-
Notifications
You must be signed in to change notification settings - Fork 153
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add flag to toggle getting deps.dev dependencies #1382
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall looks good! Just a comment to maybe speed up the retrieval process.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mdeicas This is cool! Thanks for taking the feedback and reusing the existing code.
@mdeicas just need a rebase |
Signed-off-by: Marco Deicas <mdeicas@google.com>
Signed-off-by: Marco Deicas <mdeicas@google.com>
Signed-off-by: Marco Deicas <mdeicas@google.com>
Signed-off-by: Marco Deicas <mdeicas@google.com>
Description of the PR
Adds the flag
retrieve-deps
to guaccollect. When set to false, the deps.dev collector only queries for metadata (scorecard and source) and not for dependencies. The default setting is true.Also, a log message (level info) was added to log when the dependencies for a package are retrieved.
Fixes #1359.
Behavior
After starting Guac and ingesting an SBOM, running
guaccollect deps_dev --retrieve-dependencies=false
does not lead to any new IsDependency nodes appearing and results in logs look likeRunning
guaccollect deps_dev
instead results in the normal expected behavior: dependencies are ingested and the logs indicate both metadata and dependency retrievals.PR Checklist
-s
flag togit commit
.