Skip to content

Commit

Permalink
Support is-dev property from osv-scanner
Browse files Browse the repository at this point in the history
  • Loading branch information
@dastrong
dastrong committed Dec 27, 2024
1 parent b021be0 commit ca7124d
Show file tree
Hide file tree
Showing 5 changed files with 19 additions and 1 deletion.
4 changes: 4 additions & 0 deletions src/commands/sbom/__tests__/fixtures/sbom.1.5.ok.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,10 @@
{
"name": "osv-scanner:package-manager",
"value": "Npm"
},
{
"name": "osv-scanner:is-dev",
"value": "true"
}
]
},
Expand Down
3 changes: 3 additions & 0 deletions src/commands/sbom/__tests__/payload.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,9 @@ describe('generation of payload', () => {
const directDependencies = payload?.dependencies.filter((d) => d.is_direct)
expect(directDependencies?.length).toBe(1)

const devDependencies = payload?.dependencies.filter((d) => d.is_dev)
expect(devDependencies?.length).toBe(1)

const dependenciesWithPackageManager = payload?.dependencies.filter((d) => d.package_manager.length > 0)
expect(dependenciesWithPackageManager?.length).toBe(1)

Expand Down
1 change: 1 addition & 0 deletions src/commands/sbom/constants.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,5 @@ export const API_ENDPOINT = 'api/v2/static-analysis-sca/dependencies'

export const PACKAGE_MANAGER_PROPERTY_KEY = 'osv-scanner:package-manager'
export const IS_DEPENDENCY_DIRECT_PROPERTY_KEY = 'osv-scanner:is-direct'
export const IS_DEPENDENCY_DEV_ENVIRONMENT_PROPERTY_KEY = 'osv-scanner:is-dev'
export const FILE_PACKAGE_PROPERTY_KEY = 'osv-scanner:package'
11 changes: 10 additions & 1 deletion src/commands/sbom/payload.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,12 @@ import {
GIT_SHA,
} from '../../helpers/tags'

import {FILE_PACKAGE_PROPERTY_KEY, IS_DEPENDENCY_DIRECT_PROPERTY_KEY, PACKAGE_MANAGER_PROPERTY_KEY} from './constants'
import {
FILE_PACKAGE_PROPERTY_KEY,
IS_DEPENDENCY_DEV_ENVIRONMENT_PROPERTY_KEY,
IS_DEPENDENCY_DIRECT_PROPERTY_KEY,
PACKAGE_MANAGER_PROPERTY_KEY,
} from './constants'
import {getLanguageFromComponent} from './language'
import {Relations, Dependency, File, Location, LocationFromFile, Locations, ScaRequest} from './types'

Expand Down Expand Up @@ -187,11 +192,14 @@ const extractingDependency = (component: any): Dependency | undefined => {

let packageManager = ''
let isDirect
let isDev
for (const property of component['properties'] ?? []) {
if (property['name'] === PACKAGE_MANAGER_PROPERTY_KEY) {
packageManager = property['value']
} else if (property['name'] === IS_DEPENDENCY_DIRECT_PROPERTY_KEY) {
isDirect = property['value'].toLowerCase() === 'true' ? true : undefined
} else if (property['name'] === IS_DEPENDENCY_DEV_ENVIRONMENT_PROPERTY_KEY) {
isDev = property['value'].toLowerCase() === 'true' ? true : undefined
}
}

Expand All @@ -204,6 +212,7 @@ const extractingDependency = (component: any): Dependency | undefined => {
purl,
locations,
is_direct: isDirect,
is_dev: isDev,
package_manager: packageManager,
}

Expand Down
1 change: 1 addition & 0 deletions src/commands/sbom/types.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,7 @@ export interface Dependency {
purl: string
locations: undefined | Locations[]
is_direct: undefined | boolean
is_dev: undefined | boolean
package_manager: string
}

Expand Down

0 comments on commit ca7124d

Please sign in to comment.