Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Analyzer: Add support for Swift Package Manager #6114

Closed
wants to merge 1 commit into from
Closed

Analyzer: Add support for Swift Package Manager #6114

wants to merge 1 commit into from

Conversation

MarcelBochtler
Copy link
Member

@MarcelBochtler MarcelBochtler commented Nov 24, 2022
edited

This is a WIP based on #5092.

@UgniusV @MarcelBochtler
analyzer: Add support for Swift Package Manager
1f6e76a 
Swift Package Manager is still very young and no other open-source scanners support it. This commit adds a new analyzer that parses Package.resolved files and creates results which are enriched with as much data as possible.

Signed-off-by: UgniusV <ugniusvaznys@gmail.com>

Add support for Package.swift file analysis

Previously SPM analyzer would only generate SBOM from Package.resolved
files. This was fine whenever the build target is an application.
However, if the build target is a library, only Package.swift file
would exist. This commit adds support for converting Package.swift
file to Package.resolved and then parses dependencies.

Signed-off-by: UgniusV <ugniusvaznys@gmail.com>

Create parent-child associations for Package.swift dependencies

Previously Package.swift dependencies were converted to a Package.resolved
file and then parsed. By doing this, we lost dependency associations that
`swift package show-dependencies --format json` command provides us. This
commit parses library dependencies directly from swift CLI output and uses
a dependency graph to form parent-child associates of parsed dependencies.

Signed-off-by: UgniusV <ugniusvaznys@gmail.com>

Throw exception when analyzing Package.swift without dynamic versions option

Signed-off-by: UgniusV <ugniusvaznys@gmail.com>
@MarcelBochtler MarcelBochtler force-pushed the spm-support branch 2 times, most recently from 1e93638 to 1f6e76a Compare November 25, 2022 15:11
@sschuberth sschuberth mentioned this pull request Jan 24, 2023
Closed
@sschuberth sschuberth self-assigned this May 8, 2023
@sschuberth sschuberth mentioned this pull request Jun 22, 2023
Closed
sschuberth pushed a commit that referenced this pull request Jul 11, 2023
@UgniusV @sschuberth
feat(package-manager): Add initial support for the Swift Package Manager
099016e 
This is based on #5092 (and #6114). Resolves #723.

Signed-off-by: UgniusV <ugniusvaznys@gmail.com>
Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>
sschuberth pushed a commit that referenced this pull request Jul 11, 2023
@UgniusV @sschuberth
feat(package-manager): Add initial support for the Swift Package Manager
880f4e7 
This is based on #5092 (and #6114). Resolves #723.

Signed-off-by: UgniusV <ugniusvaznys@gmail.com>
Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>
@sschuberth
Copy link
Member

Closing in favor of #7271.

@sschuberth sschuberth closed this Jul 11, 2023
@sschuberth sschuberth deleted the spm-support branch July 11, 2023 12:15
sschuberth pushed a commit that referenced this pull request Jul 11, 2023
@UgniusV @sschuberth
feat(package-manager): Add initial support for the Swift Package Manager
8fd3288 
This is based on #5092 (and #6114). Resolves #723.

Signed-off-by: UgniusV <ugniusvaznys@gmail.com>
Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>
sschuberth pushed a commit that referenced this pull request Jul 11, 2023
@UgniusV @sschuberth
feat(package-manager): Add initial support for the Swift Package Manager
f06965f 
This is based on #5092 (and #6114). Resolves #723.

Signed-off-by: UgniusV <ugniusvaznys@gmail.com>
Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>
sschuberth pushed a commit that referenced this pull request Jul 12, 2023
@UgniusV @sschuberth
feat(package-manager): Add initial support for the Swift Package Manager
27eff71 
This is based on #5092 (and #6114). Resolves #723.

Signed-off-by: UgniusV <ugniusvaznys@gmail.com>
Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@sschuberth sschuberth

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@MarcelBochtler @sschuberth @UgniusV