feat: enable repo finder to support more languages via Open Source Insights #388
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
oracle-contributor-agreement
bot
added
the
OCA Verified
benmss
changed the title
tromai
reviewed
Jul 31, 2023
tromai
reviewed
Jul 31, 2023
nicallen
reviewed
Aug 1, 2023
nicallen
approved these changes
Aug 2, 2023
behnazh-w
reviewed
Aug 4, 2023
tromai
reviewed
Aug 8, 2023
tromai
reviewed
Aug 8, 2023
tromai
reviewed
Aug 8, 2023
tromai
reviewed
Aug 8, 2023
tromai
reviewed
Aug 8, 2023
tromai
reviewed
Aug 8, 2023
tromai
reviewed
Aug 8, 2023
Closed
benmss
force-pushed
the
repo-finder-refactor
branch
3 times, most recently
from
f7fadaa to
57d13c9
Compare
behnazh-w
reviewed
Aug 31, 2023
| @@ -31,9 +29,13 @@ class DependencyTools(str, Enum): | |||
| class DependencyInfo(TypedDict): | |||
| """The information of a resolved dependency.""" | |||
|
|
|||
| version: str | |||
| group: str | |||
| scheme: str | |||
There was a problem hiding this comment.
Instead of duplicating the PURL spec here, wouldn't it be better to store the PURL string directly, which will be parsed using the packageurl module later before analyzing the dependency?
There was a problem hiding this comment.
If we store the PURL string as well as the old information (in their fields), we have duplicates. If we don't keep the old information, we have to create the PURL from the string every time we want to extract any information from it. Perhaps storing the actual PURL would make the most sense?
There was a problem hiding this comment.
I agree with the option of storing the actual PURL object.
There was a problem hiding this comment.
Storing a PackageURL object sounds good to me.
behnazh-w
reviewed
Aug 31, 2023
nathanwn
reviewed
Sep 1, 2023
nathanwn
reviewed
Sep 1, 2023
Signed-off-by: Ben Selwyn-Smith <[email protected]>
Signed-off-by: Ben Selwyn-Smith <[email protected]>
- Moved dependency resolution functions to dependency_resolver.py - Moved find_valid_url to repo_finder to avoid circular dependencies - Added URL for deps.dev API documentation as comment Signed-off-by: Ben Selwyn-Smith <[email protected]>
Signed-off-by: Ben Selwyn-Smith <[email protected]>
Signed-off-by: Ben Selwyn-Smith <[email protected]>
… use with Repo Finder. Signed-off-by: Ben Selwyn-Smith <[email protected]>
Signed-off-by: Ben Selwyn-Smith <[email protected]>
Signed-off-by: Ben Selwyn-Smith <[email protected]>
Signed-off-by: Ben Selwyn-Smith <[email protected]>
Signed-off-by: Ben Selwyn-Smith <[email protected]>
Signed-off-by: Ben Selwyn-Smith <[email protected]>
… string replacement in java repo finder Signed-off-by: Ben Selwyn-Smith <[email protected]>
Signed-off-by: Ben Selwyn-Smith <[email protected]>
Signed-off-by: Ben Selwyn-Smith <[email protected]>
Signed-off-by: Ben Selwyn-Smith <[email protected]>
Signed-off-by: Ben Selwyn-Smith <[email protected]>
Signed-off-by: Ben Selwyn-Smith <[email protected]>
Signed-off-by: Ben Selwyn-Smith <[email protected]>
Signed-off-by: Ben Selwyn-Smith <[email protected]>
Signed-off-by: Ben Selwyn-Smith <[email protected]>
Signed-off-by: Ben Selwyn-Smith <[email protected]>
Signed-off-by: Ben Selwyn-Smith <[email protected]>
benmss
force-pushed
the
repo-finder-refactor
branch
from
a8ccd34 to
bca62d5
Compare
Signed-off-by: Ben Selwyn-Smith <[email protected]>
behnazh-w
approved these changes
Sep 21, 2023
tromai
added a commit
that referenced
this pull request
Sep 23, 2023
These changes were to separate the resolving dependencies using SBOM generator and resolving dependencies from SBOM files. These changes were necessary for this PR back when I first work on it (before the merging of #388). However, after #388 is merged and further discussion, this change is no longer necessary. Signed-off-by: Trong Nhan Mai <[email protected]>
art1f1c3R
pushed a commit
that referenced
this pull request
Nov 29, 2024
…sights (#388) This feature modifies the Repo Finder, so that it can: be usable from anywhere within Macaron; accept PURL strings as input; and, support more languages via Google's Open Source Insights (deps.dev) This enables Macaron to accept artifact PURLs as input, whereby the Repo Finder will be used to attempt to retrieve the related repository. Additional languages include those supported by deps.dev: Python, NodeJS, .Net, and Rust. Note that currently these will only work when specifying an artifact PURL as input, or providing an SBOM. Full support for these extra languages will require the addition of new dependency analyzers. A new config option is also provided to disable API calls to Google's Open Source Insights, if desired. Signed-off-by: Ben Selwyn-Smith <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The repo finder is refactored to:
Added languages include: Python, NodeJS, .Net, Rust.
Note that these additions won't do anything until dependency analysers for these languages are added.
Use of Open Source Insights can be disabled via a configuration value.