Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/transitive require #678

Closed
wants to merge 24 commits into from
Closed

Feature/transitive require #678

wants to merge 24 commits into from

Conversation

avgkoster
Copy link
Contributor

@avgkoster avgkoster commented Oct 27, 2023
edited
Loading

Server:

  1. Added support for branch selection when scanning the repository - gitBranch, specified along with other parameters in the request to /sbom
  2. Fixed an error due to which the server did not process the GIT URL, added validation by URL type

JS analysis --required-only

  1. Now, when using the --required-only parameter, if imports of transitives of potential required dependencies were found in the files, then such a dependency is considered required, its imports are also placed in occurrences
  2. In required dependencies, occurrences now also come across imports of transitives from this dependency (additional enrichment)

@avgkoster avgkoster mentioned this pull request Oct 27, 2023
Closed
avgkoster and others added 9 commits October 27, 2023 18:52
@avgkoster
1. Add analyze transitive dep in required components (js) 2. Add para…
e63501f 
…meter gitBranch for server 3. Fix Bug with set gitURL in server

Signed-off-by: Konstantin Ruzavin <36166921+avgkoster@users.noreply.github.com>
@avgkoster
fix lint
96dfad6 
Signed-off-by: Konstantin Ruzavin <36166921+avgkoster@users.noreply.github.com>
@avgkoster
fix lint#2
56488ae 
Signed-off-by: Konstantin Ruzavin <36166921+avgkoster@users.noreply.github.com>
@avgkoster
fix lint CycloneDX#4
325529e 
Signed-off-by: Konstantin Ruzavin <36166921+avgkoster@users.noreply.github.com>
@avgkoster
last fix lint
8069a79 
Signed-off-by: Konstantin Ruzavin <36166921+avgkoster@users.noreply.github.com>
@avgkoster
add git-url-parse
78fd6c5 
Signed-off-by: Konstantin Ruzavin <36166921+avgkoster@users.noreply.github.com>
@avgkoster
fix server
3a599e7 
Signed-off-by: Konstantin Ruzavin <36166921+avgkoster@users.noreply.github.com>
@avgkoster
Revert "fix server"
aa9299a 
This reverts commit 9ef6d8c.

Signed-off-by: Konstantin Ruzavin <36166921+avgkoster@users.noreply.github.com>
@avgkoster
Update utils.test.js, add new dep
7f00537 
Signed-off-by: Konstantin Ruzavin <36166921+avgkoster@users.noreply.github.com>
@avgkoster avgkoster force-pushed the feature/transitive_require branch from a0b612f to 7f00537 Compare October 27, 2023 13:55
prabhu
prabhu reviewed Oct 27, 2023
View reviewed changes
package.json Outdated
@@ -63,6 +63,7 @@
"cheerio": "^1.0.0-rc.12",
"edn-data": "^1.0.0",
"find-up": "^6.3.0",
"git-url-parse": "^13.1.1",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's avoid this dependency altogether and remove the console.log

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

which console.log are we talking about?

prabhu
prabhu reviewed Oct 27, 2023
View reviewed changes
utils.test.js Outdated
@@ -1703,8 +1703,8 @@ test("parsePkgLock v3", async () => {
projectName: "cdxgen"
});
deps = parsedList.pkgList;
expect(deps.length).toEqual(1204);
expect(parsedList.dependenciesList.length).toEqual(1204);
expect(deps.length).toEqual(1210);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is the count going up? Could you check if we are creating duplicates?

@prabhu
Copy link
Collaborator

prabhu commented Oct 29, 2023

Thank you. Could you kindly sign the commit by following the below instructions?

https://github.com/CycloneDX/cdxgen/pull/678/checks?check_run_id=18159669929

avgkoster and others added 13 commits October 29, 2023 17:53
@avgkoster
1. Add analyze transitive dep in required components (js) 2. Add para…
0ef02cf 
…meter gitBranch for server 3. Fix Bug with set gitURL in server

Signed-off-by: Konstantin Ruzavin <36166921+avgkoster@users.noreply.github.com>
@avgkoster
fix lint
802de1d 
Signed-off-by: Konstantin Ruzavin <36166921+avgkoster@users.noreply.github.com>
@avgkoster
fix lint#2
631744d 
Signed-off-by: Konstantin Ruzavin <36166921+avgkoster@users.noreply.github.com>
@avgkoster
fix lint CycloneDX#4
744985b 
Signed-off-by: Konstantin Ruzavin <36166921+avgkoster@users.noreply.github.com>
@avgkoster
last fix lint
a8bdb50 
Signed-off-by: Konstantin Ruzavin <36166921+avgkoster@users.noreply.github.com>
@avgkoster
add git-url-parse
72428f4 
Signed-off-by: Konstantin Ruzavin <36166921+avgkoster@users.noreply.github.com>
@avgkoster
fix server
d42e8a9 
Signed-off-by: Konstantin Ruzavin <36166921+avgkoster@users.noreply.github.com>
@avgkoster
Revert "fix server"
2581787 
This reverts commit 9ef6d8c.

Signed-off-by: Konstantin Ruzavin <36166921+avgkoster@users.noreply.github.com>
@avgkoster
Update utils.test.js, add new dep
eda2560 
Signed-off-by: Konstantin Ruzavin <36166921+avgkoster@users.noreply.github.com>
@avgkoster
Removed gir-url parse pkg, remove parsedUrl in console.log
c326fb1 
Signed-off-by: Konstantin Ruzavin <36166921+avgkoster@users.noreply.github.com>
@avgkoster
Del unused dep, fix lint
8344f61 
Signed-off-by: Konstantin Ruzavin <36166921+avgkoster@users.noreply.github.com>
@avgkoster
Merge branch 'feature/transitive_require' of https://github.com/avgko…
ce3e8dc 
…ster/cdxgen into feature/transitive_require
@avgkoster
fix deps, lint
7a8a65a 
Signed-off-by: Konstantin Ruzavin <36166921+avgkoster@users.noreply.github.com>
@avgkoster
Copy link
Contributor Author

avgkoster commented Oct 29, 2023
edited
Loading

I had problems with commits, in order not to clog up the repository, I will close this PR and open a new one taking into account the review

@avgkoster avgkoster closed this Oct 29, 2023
@avgkoster
Copy link
Contributor Author

#681 - new PR

@avgkoster avgkoster mentioned this pull request Oct 29, 2023
Merged
prabhu
prabhu reviewed Oct 29, 2023
View reviewed changes
utils.js
if (impPkgs.includes(alias) || all_includes.length) {
let importedModules = new Set();
pkg.scope = "required";
for (const subevidence of all_includes) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wondering if we there is a way to avoid this nested loop. For large boms with 1000s of components this might be slow. wdyt?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To shorten the execution time, I think it is possible to make a condition under which, if we do not find direct imports in required dependencies, then only then try to look for sub-dependencies.
But I also think that displaying in occurrences all imports (even those where there were direct ones), and not just direct ones, can be useful.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@prabhu prabhu prabhu left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@avgkoster @prabhu