helper-cli: Allow to specify purls in package lists used for creating analyzer results #9529
+12
−4
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
fviernau
force-pushed
the
helper-cli-package-list-add-purl
branch
3 times, most recently
from
6f1b2ba
to
fe8d915
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #9529 +/- ##
============================================
+ Coverage 67.97% 67.99% +0.01%
Complexity 1290 1290
============================================
Files 249 249
Lines 8813 8818 +5
Branches 916 917 +1
============================================
+ Hits 5991 5996 +5
Misses 2433 2433
Partials 389 389
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
mnonnenmacher
requested changes
Dec 2, 2024
helper-cli/src/main/kotlin/commands/CreateAnalyzerResultFromPackageListCommand.kt
Show resolved
Hide resolved
helper-cli/src/main/kotlin/commands/CreateAnalyzerResultFromPackageListCommand.kt
Show resolved
Hide resolved
fviernau
force-pushed
the
helper-cli-package-list-add-purl
branch
from
fe8d915
to
cf3c86b
Compare
mnonnenmacher
previously approved these changes
Dec 2, 2024
nnobelis
previously approved these changes
Dec 2, 2024
Call the constructor directly, in order to make use of the default values `purl = id.toPurl()` and `vcsProcessed = vcs.normalize()`. This has the effect that `purl` is not empty anymore, but set to the above mentioned default value derived from the `id`. This enables using the analyzer results created by this helper command as-is as input for purl-based advisors. Signed-off-by: Frank Viernau <[email protected]>
sschuberth
changed the title
The `CreateAnalyzerResultFromPackageListCommand` can be used for projects which do not use a package manager supported by ORT or at all. In this case the currently used value `purl = id.toPurl()` always yields a `purl` with the type `generic`. This is not always optimal. For example, for dependencies of a CMAKE project the purl type `github` can be more suitable for dependencies hosted on GitHub. Setting the purl manually via the `PackageList` allows to use the created analyzer result as-is with any purl-based advisor. Signed-off-by: Frank Viernau <[email protected]>
Signed-off-by: Frank Viernau <[email protected]>
fviernau
force-pushed
the
helper-cli-package-list-add-purl
branch
from
cf3c86b
to
dcde910
Compare
nnobelis
approved these changes
Dec 2, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Support injecting
purlsfor packages when creating an analyzer result from aPackageList, to allow using the analyzer results as-is with purl-based advisors, such as OSV and (the upcoming) BlackDuck.Related to: #8739.