-
-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: CBOM support #933
base: main
Are you sure you want to change the base?
feat: CBOM support #933
Conversation
Hi @san-zrl Thank you for the Pull Request! I believe this will be a great feature. It seems the test pipeline action is currently https://github.com/DependencyTrack/hyades-apiserver/actions/runs/11067343603/job/30750563096?pr=933
|
Signed-off-by: san-zrl <[email protected]> fix: added CryptoAssetsResource Signed-off-by: san-zrl <[email protected]> added getAllCryptoAssets() perr project and globally Signed-off-by: san-zrl <[email protected]>
4a7bd10
to
febbbe6
Compare
Signed-off-by: san-zrl <[email protected]>
Hi @VinodAnandan - I looked into the tests and fixed the main problems that are related to the migration to cyclonedx 1..6. Not sure if the entire test set works because I never managed to run it successfully on my local system. I'm on a Mac M1 and getting testcontainers to run was a challenge. Issues:
|
Can you elaborate what about the test containers was problematic? The team so far has been working predominantly with M1 macs, so that should not be a problem.
Can you share the errors you were getting here? Really all the refresh is doing is reloading the object from the database, so it's not much different from doing a
Same as above, can you share the errors you're getting? |
Also, have you tried if launching the API server with Dev Services works for you? https://dependencytrack.github.io/hyades/0.6.0-SNAPSHOT/development/testing/#api-server |
I ran above tests with |
I can reproduce the failures of the component property tests in this PR, but not in The problem seems to be the modified if (cid.getOid() != null) {
filterParts.add("(cryptoAssetProperties != null && cryptoAssetProperties.oid == :oid)");
params.put("oid", cid.getOid());
} else {
filterParts.add("cryptoAssetProperties != null && cryptoAssetProperties.oid == null");
} But it should be this instead: if (cid.getOid() != null) {
filterParts.add("(cryptoAssetProperties != null && cryptoAssetProperties.oid == :oid)");
params.put("oid", cid.getOid());
} else {
filterParts.add("(cryptoAssetProperties == null || cryptoAssetProperties.oid == null)");
} The |
@nscuro: Good catch, thanks! I'm using Rancher. |
@nscuro - The |
Will have a look at the failing tests. Regarding Testcontainers, could this be relevant? https://docs.rancherdesktop.io/how-to-guides/using-testcontainers/#prerequisites |
Signed-off-by: san-zrl <[email protected]>
I've seen this. Rancher uses admin rights. Kubernetes is disabled, VM type is set to QEMU. My env settings are
|
Signed-off-by: san-zrl <[email protected]>
Not entirely sure, but maybe Ryuk not being there could be a problem. Can you try enabling it? |
Coverage summary from CodacySee diff coverage on Codacy
Coverage variation details
Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: Diff coverage details
Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: See your quality gate settings Change summary preferencesCodacy stopped sending the deprecated coverage status on June 5th, 2024. Learn more |
TESTCONTAINERS_RYUK_DISABLED=false makes no difference for |
Signed-off-by: san-zrl <[email protected]>
Signed-off-by: san-zrl <[email protected]>
Signed-off-by: san-zrl <[email protected]>
Description
Enhances DT to read, persist, serve and export CBOM 1.6 data. See additional_details section for more information on what has been changed in particular. Note that there is a corresponding PR for hyades-frontend that enhances the UI to render CBOM data.
Addressed Issue
Issue #1538
Additional Details
org.depencytrack.model
org.depencytrack.persistence.v1.CryptoAssetsResource
with endpoints that serve the UIClassifier.CRYPTOGRAPHIC_ASSET
with CryptoProperties and Occurrence attributesChecklist