feat: Add support for new Copyrights and schema updates #3156
Conversation
|
Generally, I think this looks pretty good @dor-hayun. A couple comments: If we're going to add this to the Syft data model and SPDX, we should also add this to CycloneDX, since it appears to support copyright of components also. That said, I don't see where this is ever populated -- are there some catalogers we could add this to with the initial implementation? |
|
@kzantow I'll add this to CycloneDX as well. The goal is to enable the addition of copyright text either as part of the existing catalogers or by injecting this data directly from other sources and formatting it. For instance, I can iterate over the |
dor-hayun
force-pushed
the
support-copyrights
branch
from
6c56eb9
to
8a085a5
Compare
|
@kzantow added also in CycloneDX |
dor-hayun
force-pushed
the
support-copyrights
branch
19 times, most recently
from
43aeb7a
to
1e121e8
Compare
dor-hayun
force-pushed
the
support-copyrights
branch
2 times, most recently
from
b113b35
to
052f526
Compare
dor-hayun
force-pushed
the
support-copyrights
branch
2 times, most recently
from
d27e313
to
abf35cc
Compare
There was a problem hiding this comment.
I had a quick look and left a bit of feedback here that would need to be addressed.
A couple other things:
- SPDX and CycloneDX should both encode and decode copyright information -- Syft should be able to read its own files
- I do not see any catalogers which are surfacing copyrights, I don't think we would want to add to the data model without using it at all
| @@ -61,11 +66,31 @@ func CommonOptions(licenseCmp LicenseComparer, locationCmp LocationComparer) []c | |||
| return true | |||
| }, | |||
| ), | |||
| cmp.Comparer( | |||
| func(x, y pkg.CopyrightsSet) bool { | |||
There was a problem hiding this comment.
This should be split out to a separate function, following the same pattern as the other comparers
| @@ -360,12 +362,33 @@ func AssertPackagesEqual(t *testing.T, a, b pkg.Package) { | |||
| return true | |||
| }, | |||
| ), | |||
| cmp.Comparer( | |||
| func(x, y pkg.CopyrightsSet) bool { | |||
There was a problem hiding this comment.
This should follow the existing patterns with a separate function
| @@ -1,13 +1,13 @@ | |||
| //nolint:dupl | |||
There was a problem hiding this comment.
why is this considered duplicated code? we should probably reuse existing functionality if needed
dor-hayun
force-pushed
the
support-copyrights
branch
from
abf35cc
to
4bf0b03
Compare
- **Added**: New JSON schema version `16.0.16` with support for the new `Copyrights`. - **Modified**: Updated the `JSONSchemaVersion` parameter to use the new schema. - **Added**: New `Copyrights` field to the `Package` and `PackageBasicData` structs, similar to the existing `Licenses` field. - **Added**: New `Copyright` struct. - **Implemented**: Sorting methods for the `Copyright` struct. - **Changed**: Updated the `PackageCopyrightText` to use `helpers.GetCopyrights(p.Copyrights)`, which formats the copyright text and returns a string. Example output: "Copyright 2014-2014 Matt Zabriskie & Collaborators". - **Added**: `Copyrights` assignment to the `toSyftPackage` function. Signed-off-by: dor-hayun <[email protected]>
dor-hayun
force-pushed
the
support-copyrights
branch
from
4bf0b03
to
b75dd28
Compare
JSON Schema
16.0.16with support for the newCopyrights.JSONSchemaVersionparameter to use the new schema.Package Structs
Copyrightsfield to thePackageandPackageBasicDatastructs, similar to the existingLicensesfield.Copyrightstruct.Copyrightstruct.toPackages Function
PackageCopyrightTextto usehelpers.GetCopyrights(p.Copyrights), which formats the copyright text and returns a string. Example output: "Copyright 2014-2014 Matt Zabriskie & Collaborators".toSyftPackage Function
Copyrightsassignment to thetoSyftPackagefunction.also added support in CycloneDX format