Skip to main content

Starter Plug-in for Hoppr

Project description

Hoppr JQ Filter

A Hoppr plugin to filter components out of the delivered sbom using jq syntax.

It works as the intersect of "includes" and "excludes".

  • Any components not found with the includes will be removed
  • Any components found with the excludes will be removed
  SampleStage:
    plugins:
    - name: "hoppr_jq_filter.plugin"
      config:
        delete_excluded: True
        purl_regex_includes: []
        purl_regex_excludes: []
        jq_expression_includes: []
        jq_expression_excludes: []
  • delete_excluded
    • A flag indicating if the plugin should delete any excluded components found in collect_root_dir
  • purl_regex_includes
    • A list of regular expressions for purls that should remain in the SBOM
  • purl_regex_excludes
    • A list of regular expressions to remove purls that match in the SBOM
  • jq_expression_includes
    • A list of jq expressions for components that should remain in the SBOM
  • jq_expression_excludes
    • A list of jq expressions to remove components that match in the SBOM

Examples

Only keep generic components in the SBOM

  SampleStage:
    plugins:
    - name: "hoppr_jq_filter.plugin"
      config:
        purl_regex_includes:
          - "^pkg:generic"

Remove any purl with controlled in the name

  SampleStage:
    plugins:
    - name: "hoppr_jq_filter.plugin"
      config:
        purl_regex_excludes:
          - "controlled"

Debugging

If you are having trouble filtering out components, you can easily debug using jq directly.

  1. Run hoppr bundle with a -v and review the logs.
  2. This plugin will print all of the jq queries used and the matching purls found.
  3. You can cat your-sbom.cdx.json | jq '<your query>' to debug.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

hoppr_jq_filter-0.2.5.tar.gz (4.9 kB view details)

Uploaded Source

Built Distribution

hoppr_jq_filter-0.2.5-py3-none-any.whl (5.7 kB view details)

Uploaded Python 3

File details

Details for the file hoppr_jq_filter-0.2.5.tar.gz.

File metadata

  • Download URL: hoppr_jq_filter-0.2.5.tar.gz
  • Upload date:
  • Size: 4.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.8.2 CPython/3.10.13 Linux/5.4.109+

File hashes

Hashes for hoppr_jq_filter-0.2.5.tar.gz
Algorithm Hash digest
SHA256 e6d95bb38954b11ee2c77d9a042d286962e60286c95ed0f1d81e61b53b77757c
MD5 aa29233b3f829cfdb211a520dd1ffb3e
BLAKE2b-256 06889b6aa3ac2cbece9781229f88fc253dc1e5dcea3d7c8bd3f3b580fdccf0ee

See more details on using hashes here.

File details

Details for the file hoppr_jq_filter-0.2.5-py3-none-any.whl.

File metadata

  • Download URL: hoppr_jq_filter-0.2.5-py3-none-any.whl
  • Upload date:
  • Size: 5.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.8.2 CPython/3.10.13 Linux/5.4.109+

File hashes

Hashes for hoppr_jq_filter-0.2.5-py3-none-any.whl
Algorithm Hash digest
SHA256 bd2ba9572a081c4224e77621779e46c4ab7630a28cecc07474d3cf22d69113e6
MD5 ac5a335b580ca01a7469e323f6b319fa
BLAKE2b-256 c72cdc530eda5174a67d9d3996662bc3477effeee756ebff692fd71aeba79621

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page