-
Notifications
You must be signed in to change notification settings - Fork 521
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: correct group IDs for commons-codec, okhttp, okio, and add integration tests for Java PURL generation #2075
Conversation
test/integration/java_purl_test.go
Outdated
} | ||
} | ||
|
||
func getCatalog(t *testing.T, image string) sbom.SBOM { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TODO: this should be converted to use the normal test fixture mechanism.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Dockerfile in question is here: https://github.com/anchore/test-images/blob/main/containers/java/Dockerfile
I can probably just copy it into a test fixture.
test/integration/java_purl_test.go
Outdated
"classworlds@1.1": "pkg:maven/org.codehaus.classworlds/classworlds@1.1", | ||
"cli@1.390": "pkg:maven/org.jvnet.hudson.main/cli@1.390", | ||
"commons-beanutils@1.8.0": "pkg:maven/commons-beanutils/commons-beanutils@1.8.0", | ||
"commons-codec@1.2": "pkg:maven/org.apache.commons.codec.*/commons-codec@1.2", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TODO: pkg:maven/org.apache.commons.codec.*/commons-codec@1.2
is wrong.
Benchmark Test ResultsBenchmark results from the latest changes vs base branch
|
@@ -0,0 +1 @@ | |||
FROM anchore/test_images:java-56d52bc |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a bit of a hacky way to bring the test fixture into syft. Let me know if it's better to do something else, but I like that this pins the artifact.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is the right approach, but should we also use a digest too?
Future commits can hand fix PURLs made for particular packages, and then the map literal here can be edited. Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
d2024ae
to
cb76675
Compare
Signed-off-by: Will Murphy <will.murphy@anchore.com>
…ration tests for Java PURL generation (anchore#2075) Add overall integration test for java PURL detection. Signed-off-by: Will Murphy <will.murphy@anchore.com>
Future commits can hand fix PURLs made for particular packages, and then the map literal here can be edited.