docs(user-guide): received-SBOM ingest + conformance on Scans/SBOM pages (model 3)#413
Merged
Merged
Conversation
…s/SBOM pages (model 3) The CI-integration how-to (ci-integration/sbom-upload.md) already covered the upload endpoint + conformance verdict, but the product user-guide did not: - user-guide/scans.md: add the 'sbom' scan kind to the kinds table, correct the 'Source/Container only' dialog note (three kinds now; sbom is uploaded, not picked), and add a 'Received SBOMs (uploaded)' section covering formats (CycloneDX/SPDX), the ingest endpoint, and the advisory pass/warn/fail conformance verdict + per-check meaning, cross-linking the CI guide. - user-guide/sbom.md: add an export-vs-upload note distinguishing this page (export from a scan) from uploading a supplier SBOM, linking both surfaces. - EN + KO mirrored; KO translation-style lint S1/S2 clean. (CHANGELOG is batched at release-prep here — #404–#412 will be captured then, matching how the concurrent ingest PRs were handled.)
haksungjang
added a commit
that referenced
this pull request
Jun 14, 2026
…gest + conformance) (#414) Capture the model-3 arc (#404–#413) under a new Keep-a-Changelog [Unreleased] section so the next release-prep PR rolls it into a version: received-SBOM ingest endpoint, SPDX input support, conformance scoring (verdict + API + UI panel), the 'sbom' scan kind, the pipeline-helper extraction, and the docs.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
모델 3 — user-guide 문서 보강 (받은 SBOM + conformance)
CI 연동 가이드(
ci-integration/sbom-upload.md)는 업로드 엔드포인트·conformance 결과를 이미 다뤘지만(#410·#411), 제품 사용자 가이드(user-guide)에는 받은 SBOM·conformance가 빠져 있었다. 그 갭을 메운다.user-guide/scans.md— Scan kinds 표에sbom종류 추가, "Source/Container만 다이얼로그 선택" 문구를 세 종류 + sbom은 업로드 방식으로 정정, "Received SBOMs (uploaded)" 절 신설(포맷 CycloneDX/SPDX, 인제스트 엔드포인트, 자문(pass/warn/fail) conformance 결과와 필수·권장 검사 의미 + CI 가이드 교차링크).user-guide/sbom.md— export(이 페이지) vs upload(공급사 SBOM 받기) 구분 note + 양쪽 표면 링크.CHANGELOG는 이 레포 관례상 릴리스 준비 시 일괄 기록(#404~#412는 그때 반영) — 동시 세션의 인제스트 PR들과 동일 처리.
문서 전용 변경.