add notification for new vulnerable dependency #217
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: vithikashukla <vithika.shukla@citi.com>
Signed-off-by: vithikashukla <vithika.shukla@citi.com>
sahibamittal
approved these changes
Jul 4, 2023
nscuro
added a commit
that referenced
this pull request
Jul 4, 2023
... via new transient field. Required for compatibility with #217 Signed-off-by: nscuro <nscuro@protonmail.com>
nscuro
added a commit
that referenced
this pull request
Jul 4, 2023
... via new transient field. Required for compatibility with #217 Signed-off-by: nscuro <nscuro@protonmail.com>
nscuro
added a commit
that referenced
this pull request
Jul 4, 2023
Signed-off-by: nscuro <nscuro@protonmail.com>
nscuro
added a commit
that referenced
this pull request
Jul 7, 2023
... via new transient field. Required for compatibility with #217 Signed-off-by: nscuro <nscuro@protonmail.com>
nscuro
added a commit
that referenced
this pull request
Jul 7, 2023
Signed-off-by: nscuro <nscuro@protonmail.com>
nscuro
added a commit
that referenced
this pull request
Jul 8, 2023
... via new transient field. Required for compatibility with #217 Signed-off-by: nscuro <nscuro@protonmail.com>
nscuro
added a commit
that referenced
this pull request
Jul 8, 2023
Signed-off-by: nscuro <nscuro@protonmail.com>
nscuro
added a commit
that referenced
this pull request
Jul 10, 2023
* Add bloated BOM for ingestion performance testing Signed-off-by: nscuro <nscuro@protonmail.com> * Prevent query compilation cache being bypassed for `matchSingleIdentity` queries See DependencyTrack/dependency-track#2540 This also cleans the query from containing weird statements like `(cpe != null && cpe == null)` in case a component does not have a CPE. Signed-off-by: nscuro <nscuro@protonmail.com> * WIP: Improve BOM processing performance Signed-off-by: nscuro <nscuro@protonmail.com> * Handle dependency graph Signed-off-by: nscuro <nscuro@protonmail.com> * Improve dependency graph assembly Instead of using individual bulk UPDATE queries, use setters on persistent components instead. This way we can again make use of batched flushing. Signed-off-by: nscuro <nscuro@protonmail.com> * Completely replace old processing logic Also decompose large processing method into multiple smaller ones, and re-implement notifications. Signed-off-by: nscuro <nscuro@protonmail.com> * Fix not all BOM refs being updated with new component identities Signed-off-by: nscuro <nscuro@protonmail.com> * Be smarter about indexing component identities and BOM refs Also add more documentation Signed-off-by: nscuro <nscuro@protonmail.com> * Reduce logging noise Signed-off-by: nscuro <nscuro@protonmail.com> * Mark new components as such ... via new transient field. Required for compatibility with #217 Signed-off-by: nscuro <nscuro@protonmail.com> * Compatibility with #217 Signed-off-by: nscuro <nscuro@protonmail.com> * Cleanup tests Signed-off-by: nscuro <nscuro@protonmail.com> * Reduce code duplication Signed-off-by: nscuro <nscuro@protonmail.com> * Cleanup; Process services Signed-off-by: nscuro <nscuro@protonmail.com> * Finishing touches 🪄 Signed-off-by: nscuro <nscuro@protonmail.com> * Make flush threshold configurable The optimal value could depend on how beefy the database server is, and how much memory is available to the API server. Signed-off-by: nscuro <nscuro@protonmail.com> * Clarify `warn` log when rolling back active transactions Signed-off-by: nscuro <nscuro@protonmail.com> * Log number of consumed components and services before and after de-dupe Signed-off-by: nscuro <nscuro@protonmail.com> * Extend BOM processing test with bloated BOM Signed-off-by: nscuro <nscuro@protonmail.com> * Make component identity matching strict To address DependencyTrack/dependency-track#2519 (comment). Also add regression test for this specific issue. Signed-off-by: nscuro <nscuro@protonmail.com> * Add regression test for DependencyTrack/dependency-track#1905 Signed-off-by: nscuro <nscuro@protonmail.com> * Clarify why "reachability on commit" is disabled; Add assertion for persistent object state Signed-off-by: nscuro <nscuro@protonmail.com> * Add tests for `equals` and `hashCode` of `ComponentIdentity` Signed-off-by: nscuro <nscuro@protonmail.com> * Address review comments Signed-off-by: nscuro <nscuro@protonmail.com> --------- Signed-off-by: nscuro <nscuro@protonmail.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Added Notification for New Vulnerable Dependency.
Removed the properties not being used anymore
Addressed Issue
Fixes issue #217
Additional Details
Checklist