实现示例type Component = { name: string; version: string } type Node = { name: string; version: string } function semverLike(v: string): boolean { return /^(\d+\.\d+\.\d+)(?:[-A-Za-z0-9_.]+)?$/.test(v) } function align(graph: Node[], sbom: Component[]): { ok: boolean; missing: string[]; mismatched: string[] } { const sb = new Map<string, string>() for (const c of sbom) if (c.name && semverLike(c.version)) sb.set(c.name, c.version) const missing: string[] = [] const mismatched: string[] = [] for (const n of graph) { const v = sb.get(n.name) if (!v) missing.push(n.name) else if (v !== n.version) mismatched.push(`${n.name}:${n.version}->${v}`) } return { ok: missing.length === 0 && mismatched.length === 0, missing, mismatched } } 审计与CI门禁记录缺失与不一致清单;不通过直接阻断并提示修复路径。SBOM与依赖图变更需审批与归档。
投稿
微信公众账号
微信扫一扫加关注
评论 返回
顶部
发表评论 取消回复