Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: support Bom.compositions #607

Draft
wants to merge 7 commits into
base: main
Choose a base branch
from
Draft

feat: support Bom.compositions #607

wants to merge 7 commits into from

Conversation

madpah
Copy link
Collaborator

@madpah madpah commented Apr 29, 2024
edited
Loading

Adds support for bom.compositions as part of fulfilling #581.

@madpah madpah added the enhancement New feature or request label Apr 29, 2024
@madpah madpah self-assigned this Apr 29, 2024
@madpah madpah mentioned this pull request Apr 29, 2024
Open
4 tasks
madpah added 2 commits April 29, 2024 11:12
@madpah
tests
69b0519 
Signed-off-by: Paul Horton <[email protected]>
@madpah
updated docs for schema support
eda7e7b 
Signed-off-by: Paul Horton <[email protected]>
@madpah madpah marked this pull request as ready for review April 29, 2024 10:14
@madpah madpah requested a review from a team as a code owner April 29, 2024 10:14
@codacy-production Codacy Production
Copy link

codacy-production bot commented Apr 29, 2024
edited
Loading

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
-0.14% 87.16% (target: 80.00%)
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (6d1bc5b) 4472 4153 92.87%
Head commit (eda7e7b) 4580 (+108) 4247 (+94) 92.73% (-0.14%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#607) 109 95 87.16%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

Codacy will stop sending the deprecated coverage status from June 5th, 2024. Learn more

jkowalleck
jkowalleck requested changes Apr 29, 2024
View reviewed changes
cyclonedx/model/bom.py Show resolved Hide resolved
cyclonedx/model/composition.py Show resolved Hide resolved
cyclonedx/model/composition.py


@serializable.serializable_class
class CompositionReference:
Copy link
Member

@jkowalleck jkowalleck Apr 29, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.


what is the purpose of this class?
why not use simple BomRef instances instead?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Think there was a structural reason - let me check @jkowalleck

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes - it was added for structural reasons - happy to leave as is @jkowalleck ?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i do not understand. what were these structural reasons?
I mean everybody ysing the library would ask the same question I did.

from the schema it looks like all these compositions.assembies and compositions.dependencies are simple sets of BomRef.
see https://github.com/CycloneDX/specification/blob/8e131b1688ccfe41e1bfdd4b3280f33dcc06d04c/schema/bom-1.6.schema.json#L2235-L2252

cyclonedx/model/composition.py Outdated Show resolved Hide resolved
@jkowalleck
Copy link
Member

@madpah ,
Could you rebase on latest master and fix the conflicts.
I had to do some style-changes(#643) to make the review easier.
Sorry for the inconvenience.

@jkowalleck jkowalleck marked this pull request as draft September 23, 2024 08:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkowalleck jkowalleck jkowalleck requested changes

Assignees

@madpah madpah

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@madpah @jkowalleck