Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes issues with trimComponents #613

Merged
merged 5 commits into from
Oct 5, 2023
Merged

Fixes issues with trimComponents #613

merged 5 commits into from
Oct 5, 2023

Conversation

BaseCrusher
Copy link
Contributor

Since the upgrade to CycloneDX Version 1.5 there has been a regression where the dotnet packages did not resolve correctly for dotnet framework projects. This fixes this issue.

The issue came up because trimComponents was called on the package list before the SBoM is created. Because of this all the package objects in the package list do not have one of the required keys purl or bom-ref. This led to the key being undefined for all packages where when checking if there is already a package with the same key in the keyCache was always true.

The fix was implemented by adding an additional fallback value by concatenating the name and version of the package object.

@BaseCrusher BaseCrusher force-pushed the bugfix/trimComponents-trims-to-much branch from 570d1af to 3d51c2e Compare October 4, 2023 19:04
@prabhu prabhu requested a review from cerrussell October 4, 2023 19:04
@prabhu
Copy link
Collaborator

prabhu commented Oct 4, 2023

Thank you so much! This looks good to me. @cerrussell, any thoughts?

@BaseCrusher BaseCrusher force-pushed the bugfix/trimComponents-trims-to-much branch from 37d219e to e4be5e8 Compare October 5, 2023 09:06
@BaseCrusher
Copy link
Contributor Author

I needed to add an additional check if the packages do not have a version which can happen in dotnet.

prabhu
prabhu reviewed Oct 5, 2023
View reviewed changes
index.js Outdated Show resolved Hide resolved
@prabhu
Copy link
Collaborator

prabhu commented Oct 5, 2023

To fix the prettier error, please install prettier-cli globally and run npm run pretty

@BaseCrusher
chore: fixed linting
80d0cec 
Signed-off-by: BaseCrusher <[email protected]>
prabhu
prabhu reviewed Oct 5, 2023
View reviewed changes
index.js Outdated Show resolved Hide resolved
@prabhu prabhu merged commit bacd100 into CycloneDX:master Oct 5, 2023
8 checks passed
@prabhu
Copy link
Collaborator

prabhu commented Oct 5, 2023

Thank you for your contribution!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@prabhu prabhu prabhu left review comments

@cerrussell cerrussell Awaiting requested review from cerrussell

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@BaseCrusher @prabhu