Skip to content

[codex] Add summary-json example artifacts#32

Merged
stacknil merged 1 commit into
mainfrom
codex/add-summary-json-examples
May 1, 2026
Merged

[codex] Add summary-json example artifacts#32
stacknil merged 1 commit into
mainfrom
codex/add-summary-json-examples

Conversation

@stacknil
Copy link
Copy Markdown
Owner

@stacknil stacknil commented May 1, 2026

Brief Design Summary

This PR adds a checked-in --summary-json example artifact for sbom-diff-and-risk.

The new examples/sample-summary.json is generated from the existing CycloneDX example pair and contains only the stable report.json["summary"] object. Documentation now shows how to regenerate it and explains that it matches the summary object in examples/sample-report.json.

This PR does not change CLI behavior, JSON report schema, Markdown output, SARIF output, workflows, package metadata, release tags, or PyPI/TestPyPI status.

Files Changed

  • tools/sbom-diff-and-risk/examples/sample-summary.json
  • tools/sbom-diff-and-risk/README.md
  • tools/sbom-diff-and-risk/docs/report-schema.md
  • tools/sbom-diff-and-risk/docs/reviewer-evidence-pack.md
  • tools/sbom-diff-and-risk/tests/test_reports.py

Tests Added/Updated

  • Added a golden consistency test proving render_summary_json() matches examples/sample-summary.json.
  • The same test verifies examples/sample-summary.json equals examples/sample-report.json["summary"].

Validation

cd tools/sbom-diff-and-risk
python -m pytest
python -m build
$files = Get-ChildItem dist -File | ForEach-Object { $_.FullName }
python -m twine check $files
git diff --check
sbom-diff-risk compare --before examples/cdx_before.json --after examples/cdx_after.json --out-json outputs/report.json --summary-json outputs/summary.json
python -c "import json, pathlib; report=json.loads(pathlib.Path('outputs/report.json').read_text()); summary=json.loads(pathlib.Path('outputs/summary.json').read_text()); sample=json.loads(pathlib.Path('examples/sample-summary.json').read_text()); print(summary == report['summary']); print(sample == summary)"

Results:

  • python -m pytest: 154 passed
  • python -m build: passed, produced sbom_diff_and_risk-0.6.0.tar.gz and sbom_diff_and_risk-0.6.0-py3-none-any.whl
  • python -m twine check: passed for wheel and sdist
  • git diff --check: passed
  • Smoke command confirmed outputs/summary.json equals outputs/report.json["summary"]
  • Smoke command confirmed examples/sample-summary.json matches regenerated summary output
  • .github/workflows/ still has no production PyPI workflow
  • package version remains 0.6.0

Out of Scope

  • No CLI behavior changes
  • No JSON report schema changes
  • No Markdown or SARIF output changes
  • No workflow changes
  • No package version bump
  • No release tag changes
  • No PyPI/TestPyPI publishing
  • No production PyPI workflow

@stacknil
Copy link
Copy Markdown
Owner Author

stacknil commented May 1, 2026

Checked changed files for Unicode Cf/Cc control or format characters; no non-tab/newline matches found. GitHub’s hidden Unicode warning appears non-blocking for this docs/example PR.

@stacknil stacknil merged commit 2e4d8dd into main May 1, 2026
5 checks passed
@stacknil stacknil deleted the codex/add-summary-json-examples branch May 1, 2026 17:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stacknil