-
-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add copyright to evidence collection #1338
base: master
Are you sure you want to change the base?
Conversation
closes: CycloneDX#1310 Signed-off-by: frozen_byte <[email protected]>
@@ -111,6 +111,9 @@ export class Extractor { | |||
component.evidence = new CDX.Models.ComponentEvidence({ | |||
licenses: new CDX.Models.LicenseRepository(this.getLicenseEvidence(dirname(pkg.path), logger)) | |||
}) | |||
for (const line of this.getCopyrightEvidence(dirname(pkg.path), logger)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd like use the same Method as lin 112, but sadly the Stringable is not exported via CDX.Models and the only way I found to create that Set is with the Component Evidence constructor. Maybe someone else have a more elegant way to iterate.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why would you need the Stringable
being exported?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Basically I think its more elegant to use something like the following:
component.evidence = new CDX.Models.ComponentEvidence({
licenses: new CDX.Models.LicenseRepository(this.getLicenseEvidence(dirname(pkg.path), logger)),
copyright: new SortableStringables(copyrights)
})
The SortableStringables
is nowhere exported via the CDX object. Importing directly from '_helpers/sortable'
will not work since its not exported in any barrel.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see.
If you feel that it is a good idea to export the SortableStringables
, then feel free to write an issue for it in the library's repository: https://github.com/CycloneDX/cyclonedx-javascript-library
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about adding and exporting a dedicated type for the purpose new CDX.Models.CopyrightRepository
?
The thing is, that the SortableStringables
is internal for a good reason. it is just no stable/public interface, yet.
see CycloneDX/cyclonedx-javascript-library#1192
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Frozen-byte with version 7.1.0 of the JS library, the needed model was introduced.
see https://github.com/CycloneDX/cyclonedx-javascript-library/releases/tag/v7.1.0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this dependency is intended to be bumped to ^7.0
via #1331
please remember to bump to ^7.1
with this PR 👍
try { | ||
pcis = readdirSync(packageDir, {withFileTypes: true}) | ||
} catch (e) { | ||
logger?.warn('collecting license evidence in', packageDir, 'failed:', e) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"license evidence"? Probably a copy/paste error
Thank you for working on this feature. I do not see any test, so I assume this PR is still a work in progress. Feel free to set it to "ready for review", when all work is done. |
|
closes: #1310