PBM-1710-SBOMS for PBM#369
Open
rasika-chivate wants to merge 18 commits into
Open
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Adds documentation for Software Bill of Materials (SBOM) availability in Percona Backup for MongoDB (PBM) and exposes the new page in the MkDocs navigation.
Changes:
- Adds a new reference page describing where to find and how to scan PBM SBOMs across packaging formats (tarball/RPM/DEB/Docker).
- Updates MkDocs navigation to include the new SBOM documentation page.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| mkdocs-base.yml | Adds a nav entry intended to link to the new SBOM reference page. |
| docs/reference/sboms-pbm.md | New documentation page describing SBOM locations and scanning examples. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
rasika-chivate
requested a deployment
to
PBM-1710-SBOMS-for-PBM - pbm-docs PR #369
Render
In progress
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
rasika-chivate
temporarily deployed
to
PBM-1710-SBOMS-for-PBM - pbm-docs PR #369
Render
Destroyed
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
rasika-chivate
temporarily deployed
to
PBM-1710-SBOMS-for-PBM - pbm-docs PR #369
Render
Destroyed
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
…bm-docs into PBM-1710-SBOMS-for-PBM
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
rasika-chivate
temporarily deployed
to
PBM-1710-SBOMS-for-PBM - pbm-docs PR #369
Render
Destroyed
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
rasika-chivate
temporarily deployed
to
PBM-1710-SBOMS-for-PBM - pbm-docs PR #369
Render
Destroyed
…bm-docs into PBM-1710-SBOMS-for-PBM
Comment on lines
+5
to
+6
| Starting with version 2.15.0, every Percona Backup for MongoDB (PBM) release includes a [CycloneDX 1.6 :octicons-link-external-16:](https://cyclonedx.org/specification/overview/){:target="_blank"} SBOM in JSON format. | ||
|
|
Comment on lines
+20
to
+22
| | Binary tarball | `percona-backup-mongodb-{{release}}/percona-backup-mongodb-{{release}}.cdx.json` | | ||
| | RPM package | `/usr/share/doc/percona-backup-mongodb/percona-backup-mongodb-{{release}}.cdx.json` | | ||
| | DEB package | `/usr/share/doc/percona-backup-mongodb/percona-backup-mongodb-{{release}}.cdx.json` | |
Comment on lines
+34
to
+38
| tar tzf percona-backup-mongodb-{{release}}-x86_64.tar.gz | grep cdx.json | ||
|
|
||
| # Extract and scan | ||
| tar xzf percona-backup-mongodb-{{release}}-x86_64.tar.gz \ | ||
| -C /tmp percona-backup-mongodb-{{release}}/percona-backup-mongodb-{{release}}.cdx.json |
| tar xzf percona-backup-mongodb-{{release}}-x86_64.tar.gz \ | ||
| -C /tmp percona-backup-mongodb-{{release}}/percona-backup-mongodb-{{release}}.cdx.json | ||
| trivy sbom --severity HIGH,CRITICAL --ignore-unfixed \ | ||
| /tmp/percona-backup-mongodb-{{release}}/percona-backup-mongodb-{{release}}.cdx.json |
|
|
||
| # Scan it (replace 9.x with your RHEL/OL version) | ||
| trivy sbom --severity HIGH,CRITICAL --ignore-unfixed --distro redhat/9.x \ | ||
| /usr/share/doc/percona-backup-mongodb/percona-backup-mongodb-{{release}}.cdx.json |
|
|
||
| # Scan it | ||
| trivy sbom --severity HIGH,CRITICAL --ignore-unfixed \ | ||
| /usr/share/doc/percona-backup-mongodb/percona-backup-mongodb-{{release}}.cdx.json |
Comment on lines
+79
to
+80
| trivy image --severity HIGH,CRITICAL --ignore-unfixed --sbom-sources oci \ | ||
| docker.io/percona/percona-backup-mongodb:{{release}} |
Comment on lines
+90
to
+93
| docker run --rm -it --entrypoint cat \ | ||
| docker.io/percona/percona-backup-mongodb:{{release}} \ | ||
| /usr/share/doc/percona-backup-mongodb/percona-backup-mongodb-{{release}}.cdx.json \ | ||
| | trivy sbom --severity HIGH,CRITICAL --ignore-unfixed - |
Comment on lines
+102
to
+103
| oras discover --format tree \ | ||
| docker.io/percona/percona-backup-mongodb:{{release}}-amd64 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Provide SBOMS for PBM