Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add package infos as "externalReferences" #129

Closed
9 tasks done
jkowalleck opened this issue Oct 7, 2021 · 2 comments · Fixed by #145
Closed
9 tasks done

add package infos as "externalReferences" #129

jkowalleck opened this issue Oct 7, 2021 · 2 comments · Fixed by #145
Assignees
@jkowalleck
Labels
enhancement New feature or request

Comments

@jkowalleck
Copy link
Member

jkowalleck commented Oct 7, 2021
edited
Loading

see https://cyclonedx.org/use-cases/#external-references
caused: CycloneDX/cyclonedx-php-library#7
requires: https://github.com/CycloneDX/cyclonedx-php-library/releases/tag/v1.1.0

fetch these (optional) information from composer packages:
according to the CDX externalReferenceType:

VCS / dist

this one might be tricky, since it MUST reflect which actual package source was used. (dist- or source-package)
use the installation-source of the installed-lock (see #122) .

on the other hand it might be possible to simply add both sources as they might be in a lockfile.

example: 

{
  "packages": [
    {
        "name": "swaggest/json-diff",
        "version": "v3.8.3",
        "version_normalized": "3.8.3.0",
        "source": {
            "type": "git",
            "url": "https://github.com/swaggest/json-diff.git",
            "reference": "bb3e3b4e9d842bb2e48f31ea568d0459968d1d42"
        },
        "dist": {
            "type": "zip",
            "url": "https://api.github.com/repos/swaggest/json-diff/zipball/bb3e3b4e9d842bb2e48f31ea568d0459968d1d42",
            "reference": "bb3e3b4e9d842bb2e48f31ea568d0459968d1d42",
            "shasum": ""
        },
        "require": {
            "ext-json": "*"
        },
        "require-dev": {
            "phpunit/phpunit": "^4.8.23"
        },
        "time": "2021-09-25T22:09:03+00:00",
        "type": "library",
        "installation-source": "dist"
    }
  ]
}
@jkowalleck jkowalleck added the enhancement New feature or request label Oct 7, 2021
@jkowalleck jkowalleck mentioned this issue Oct 7, 2021
Closed
@jkowalleck jkowalleck mentioned this issue Oct 22, 2021
Closed
@jkowalleck
Copy link
Member Author

RELATED: CycloneDX/specification#98

@jkowalleck
Copy link
Member Author

also fetch these information for the project itself. see DependencyTrack/dependency-track#920

@jkowalleck jkowalleck pinned this issue Nov 13, 2021
@jkowalleck jkowalleck self-assigned this Nov 25, 2021
@jkowalleck jkowalleck mentioned this issue Nov 25, 2021
Merged
3 tasks
jkowalleck added a commit that referenced this issue Dec 1, 2021
@jkowalleck
add ExternalReferences
c63a426 
as specified in #129

* added implementation
* added tests
* updated demo results accordingly

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
jkowalleck added a commit that referenced this issue Dec 1, 2021
@jkowalleck
add ExternalReferences
fb8ce65 
as specified in #129

* added implementation
* added tests
* updated demo results accordingly

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
jkowalleck added a commit that referenced this issue Dec 1, 2021
@jkowalleck
add ExternalReferences
189f526 
as specified in #129

* added implementation
* added tests
* updated demo results accordingly

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
jkowalleck added a commit that referenced this issue Dec 1, 2021
@jkowalleck
add ExternalReferences
73a267b 
as specified in #129

* added implementation
* added tests
* updated demo results accordingly

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
jkowalleck added a commit that referenced this issue Dec 1, 2021
@jkowalleck
add ExternalReferences
0c28b27 
as specified in #129

* added implementation
* added tests
* updated demo results accordingly

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck jkowalleck unpinned this issue Dec 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jkowalleck jkowalleck

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

add ExternalReferences CycloneDX/cyclonedx-php-composer
1 participant
@jkowalleck