Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Propagating CycloneDx information #1453

Merged
merged 10 commits into from
Sep 25, 2024
Merged

Propagating CycloneDx information #1453

merged 10 commits into from
Sep 25, 2024

Conversation

marcwieserdev
Copy link
Contributor

@marcwieserdev marcwieserdev commented Sep 16, 2024
edited
Loading

What and why?

The goal of this PR is to proagate new information coming from CycloneDX sboms, such as libraries package manager, is a library direct or not, files and dependencies between components.

How?

This is done by updating the CycloneDX SBOM to SCARequest payload. Please note it will be more convenient to review it commit by commit as they have been split by propagation type + 1 refacto at first to prepare file propagation

Review checklist

  • Feature or bugfix MUST have appropriate tests (unit, integration)

@marcwieserdev marcwieserdev force-pushed the marc.wieser/Propagating_CycloneDX_Information branch from 1d6b3b6 to cc5b4f5 Compare September 16, 2024 10:06
@datadog-datadog-prod-us1
Copy link

datadog-datadog-prod-us1 bot commented Sep 16, 2024
edited
Loading

Datadog Report

Branch report: marc.wieser/Propagating_CycloneDX_Information
Commit report: b67e88f
Test service: datadog-ci-tests

✅ 0 Failed, 152 Passed, 0 Skipped, 1m 14.97s Total duration (2m 18.86s time saved)

@marcwieserdev marcwieserdev added the static-analysis Related to [sarif, sbom] label Sep 16, 2024
@marcwieserdev marcwieserdev force-pushed the marc.wieser/Propagating_CycloneDX_Information branch from 92b99ea to dcb0ab8 Compare September 18, 2024 09:05
@marcwieserdev marcwieserdev marked this pull request as ready for review September 18, 2024 12:28
@marcwieserdev marcwieserdev requested review from a team as code owners September 18, 2024 12:28
juli1
juli1 approved these changes Sep 18, 2024
View reviewed changes
Copy link
Contributor

@juli1 juli1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should probably make sure we align on https://github.com/DataDog/dd-source/pull/129608 before landing.

@marcwieserdev marcwieserdev merged commit 374e8f8 into master Sep 25, 2024
18 checks passed
@marcwieserdev marcwieserdev deleted the marc.wieser/Propagating_CycloneDX_Information branch September 25, 2024 13:28
@Drarig29 Drarig29 mentioned this pull request Oct 29, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@juli1 juli1 juli1 approved these changes

Assignees
No one assigned
Labels
static-analysis Related to [sarif, sbom]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@marcwieserdev @juli1