-
Notifications
You must be signed in to change notification settings - Fork 157
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Attach hasSBOM nodes to artifacts instead of packages (#1883)
* Attach hasSBOM nodes to artifacts instead of packages - If possible (i.e. a digest is available for the subject of an SBOM), hasSBOM nodes will be attached to artifacts now, not packages. - Also removed some unneeded parser map accessor funcs, and added a slice utility func used in this branch. Signed-off-by: Narsimham Chelluri (Narsa) <narsa@kusari.dev> * Fix top level artifacts not being added with the DOCUMENT key Signed-off-by: Narsimham Chelluri (Narsa) <narsa@kusari.dev> * Update tests to cover new HasSBOM artifact behavior Signed-off-by: Narsimham Chelluri (Narsa) <narsa@kusari.dev> * Fix SPDX file artifact parsing - In this PR I introduced a bug where files in the SBOM were not promoted to top-level Document file artifacts and packages even if there was a relationship that indicated they were such. I fixed that here. Signed-off-by: Narsimham Chelluri (Narsa) <narsa@kusari.dev> * Call s.getTopLevelSPDXIDs() just once and store it - We pass it into both callers instead of calling it in each one. - Also rename the function since: 1. It is not just getting package SPIDs anymore. 2. We want to comply with https://go.dev/wiki/CodeReviewComments#initialisms Signed-off-by: Narsimham Chelluri (Narsa) <narsa@kusari.dev> * Simplify collection of top-level components - We don't actually need maps for this as we only ever access the key SPDXRef-DOCUMENT within those maps. - So make them slices. And we need just one slice for top-level artifacts, be they from packages or files. - This makes it possible to delete the slice concat utilty func as well. Signed-off-by: Narsimham Chelluri (Narsa) <narsa@kusari.dev> * Make test a bit clearer Signed-off-by: Narsimham Chelluri (Narsa) <narsa@kusari.dev> * Log if t-l art count differs from t-l pkg count Signed-off-by: Narsimham Chelluri (Narsa) <narsa@kusari.dev> --------- Signed-off-by: Narsimham Chelluri (Narsa) <narsa@kusari.dev>
- Loading branch information
Showing
8 changed files
with
479 additions
and
81 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.