-ref-compare

257d63a

minor fix

0d920de

fix excludeFromDependencies logic

5e93904

Fix breaking changes in remediation API

1c11af9

update dependencies versions to fix static

2a815cb

Merge remote-tracking branch 'assafa/update_ftoggit_1_20_6' into fix-…

5c02222

…sbom-component-ref-compare

kerenr-jfrog had a problem deploying to frogbot December 10, 2025 14:05 — with GitHub Actions Failure

kerenr-jfrog self-assigned this Dec 10, 2025

kerenr-jfrog added bug Something isn't working safe to test Approve running integration tests on a pull request labels Dec 10, 2025

github-actions bot removed the safe to test Approve running integration tests on a pull request label Dec 10, 2025

kerenr-jfrog requested a review from attiasas December 10, 2025 14:41

update dependencies

35e0123

kerenr-jfrog requested a deployment to frogbot December 11, 2025 07:52 — with GitHub Actions Waiting

attiasas requested changes Dec 11, 2025

View reviewed changes

utils/formats/cdxutils/cyclonedxutils.go Outdated Show resolved Hide resolved

utils/formats/cdxutils/cyclonedxutils.go Outdated Show resolved Hide resolved

fix cr comments

0f00a97

kerenr-jfrog requested a deployment to frogbot December 11, 2025 09:28 — with GitHub Actions Waiting

kerenr-jfrog requested a review from attiasas December 11, 2025 09:34

Merge branch 'dev' into fix-sbom-component-ref-compare

7e4a1ab

# Conflicts: # go.mod # go.sum

kerenr-jfrog requested a deployment to frogbot December 11, 2025 10:17 — with GitHub Actions Waiting

Merge branch 'dev' into fix-sbom-component-ref-compare

4687742

kerenr-jfrog requested a deployment to frogbot December 11, 2025 11:03 — with GitHub Actions Waiting

Merge branch 'dev' into fix-sbom-component-ref-compare

1bc0077

kerenr-jfrog requested a deployment to frogbot December 11, 2025 12:37 — with GitHub Actions Waiting

Merge branch 'dev' into fix-sbom-component-ref-compare

9456278

kerenr-jfrog requested a deployment to frogbot December 11, 2025 15:25 — with GitHub Actions Waiting

kerenr-jfrog requested a deployment to frogbot December 16, 2025 13:40 — with GitHub Actions Waiting

fix cyclonedxutils_test.go

cbb72e3

kerenr-jfrog requested a deployment to frogbot December 16, 2025 14:23 — with GitHub Actions Waiting

kerenr-jfrog added the safe to test Approve running integration tests on a pull request label Dec 16, 2025

github-actions bot removed the safe to test Approve running integration tests on a pull request label Dec 16, 2025

fix bomgenerator_test.go

ff1cb5b

kerenr-jfrog requested a deployment to frogbot December 16, 2025 15:02 — with GitHub Actions Waiting

kerenr-jfrog added the safe to test Approve running integration tests on a pull request label Dec 16, 2025

github-actions bot removed the safe to test Approve running integration tests on a pull request label Dec 16, 2025

kerenr-jfrog added the safe to test Approve running integration tests on a pull request label Dec 16, 2025

github-actions bot removed the safe to test Approve running integration tests on a pull request label Dec 16, 2025

attiasas reviewed Dec 17, 2025

View reviewed changes

added hash exclude test

ec31edd

kerenr-jfrog requested a deployment to frogbot December 17, 2025 13:22 — with GitHub Actions Waiting

kerenr-jfrog requested a review from attiasas December 17, 2025 13:23

kerenr-jfrog added the safe to test Approve running integration tests on a pull request label Dec 17, 2025

github-actions bot removed the safe to test Approve running integration tests on a pull request label Dec 17, 2025

attiasas approved these changes Dec 17, 2025

View reviewed changes

Merge branch 'dev' into fix-sbom-component-ref-compare

0452c0e

kerenr-jfrog requested a deployment to frogbot December 18, 2025 13:29 — with GitHub Actions Waiting

kerenr-jfrog added the safe to test Approve running integration tests on a pull request label Dec 18, 2025

github-actions bot removed the safe to test Approve running integration tests on a pull request label Dec 18, 2025

kerenr-jfrog added the safe to test Approve running integration tests on a pull request label Dec 24, 2025

github-actions bot removed the safe to test Approve running integration tests on a pull request label Dec 24, 2025

Merge branch 'dev' into fix-sbom-component-ref-compare

8645015

kerenr-jfrog temporarily deployed to frogbot December 24, 2025 11:21 — with GitHub Actions Inactive

kerenr-jfrog added the safe to test Approve running integration tests on a pull request label Dec 24, 2025

github-actions bot removed the safe to test Approve running integration tests on a pull request label Dec 24, 2025

kerenr-jfrog merged commit 6976bb9 into jfrog:dev Dec 24, 2025
62 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Fix SBOM component ref compare #618

Fix SBOM component ref compare #618

Uh oh!

kerenr-jfrog commented Dec 10, 2025 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

attiasas left a comment

Uh oh!

attiasas left a comment

Uh oh!

github-actions bot commented Dec 24, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Fix SBOM component ref compare #618

Fix SBOM component ref compare #618

Uh oh!

Conversation

kerenr-jfrog commented Dec 10, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Uh oh!

attiasas left a comment

Choose a reason for hiding this comment

Uh oh!

attiasas left a comment

Choose a reason for hiding this comment

Uh oh!

github-actions bot commented Dec 24, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

kerenr-jfrog commented Dec 10, 2025 •

edited

Loading