JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 7

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 8

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

SBOM Format

The JS7 SBOM is provided from provided  from an sbom.json file in the OWASP CyclonDX format.

Tools to manage and to visualize the SBOM include the OWASP dependency-track. In addition a number of web sites are available that allow to visualize an SBOM. 

...

  • SOS is striving to use up-to-date versions of 3rd-party components.
  • SOS cannot exclude a situation when 3rd-party components are hit by vulnerabilities.
    • SOS is monitoring 3rd-party components for vulnerabilities at an ongoing basis.
    • If vulnerabilities are detected the Release Policy - Vulnerability Management applies.
      • This includes to make information about vulnerabilities public with our Change Management System, see https://change.sos-berlin.com
      • This includes to add fixed versions of 3rd-party components to timely JS7 maintenance releases in a timely manner.
  • The SBOM enables users to check directly from their JS7 scheduling environment if a vulnerable version of a 3rd-party component is included.

...

  • .

Accessing the Software Bill of Materials

The sbom.json file is provided individually for Controller, Agent and JOC Cockpit. 

Within limits users can operate the JS7 components from different releases. This requires the sbom.json file to be available per component and release.

Accessing the Controller SBOM

The sbom.json file is available from the JS7_CONTROLLER_HOME directory.

Accessing the Agent SBOM

The sbom.json file is available from the JS7_AGENT_HOME directory.

Accessing the JOC Cockpit SBOM

The SBOM ships from the sbom.json file that is available for download from JOC Cockpit.

  • URL: <http|https>://<host>:<port>/joc/sbom.json
    • <http> or <https> is the protocol for which JOC Cockpit is operated.
    • <host> is the name of the host on which JOC Cockpit is running.
    • <port> is the port for which JOC Cockpit is operated.
  • Directory: JETTY_BASE/webapps/joc/sbom.json

...

Downloading from the Login Window

The SBOM can be downloaded from the menu icon in the login window:

...

Downloading from any JOC Cockpit page

The SBOM can be download from any JOC Cockpit page using the menu icon like this:

Example

Find the following example of an SBOM file for JOC Cockpit:

...