WIP: Add component type to pkg #2146
Conversation
Signed-off-by: Benji Visser <benji@093b.org>
|
Hey @noqcks, sorry for the delay getting back to you. I will see if we can get a review on this soon, if you are still interested in working on it. Much appreciated! |
|
Yep, I am! Although this is only a WIP/example PR for this issue: #2145 I can clean it up if the direction described in the issue makes sense. |
| Locations file.LocationSet // the locations that lead to the discovery of this package (note: this is not necessarily the locations that make up this package) | ||
| Licenses LicenseSet // licenses discovered with the package metadata | ||
| Language Language `hash:"ignore" cyclonedx:"language"` // the language ecosystem this package belongs to (e.g. JavaScript, Python, etc) | ||
| ComponentType ComponentType `cyclonedx:"type"` // the type of component (e.g. application, library, framework, etc) |
There was a problem hiding this comment.
Hey @noqcks -- sorry for the delay here, I also left a comment on the related issue, but this gist is that instead of modifying this package, we should modify the DotnetDepsMetadata with the appropriate field(s) here: https://github.com/anchore/syft/blob/main/syft/pkg/dotnet.go#L4-L10
There was a problem hiding this comment.
are we able to access DotnetDepsMetadata from the cyclonedx formatter? from my understanding you can only access the package Struct
There was a problem hiding this comment.
Yes, you can access the metadata from the formatter, you just need to type assert the metadata field here is an example extracting the author in CycloneDX
See issue #2145
This PR is failing right now because adding a new field to Pkg recomputes packageIDs (I believe). If this PR were to be deemed appropriate, I would update all tests where needed. Looking for an approval first before I update all the tests.