-
Notifications
You must be signed in to change notification settings - Fork 443
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add purl support for SBOMs #3373
Conversation
I'm so excited for this! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good. I think black needs one more re-run, and then I need to go add packageurl-python to our licensing list before I can approve it, but it looks like it's MIT licensed so there shouldn't be any issue.
Also the test fails other than black should be fixed by #3362 once I get someone to approve that so it can be merged. |
Updating branch for the commons-io problem |
Codecov Report
@@ Coverage Diff @@
## main #3373 +/- ##
==========================================
- Coverage 80.72% 79.83% -0.90%
==========================================
Files 750 750
Lines 11534 11557 +23
Branches 1560 1568 +8
==========================================
- Hits 9311 9226 -85
- Misses 1786 1909 +123
+ Partials 437 422 -15
Flags with carried forward coverage won't be shown. Click here to find out more.
... and 8 files with indirect coverage changes 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
@@ -100,6 +97,41 @@ def get_vendor(self, product: str) -> list: | |||
vendorlist.append("UNKNOWN") | |||
return vendorlist | |||
|
|||
def parse_sbom(self): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we put a docstring here, since I'm starting to fill those out elsewhere? Something like "parse SBOM, using PURL identifiers preferentially if found" maybe?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good to me. I've put in a request to update our licensing data and I don't anticipate any problems, but since it'll likely take a day before I get an answer, I'm going to be nitpicky and ask you to put a docstring in for parse_sbom()
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, thanks!
Licensing asked me to file a new ticket (because my other one had a question about release-monitoring.org that will take longer to resolve) so that's been done this morning and hopefully I'll be able to merge this later this week.
Got my approval, so let's get this merged! |
No description provided.