Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Minimum confidence filter #1457

Merged
merged 2 commits into from
Nov 15, 2024
Merged

Minimum confidence filter #1457

merged 2 commits into from
Nov 15, 2024

Conversation

prabhu
Copy link
Collaborator

@prabhu prabhu commented Nov 15, 2024

From the ADVANCED.md file

Minimum confidence filter

Use --min-confidence with a value between 0 and 1 to filter components based on the confidence of their purl identify. The logic involves looking for field=purl in evidence.identity and collecting the maximum confidence value. This is then compared against the minimum confidence passed as an argument.

cdxgen -t c . --min-confidence 0.1

The above would filter out all the zero confidence components in c/c++, so use it with caution.

Analysis technique filter

Use --technique to list the techniques that cdxgen is allowed to use for the xBOM generation. Leaving this argument or using the value auto enables default behaviour.

Example 1 - only allow manifest-analysis:

cdxgen -t c . --technique manifest-analysis

Example 2 - allow manifest-analysis and source-code-analysis:

cdxgen -t c . --technique manifest-analysis --technique source-code-analysis

List of supported techniques:

  • auto (default)
  • source-code-analysis
  • binary-analysis
  • manifest-analysis
  • hash-comparison
  • instrumentation
  • filename

Currently, this capability is implemented as a filter during post-processing, so unlikely to yield any performance benefits.

Signed-off-by: Prabhu Subramanian <[email protected]>
@prabhu prabhu added the enhancement New feature or request label Nov 15, 2024
@prabhu prabhu added this to the 11.0.0 milestone Nov 15, 2024
Signed-off-by: Prabhu Subramanian <[email protected]>
@prabhu prabhu marked this pull request as ready for review November 15, 2024 13:50
@prabhu prabhu merged commit ce64722 into master Nov 15, 2024
25 checks passed
@prabhu prabhu deleted the feature/confidence-filter branch November 15, 2024 14:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant