Skip to content

fix: fix missing version/namespace in maven & npm #105

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Mar 7, 2024
Merged

fix: fix missing version/namespace in maven & npm #105

merged 3 commits into from
Mar 7, 2024

Conversation

zvigrinberg
Copy link
Contributor

@zvigrinberg zvigrinberg commented Mar 7, 2024
edited
Loading

Description

Main component in SBOM being generated is sometimes missing namespace Or version, it happens only for maven and npm component analysis:

  1. in maven, it happens because of existence of parent pom, and pom.xml not specifying the groupId ( mapped to namespace in sbom' purl) or version, and then effectively inherits them from parent.
  2. in npm, if package.json doesn't specify version, then it happens, and in npm, the package name can be comprised from namespace/package, or only package, in the latter case, namespace Will be not populated in purl of npm, and it's ok as it's not mandatory for npm.

fixes JIRA APPENG-2318

Checklist

  • I have followed this repository's contributing guidelines.
  • I will adhere to the project's code of conduct.

Additional information

Anything else?

@zvigrinberg
fix: remove from cli the binary name
d562a2d 
and resolve the binary name according to the context of execution

Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
@zvigrinberg
fix: prevent missing namespace or version field in root componenet
c2e7a84 
npm - take default version if version doesn't exists, and maven - take the data from effective pom instead of from actual pom

Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
@zvigrinberg
fix: component analysis for multimodules projects
7f0f669 
need to choose the parent aggregator pom for the root component

Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
@zvigrinberg zvigrinberg force-pushed the hotfix/fix-missing-version-namespace branch from eb8aed2 to 7f0f669 Compare March 7, 2024 16:29
@zvigrinberg zvigrinberg changed the title fix: fix missing version namespace in maven & npm fix: fix missing version/namespace in maven & npm Mar 7, 2024
@zvigrinberg zvigrinberg merged commit 0c128eb into main Mar 7, 2024
@zvigrinberg zvigrinberg deleted the hotfix/fix-missing-version-namespace branch March 7, 2024 16:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@zvigrinberg