Skip to content

Embed sbomqs NTIA/BSI compliance analysis in buildCompliantImage#15

Open
mrdavidlaing wants to merge 1 commit into
mainfrom
embed-sbomqs-analysis-in-compliance-output
Open

Embed sbomqs NTIA/BSI compliance analysis in buildCompliantImage#15
mrdavidlaing wants to merge 1 commit into
mainfrom
embed-sbomqs-analysis-in-compliance-output

Conversation

@mrdavidlaing

@mrdavidlaing mrdavidlaing commented Mar 23, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Added sbomqs compliance --ntia --json and --bsi --json reports as derivations in buildCompliantImage
  • Wired into compliance.ntia-minimum-elements.sbomqs and compliance.bsi-tr-03183-2.sbomqs
  • Auto-injects sbomqs from the consumer's package set; gracefully omits reports if sbomqs unavailable
  • Reports are always generated (no build failures on compliance gaps)

Review verdict

✅ Pass — adversarial review verified: correct flags, SBOM reference, null handling, no eval errors

🌙 Generated by yak-nightshift
🐃 Shaved by Yaklyn

@claude
📦 new (nix-compliance-inator): embed sbomqs NTIA/BSI compliance analysis
13e2801 
Add sbomqs compliance --ntia and --bsi JSON reports as derivations in
buildCompliantImage output:
- compliance.ntia-minimum-elements.sbomqs
- compliance.bsi-tr-03183-2.sbomqs

Auto-injects sbomqs from consumer's package set; gracefully omits
reports if sbomqs unavailable. Reports always generated (no build
failures on compliance gaps).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@mrdavidlaing mrdavidlaing force-pushed the embed-sbomqs-analysis-in-compliance-output branch from f40cb3a to 13e2801 Compare March 23, 2026 22:16
@mrdavidlaing mrdavidlaing changed the base branch from test/verify-pending-comment-and-formatting to implement-adr007-design March 23, 2026 22:16
Base automatically changed from implement-adr007-design to main March 23, 2026 23:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mrdavidlaing