Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Git analysis: relax branch computation #2404

Open
oliverchang opened this issue Jul 22, 2024 · 1 comment
Open

Git analysis: relax branch computation #2404

oliverchang opened this issue Jul 22, 2024 · 1 comment
Labels
backlog Important but currently unprioritized enhancement New feature or request

Comments

@oliverchang
Copy link
Collaborator

Currently, our git commit enumeration relies on the commit hashes listed in the OSV record (as introduced/fixed/last_affected) to exist in git branches in the upstream repository:

This assumption doesn't hold in a number of cases. e.g. #2333 and #2375 (comment) to name a few.

We need to relax this requirement to instead:

  1. Consider the referenced introduced/fixed/last_affected commit position as its own logical "branch" if it's not part of any upstream branches.
  2. Include all tag references that isn't already covered by a branch in the analysis. This is likely less important than 1, which would solve most of the problems we've seen.
@oliverchang oliverchang added the enhancement New feature or request label Jul 22, 2024
Copy link

This issue has not had any activity for 60 days and will be automatically closed in two weeks

See https://github.com/google/osv.dev/blob/master/CONTRIBUTING.md for how to contribute a PR if you're interested in helping out.

@github-actions github-actions bot added the stale The issue or PR is stale and pending automated closure label Sep 20, 2024
@oliverchang oliverchang added backlog Important but currently unprioritized and removed stale The issue or PR is stale and pending automated closure labels Sep 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backlog Important but currently unprioritized enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

1 participant