Skip to content

Commit

Permalink
fix: improve groupid extraction for Jenkins plugins
Browse files Browse the repository at this point in the history 
Consider the `Group-Id` java manifest property as this is typically set
for Jenkins plugins if there is no pom file

Signed-off-by: Weston Steimel <commits@weston.slmail.me>
  • Loading branch information
@westonsteimel
westonsteimel committed Apr 25, 2024
1 parent 13b06da commit 49a6ce9
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 0 deletions.
1 change: 1 addition & 0 deletions syft/pkg/cataloger/internal/cpegenerate/java.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ var (
}

PrimaryJavaManifestGroupIDFields = []string{
"Group-Id",
"Bundle-SymbolicName",
"Extension-Name",
"Specification-Vendor",
Expand Down
6 changes: 6 additions & 0 deletions syft/pkg/cataloger/java/archive_parser.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,9 +147,15 @@ func (j *archiveParser) parse(ctx context.Context) ([]pkg.Package, []artifact.Re
p := &pkgs[i]
if m, ok := p.Metadata.(pkg.JavaArchive); ok {
p.PURL = packageURL(p.Name, p.Version, m)

if strings.Contains(p.PURL, "io.jenkins.plugins") || strings.Contains(p.PURL, "org.jenkins-ci.plugins") {
p.Type = pkg.JenkinsPluginPkg
}

} else {

Check failure on line 155 in syft/pkg/cataloger/java/archive_parser.go

View workflow job for this annotation

GitHub Actions / Static analysis 

unnecessary trailing newline (whitespace)
log.WithFields("package", p.String()).Warn("unable to extract java metadata to generate purl")
}

p.SetID()
}

Expand Down

0 comments on commit 49a6ce9

Please sign in to comment.