Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SBOM storage formatting fix #79

Merged
merged 3 commits into from
Dec 8, 2023
Merged

SBOM storage formatting fix #79

merged 3 commits into from
Dec 8, 2023

Conversation

breedenc
Copy link
Contributor

@breedenc breedenc commented Dec 8, 2023
edited
Loading

Description

This change ensures that license IDs in SBOM reports are reported with the key id, rather than license_id. The id key was in the original spec (and is the format that Artemis' UI expects); however, this was unintentionally changed to license_id by #48.

Motivation and Context

#48 changed the way Artemis stores SBOM-generated dependency trees on the backend (from database to S3 bucket storage). It also unintentionally introduced a change to the format of SBOM results.

When SBOM reports were generated on-the-fly from the database, the textual representation of license objects was generated by this to_dict() function, which represented the license_id field with the id key.

However, when reports were written as JSON files directly to an S3 bucket, this to_dict() representation was not used, and this field was instead stored with the license_id key. A field name change constitutes a breaking change, and created validation issues when downloading SBOM reports via the UI.

This change also introduces a unit test which validates that the code which parses Veracode SBOM output returns JSON in the expected schema for submission to the S3 bucket.

How Has This Been Tested?

  • This change has been tested in a live non-production environment
  • This change has been tested with a new unit test

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist

  • My code follows conforms to the coding standards.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

Pic

@breedenc breedenc changed the title Breedenc/SBOM download fix SBOM storage formatting fix Dec 8, 2023
@breedenc breedenc marked this pull request as ready for review December 8, 2023 22:32
@breedenc breedenc requested a review from a team as a code owner December 8, 2023 22:32
g-marconet
g-marconet approved these changes Dec 8, 2023
View reviewed changes
Copy link
Contributor

@g-marconet g-marconet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@breedenc breedenc merged commit fa1402a into main Dec 8, 2023
2 checks passed
@breedenc breedenc deleted the breedenc/sbom-download-fix branch December 8, 2023 23:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@g-marconet g-marconet g-marconet approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@breedenc @g-marconet