Skip to content

add sbom diff functionality #10343

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

add sbom diff functionality #10343

wants to merge 1 commit into from

Conversation

@kikofernandez
Copy link
Contributor

@kikofernandez kikofernandez commented Nov 3, 2025

Adds simple tool to compare Erlang/OTP SBOMs.

This functionality is mostly to be used internally, simply to check that the Github generated SBOM is exactly the same one that one can produce internally, i.e., taking all Github integrations and moving them in-house, running those scripts.

Produces information about:

  • Which files in SBOM A does not exist in SBOM B, and vice versa
  • Changes in licenses,
  • copyrights,
  • external references,
  • version information,
  • packages, and
  • files within packages

In some cases, the ouput will be written to a json file for ease of parsing (if there are many differences in files, it would be tedious to read from standard output). In other cases, the diff will be shown in standard output, mentioning the package and fields affected.

@kikofernandez
add sbom diff functionality
10a60ac 
compare Erlang/OTP SBOMs. this functionality is useful to compare if the
Github Erlang/OTP generated SBOM matches one produced manually, or that
mimics all the steps from the Github scripts.
@kikofernandez kikofernandez self-assigned this Nov 3, 2025
@kikofernandez kikofernandez added team:VM Assigned to OTP team VM team:PS Assigned to OTP team PS labels Nov 3, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Nov 3, 2025
edited
Loading

CT Test Results

  1 files   11 suites   3m 13s ⏱️
 95 tests  91 ✅ 4 💤 0 ❌
111 runs  107 ✅ 4 💤 0 ❌

Results for commit 10a60ac.

♻️ This comment has been updated with latest results.

To speed up review, make sure that you have read Contributing to Erlang/OTP and that all checks pass.

See the TESTING and DEVELOPMENT HowTo guides for details about how to run test locally.

Artifacts

// Erlang/OTP Github Action Bot

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Whaileee Whaileee Awaiting requested review from Whaileee

At least 1 approving review is required to merge this pull request.

Assignees

@kikofernandez kikofernandez

Labels

enhancement team:PS Assigned to OTP team PS team:VM Assigned to OTP team VM

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kikofernandez