feat: add purl as a CLI options #401
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tromai
added
feature
oracle-contributor-agreement
bot
added
the
OCA Verified
tromai
force-pushed
the
375-accept-purl-identifier-as-cli-input
branch
3 times, most recently
from
75c3e6e
to
f3375ef
Compare
tromai
force-pushed
the
375-accept-purl-identifier-as-cli-input
branch
2 times, most recently
from
e195002
to
145c2ac
Compare
tromai
changed the title
benmss
approved these changes
Aug 18, 2023
benmss
reviewed
Aug 22, 2023
benmss
reviewed
Aug 22, 2023
benmss
reviewed
Aug 22, 2023
benmss
reviewed
Aug 22, 2023
benmss
reviewed
Aug 22, 2023
benmss
reviewed
Aug 22, 2023
|
I have no further suggestions or comments for this PR. The only minor comments I could raise relate to the functions that will be moved into the Repo Finder as part of PR 388. I see no reason to discuss them here when that PR will change them anyway, and is blocked by this one. |
Signed-off-by: Trong Nhan Mai <[email protected]>
Signed-off-by: Trong Nhan Mai <[email protected]>
… expectation files Signed-off-by: Trong Nhan Mai <[email protected]>
Signed-off-by: Trong Nhan Mai <[email protected]>
Signed-off-by: Trong Nhan Mai <[email protected]>
tromai
force-pushed
the
375-accept-purl-identifier-as-cli-input
branch
from
7a84f6f
to
fe7d780
Compare
…ith PURL and repository path Signed-off-by: Trong Nhan Mai <[email protected]>
behnazh-w
reviewed
Aug 23, 2023
| This method is used to handle the cases where the purl type value is not the git domain but a pre-defined | ||
| repo-based type in https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst. | ||
|
|
||
| Note that this method will be updated when there are new pre-defined type as per the PURL specification. |
There was a problem hiding this comment.
Suggested change
| Note that this method will be updated when there are new pre-defined type as per the PURL specification. | |
| Note that this method will be updated when there are new pre-defined types as per the PURL specification. |
behnazh-w
reviewed
Aug 23, 2023
docs/source/pages/using.rst
Outdated
|
|
||
| pkg:<git_service_domain>/<organization>/<name> | ||
|
|
||
| The list bellow shows examples for the corresponding PURL string for different git repositories: |
There was a problem hiding this comment.
Suggested change
| The list bellow shows examples for the corresponding PURL string for different git repositories: | |
| The list bellow shows examples for the corresponding PURL strings for different git repositories: |
behnazh-w
reviewed
Aug 23, 2023
behnazh-w
reviewed
Aug 24, 2023
Signed-off-by: Trong Nhan Mai <[email protected]>
Signed-off-by: Trong Nhan Mai <[email protected]>
Signed-off-by: Trong Nhan Mai <[email protected]>
Signed-off-by: Trong Nhan Mai <[email protected]>
Signed-off-by: Trong Nhan Mai <[email protected]>
behnazh-w
approved these changes
Aug 28, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This Pull request adds a CLI option to Macaron, called
-purl/--package-url, for the user to provide the Package URL (see the specification here) for the main analysis software component.Types of PURL this feature supports.
A "repo-based" PURL.
According to the PURL specification, a PURL string could be used to reference a git repository path.
The format for a "repo-based" PURL would be:
Where:
type: could be the pre-defined types for git-based packages as mentioned here. At the current time of this PR, there are only two git-based PURL:githubandbitbucket. However, the user could use the git service domain as thetype(e.g.github.comorgitlab.com).organization/repo-name: the repository fullname, which is expected to have 2 components. Example:apache/mavenororacle/macaron,Other PURL types
At this stage, this type contains PURL strings which do not belong to the first type.
Supported use case
Provide the repository path
This use case is what Macaron has been offering. No changes are made to it.
Provide PURL only
When only the PURL is provided for the main software component:
Example:
Provide PURL with repository path
This is used for the case where the user want to analyze a software component not being a git repository. The repository path is provided from the user to map with that software component.
Note that the branch name and the commit hash must be provide. This enforcement is to prevent Macaron mapping the software component with an incorrect repository snapshot.
Example: