Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DRAFT: Issue #2737 - Fulfil NTIA minimum requirements #2867

Closed
wants to merge 3 commits into from
Closed

DRAFT: Issue #2737 - Fulfil NTIA minimum requirements #2867

wants to merge 3 commits into from

Conversation

melba-lopez
Copy link
Contributor

@melba-lopez melba-lopez commented Jul 4, 2023
edited
Loading

Description

Addressed Issue

#2737

Additional Details

Checklist

  • I have read and understand the contributing guidelines
  • This PR fixes a defect, and I have provided tests to verify that the fix is effective
  • This PR implements an enhancement, and I have provided tests to verify that it works as intended
  • This PR introduces changes to the database model, and I have added corresponding update logic
  • This PR introduces new or alters existing behavior, and I have updated the documentation accordingly

@melba-lopez melba-lopez changed the title DRAFT: Issue #2737 DRAFT: Issue #2737 - Fulfil NTIA minimum requirements Jul 4, 2023
nscuro
nscuro reviewed Jul 8, 2023
View reviewed changes
Copy link
Member

@nscuro nscuro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @melba-lopez, added some comments to the changes made so far.

So far you've covered supplier data in metadata.component of the BOM, which corresponds to a project's supplier in DT.

For the component side of things in DT, you want to look at these methods:

Happy to help if you need more clarification or get stuck!

src/main/java/org/dependencytrack/model/Component.java Outdated Show resolved Hide resolved
src/main/java/org/dependencytrack/parser/cyclonedx/util/ModelConverter.java Outdated Show resolved Hide resolved
src/main/java/org/dependencytrack/tasks/BomUploadProcessingTask.java Outdated Show resolved Hide resolved
src/main/java/org/dependencytrack/parser/cyclonedx/util/ModelConverter.java Outdated
}
supplier.setContacts(contacts);
}
project.setSupplier(supplier);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

createMetadata is converting from DT's data model to CycloneDX, so it should not set anything on DT's project:

Suggested change
project.setSupplier(supplier);
cycloneComponent.setSupplier(supplier);

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

made the change. will commit shortly :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

when i make this change it is complaining for some reason 😭

src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java Outdated Show resolved Hide resolved
@melba-lopez
Copy link
Contributor Author

Thanks for all the feedback @nscuro def will take all the help i can get :) hopefully i can finally start fixing this tomorrow evening.

@melba-lopez melba-lopez added the enhancement New feature or request label Jul 28, 2023
@melba-lopez melba-lopez deleted the mel-issue-2737 branch September 24, 2023 21:28
@melba-lopez melba-lopez mentioned this pull request Sep 24, 2023
Closed
5 tasks
@melba-lopez melba-lopez restored the mel-issue-2737 branch September 24, 2023 21:39
@melba-lopez melba-lopez reopened this Sep 24, 2023
@melba-lopez
Copy link
Contributor Author

@nscuro i made all the changes and had to fix/undo some changes i made accidentally. not sure why it does not like your recommendation cycloneComponent.setSupplier(supplier);

@melba-lopez
Updates per nscuro comments.
f01000f 
 Co-authored by: Melba Lopez <[email protected]>
    Co-authored by: nscuro <[email protected]>

    Signed-off-by: Melba Lopez <[email protected]>

Signed-off-by: Melba Lopez <[email protected]>
@melba-lopez melba-lopez marked this pull request as ready for review September 25, 2023 03:26
@melba-lopez melba-lopez added cdx-1.4 Related to CycloneDX specification v1.4 cdx-1.3 Related to CycloneDX specification v1.3 or earlier labels Sep 25, 2023
@melba-lopez
Updating JDBC Type to BLOB
b1d0686 
Signed-off-by: Melba Lopez <[email protected]>
@leec94 leec94 mentioned this pull request Oct 12, 2023
Merged
5 tasks
@nscuro
Copy link
Member

nscuro commented Nov 6, 2023

This was taken over by @leec94 in #3090. Thanks @melba-lopez for your work on this! :)

@nscuro nscuro closed this Nov 6, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 6, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@nscuro nscuro nscuro left review comments

Assignees
No one assigned
Labels
cdx-1.3 Related to CycloneDX specification v1.3 or earlier cdx-1.4 Related to CycloneDX specification v1.4 enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@melba-lopez @nscuro