-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SBOM ingestion #81
SBOM ingestion #81
Conversation
CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅ |
I have read the CLA Document and I hereby sign the CLA |
# Conflicts: # go.mod # go.sum
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Check out my comments. Make sure the Clinet PR is approved by ecosystem team
tests/utils/test_utils.go
Outdated
type EnrichJson struct { | ||
Vulnerability []struct { | ||
BomRef string `json:"bom-ref,"` | ||
Id string `json:"id"` | ||
} `json:"vulnerabilities"` | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
type EnrichJson struct { | |
Vulnerability []struct { | |
BomRef string `json:"bom-ref,"` | |
Id string `json:"id"` | |
} `json:"vulnerabilities"` | |
} | |
type EnrichBom struct { | |
Vulnerabilities []Vulnerability `json:"vulnerabilities xml:"Vulnerabilities"` | |
} |
Use the struc already defined. you can combine and define xml and json tags at the same object...
Also move it to format
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know I can combine but XML is a bit different in structure than JSON, must separate.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
moved to format
tests/utils/test_utils.go
Outdated
type Bom struct { | ||
Vulnerabilities struct { | ||
Vulnerability []struct { | ||
BomRef string `xml:"bom-ref,attr"` | ||
Id string `xml:"id"` | ||
} `xml:"vulnerability"` | ||
} `xml:"vulnerabilities"` | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
type Bom struct { | |
Vulnerabilities struct { | |
Vulnerability []struct { | |
BomRef string `xml:"bom-ref,attr"` | |
Id string `xml:"id"` | |
} `xml:"vulnerability"` | |
} `xml:"vulnerabilities"` | |
} |
remove duplicated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
its not duplicated
func testVulns(t *testing.T, vulns []struct { | ||
BomRef string | ||
Id string | ||
}) { | ||
for _, vuln := range vulns { | ||
assert.NotEqual(t, vuln.BomRef, nil) | ||
assert.NotEqual(t, vuln.Id, nil) | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
func testVulns(t *testing.T, vulns []struct { | |
BomRef string | |
Id string | |
}) { | |
for _, vuln := range vulns { | |
assert.NotEqual(t, vuln.BomRef, nil) | |
assert.NotEqual(t, vuln.Id, nil) | |
} | |
} | |
func testVulns(t *testing.T, vulns Vulnerabilities) { | |
for _, vuln := range vulns { | |
assert.NotEqual(t, vuln.BomRef, nil) | |
assert.NotEqual(t, vuln.Id, nil) | |
} | |
} |
Use the structs from the formats that you added. you dont need anonymus structs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I want the testVulns function to receive both xml and json structs. I only care about specific fields in this so I used annonymous structs to make this function generic. whats wrong with that ?
dev
branch.go vet ./...
.go fmt ./...
.Depends on:
jfrog/jfrog-client-go#961
jfrog/jfrog-cli-core#1193
Description: new command jf-sbom enrich, the point is to take an XML/JSON file which contains an SBOM of a package in CycloneDX format and enrich it with vulnerabilities which xray finds.
Usage:
jf sbom-enrich <file.xml/file.json>
Output:
the file.xml/file.json with an additional vulnerabilities section.
For example:
And the output is the file with an additional section (provided here is an image with the extra section)
This is only part of the output, the output is the file that was put as input but with an additional section.