You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
A subset of the guacone tooling is centered around using purl. For example:
guacone patch command uses start-purl and stop-purl
guacone query vuln uses purl as an argument
However, when querying for packages using the GraphQL API, there is no way to actually get the purl of a package without constructing it manually yourself like this:
It's fairly trivial to do so, but it adds friction.
Describe the solution you'd like
We could use a custom GraphQL schema directive. In our case, we could use a schema directive on the id field on PackageVersion to return a purl.
gqlgen does support schema directives but we would have to do further investigation if this particular use case is supported.
Describe alternatives you've considered
Alternatively, we could implement a findSoftwarePurl query similar to findSoftware. However, it would require maintaining another GraphQL query for all backends. It would also potentially require a user to make two queries to get the purl for a package.
Additional context
Inspired by some schema directive examples from here, specifically, the date formatting one
The text was updated successfully, but these errors were encountered:
Hi @ridhoq , adding GraphQL custom directive on id field of PackageVersion module might not work. In custom directive function, we can only access a id value not the Package object.
Tried adding the custom resolver for namespaces field in Package object, it populates the purl in PackageVersion object. Created a PR.
Is your feature request related to a problem? Please describe.
A subset of the
guacone
tooling is centered around using purl. For example:guacone patch
command usesstart-purl
andstop-purl
guacone query vuln
usespurl
as an argumentHowever, when querying for packages using the GraphQL API, there is no way to actually get the purl of a package without constructing it manually yourself like this:
It's fairly trivial to do so, but it adds friction.
Describe the solution you'd like
We could use a custom GraphQL schema directive. In our case, we could use a schema directive on the
id
field onPackageVersion
to return a purl.gqlgen
does support schema directives but we would have to do further investigation if this particular use case is supported.Describe alternatives you've considered
Alternatively, we could implement a
findSoftwarePurl
query similar tofindSoftware
. However, it would require maintaining another GraphQL query for all backends. It would also potentially require a user to make two queries to get the purl for a package.Additional context
Inspired by some schema directive examples from here, specifically, the date formatting one
The text was updated successfully, but these errors were encountered: