(tooling-trusted-releases) branch vulnerabilities_sbom updated: Store vulnerabilities in SBOM and read back from the report. Store ATR task info in SBOM as a reference.

Thu, 18 Dec 2025 07:38:42 -0800 

This is an automated email from the ASF dual-hosted git repository.

arm pushed a commit to branch vulnerabilities_sbom
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git


The following commit(s) were added to refs/heads/vulnerabilities_sbom by this 
push:
     new 3bafdd4  Store vulnerabilities in SBOM and read back from the report. 
Store ATR task info in SBOM as a reference.
3bafdd4 is described below

commit 3bafdd48a01125ad2968884d4b9e29f8c22b76a6
Author: Alastair McFarlane <[email protected]>
AuthorDate: Thu Dec 18 15:36:58 2025 +0000

    Store vulnerabilities in SBOM and read back from the report. Store ATR task 
info in SBOM as a reference.
---
 atr/models/results.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/atr/models/results.py b/atr/models/results.py
index 7dd0cd1..166a4ed 100644
--- a/atr/models/results.py
+++ b/atr/models/results.py
@@ -59,7 +59,7 @@ class SBOMOSVScan(schema.Strict):
     version_name: str = schema.description("Version name")
     revision_number: str = schema.description("Revision number")
     file_path: str = schema.description("Relative path to the scanned SBOM 
file")
-    new_file_path: str = schema.description("Relative path to the updated SBOM 
file")
+    new_file_path: str = schema.Field(default="", strict=False, 
description="Relative path to the updated SBOM file")
     components: list[OSVComponent] = schema.description("Components with 
vulnerabilities")
     ignored: list[str] = schema.description("Components ignored")
 
@@ -123,8 +123,12 @@ class SBOMToolScore(schema.Strict):
     warnings: list[str] = schema.description("Warnings from the SBOM tool")
     errors: list[str] = schema.description("Errors from the SBOM tool")
     outdated: str | None = schema.description("Outdated tool from the SBOM 
tool")
-    vulnerabilities: list[str] | None = schema.description("Vulnerabilities 
stored in the SBOM")
-    atr_props: list[dict[str, str]] | None = schema.description("ATR 
properties stored in the SBOM")
+    vulnerabilities: list[str] | None = schema.Field(
+        default=None, strict=False, description="Vulnerabilities found in the 
SBOM"
+    )
+    atr_props: list[dict[str, str]] | None = schema.Field(
+        default=None, strict=False, description="ATR properties found in the 
SBOM"
+    )
     cli_errors: list[str] | None = schema.description("Errors from the 
CycloneDX CLI")
 
 


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to