Skip to content

feat(sbom): add ecosystem canonicalization matrix#111

Merged
stacknil merged 1 commit into
mainfrom
codex/v1.1-ecosystem-canonicalization-matrix
Jul 5, 2026
Merged

feat(sbom): add ecosystem canonicalization matrix#111
stacknil merged 1 commit into
mainfrom
codex/v1.1-ecosystem-canonicalization-matrix

Conversation

@stacknil

@stacknil stacknil commented Jul 5, 2026

Copy link
Copy Markdown
Owner

Summary

  • add an executable ecosystem canonicalization matrix for component identity
  • keep PyPI, npm, Maven, NuGet, generic, and unknown-ecosystem behavior explicit instead of applying universal lowercase
  • document the matrix and add a docs-sync test so registered rules stay documented

Validation

  • python -m pytest tests/test_component_identity.py tests/test_diffing.py
  • python -m pytest
  • python -m ruff check src/sbom_diff_risk/component_identity.py tests/test_component_identity.py
  • python scripts/regenerate-example-artifacts.py --check
  • python scripts/validate-reviewer-routes.py
  • python -m pip check
  • git diff --cached --check
  • python -m build --outdir .tmp-ecosystem-build

@stacknil stacknil merged commit 8f4ca51 into main Jul 5, 2026
11 checks passed
@stacknil stacknil deleted the codex/v1.1-ecosystem-canonicalization-matrix branch July 5, 2026 12:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant