Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Enhance testing around cyclonedx ingestion #942

Merged
merged 1 commit into from
Oct 24, 2024
Merged

chore: Enhance testing around cyclonedx ingestion #942

merged 1 commit into from
Oct 24, 2024

Conversation

JimFuller-RedHat
Copy link
Collaborator

@JimFuller-RedHat JimFuller-RedHat commented Oct 24, 2024
edited
Loading

We need to ensure (when similarly encoded) that ingestion of cyclonedx matches spdx ingestion.

We also should take care to avoid any race conditions if we encounter sbom that encode circular dependencies.

@JimFuller-RedHat JimFuller-RedHat self-assigned this Oct 24, 2024
JimFuller-RedHat
JimFuller-RedHat commented Oct 24, 2024
View reviewed changes
modules/analysis/src/service.rs
@@ -134,7 +134,7 @@ pub async fn get_relationships(
LEFT JOIN
sbom_package_purl_ref t2 ON sbom.sbom_id = t2.sbom_id AND t2.node_id = package_relates_to_package.right_node_id
WHERE
package_relates_to_package.relationship IN (0, 8, 14)
package_relates_to_package.relationship IN (0, 1, 8, 14)
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 = DependencyOf relationship which is how we encode ingesting cyclonedx dependsOn

@JimFuller-RedHat JimFuller-RedHat marked this pull request as draft October 24, 2024 06:38
@JimFuller-RedHat JimFuller-RedHat force-pushed the cyclonedx-analysis-graph-last branch 2 times, most recently from e9e7543 to 097da94 Compare October 24, 2024 10:57
@JimFuller-RedHat JimFuller-RedHat changed the title Enhance testing around cyclonedx ingestion chore: Enhance testing around cyclonedx ingestion Oct 24, 2024
@JimFuller-RedHat JimFuller-RedHat marked this pull request as ready for review October 24, 2024 11:59
@JimFuller-RedHat JimFuller-RedHat added cyclonedx Vulnerability Correlation Correlation of vulnerabilities to Packages, SBOMs and Products labels Oct 24, 2024
@JimFuller-RedHat JimFuller-RedHat added this pull request to the merge queue Oct 24, 2024
Merged via the queue into trustification:main with commit 3340444 Oct 24, 2024
5 checks passed
@JimFuller-RedHat JimFuller-RedHat deleted the cyclonedx-analysis-graph-last branch October 24, 2024 18:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bobmcwhirter bobmcwhirter bobmcwhirter approved these changes

@ctron ctron Awaiting requested review from ctron

Assignees

@JimFuller-RedHat JimFuller-RedHat

Labels
cyclonedx Vulnerability Correlation Correlation of vulnerabilities to Packages, SBOMs and Products
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@JimFuller-RedHat @bobmcwhirter