Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add supplier/license info for cargo and pip #479

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

Add supplier/license info for cargo and pip #479

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
90eeee8
Add supplier/license info for cargo and pip
sebasgomez238 Jan 12, 2024
458ed70
Revert unnecessary changes
sebasgomez238 Jan 12, 2024
977c243
Nit
sebasgomez238 Jan 12, 2024
859fe0f
Merge branch 'main' into users/segomez/add-supplier-and-license
sebasgomez238 Jan 12, 2024
62c9cc8
Correct component-detection version
sebasgomez238 Jan 12, 2024
455f700
Merge branch 'main' into users/segomez/add-supplier-and-license
sebasgomez238 Jan 23, 2024
813ab74
Bump CD version
sebasgomez238 Jan 23, 2024
cc8a2c3
Merge branch 'main' into users/segomez/add-supplier-and-license
sebasgomez238 Feb 5, 2024
058615d
Merge branch 'main' into users/segomez/add-supplier-and-license
sebasgomez238 Feb 8, 2024
f06b4e3
Merge branch 'main' into users/segomez/add-supplier-and-license
DaveTryon Jun 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions src/Microsoft.Sbom.Adapters/Adapters/ComponentDetection/CargoComponentExtensions.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,12 @@ internal static class CargoComponentExtensions
PackageUrl = cargoComponent.PackageUrl?.ToString(),
PackageName = cargoComponent.Name,
PackageVersion = cargoComponent.Version,
LicenseInfo = string.IsNullOrWhiteSpace(component.LicenseConcluded) ? null : new LicenseInfo
LicenseInfo = new LicenseInfo
{
Concluded = component.LicenseConcluded,
Concluded = string.IsNullOrEmpty(component.LicenseConcluded) ? null : component.LicenseConcluded,
Declared = string.IsNullOrEmpty(cargoComponent.License) ? null : cargoComponent.License,
},
Supplier = string.IsNullOrEmpty(cargoComponent.Author) ? null : $"Organization: {cargoComponent.Author}",
FilesAnalyzed = false,
Type = "cargo",
};
Expand Down
6 changes: 4 additions & 2 deletions src/Microsoft.Sbom.Adapters/Adapters/ComponentDetection/PipComponentExtensions.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,12 @@ internal static class PipComponentExtensions
PackageUrl = pipComponent.PackageUrl?.ToString(),
PackageName = pipComponent.Name,
PackageVersion = pipComponent.Version,
LicenseInfo = string.IsNullOrWhiteSpace(component.LicenseConcluded) ? null : new LicenseInfo
LicenseInfo = new LicenseInfo
{
Concluded = component.LicenseConcluded,
Concluded = string.IsNullOrEmpty(component.LicenseConcluded) ? null : component.LicenseConcluded,
Declared = string.IsNullOrEmpty(pipComponent.License) ? null : pipComponent.License,
},
Supplier = string.IsNullOrEmpty(pipComponent.Author) ? null : $"Organization: {pipComponent.Author}",
FilesAnalyzed = false,
Type = "python",
};
Expand Down
1 change: 1 addition & 0 deletions src/Microsoft.Sbom.Api/Executors/ComponentDetectionBaseWalker.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,7 @@ public ComponentDetectionBaseWalker(
// Enable SPDX22 and ConanLock detector which is disabled by default.
cliArgumentBuilder.AddDetectorArg("SPDX22SBOM", "EnableIfDefaultOff");
cliArgumentBuilder.AddDetectorArg("ConanLock", "EnableIfDefaultOff");
cliArgumentBuilder.AddDetectorArg("RustCli", "EnableIfDefaultOff");
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

RustCli detector is not enabled by default. Must be enabled manually here.


if (sbomConfigs.TryGet(Constants.SPDX22ManifestInfo, out var spdxSbomConfig))
{
Expand Down
2 changes: 2 additions & 0 deletions src/Microsoft.Sbom.Api/Executors/PackagesWalker.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,8 @@ protected override IEnumerable<ScannedComponent> FilterScannedComponents(ScanRes
return result
.ComponentsFound
.Where(component => !(component.Component is SpdxComponent)) // We exclude detected SBOMs from packages section and reference them as an ExternalReference
.GroupBy(component => component.Component.Id)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now that both the RustCrateDetector and the RustCli detector are both running we may have duplicates. In this scenario we always want to take the one that came from the RustCli as this one contains Author and Supplier information.

.Select(group => group.FirstOrDefault(component => component.DetectorId == "RustCli") ?? group.First())
.Distinct(new ScannedComponentEqualityComparer())
.ToList();
}
Expand Down