Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(report): tidy dependencies for multiple repo on integration with GSA (#1593)

Browse Source 
* initialize dependencyGraphManifests out of loop

* remove GitHubSecurityAlert.PackageName

* tidy dependency map for multi repo

* set repo name into SBOM components & purl for multi repo
This commit is contained in:
Sinclair
2023-02-07 19:47:32 +09:00
committed by GitHub
parent ad2edbb844
commit 1927ed344c
5 changed files with 25 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
models/vulninfos.go
View File

@@ -299,10 +299,8 @@ func (g GitHubSecurityAlerts) Names() (names []string) {
return names
}
// GitHubSecurityAlert has detected CVE-ID, PackageName, Status fetched via GitHub API
// GitHubSecurityAlert has detected CVE-ID, GSAVulnerablePackage, Status fetched via GitHub API
type GitHubSecurityAlert struct {
// TODO: PackageName deprecated. it will be removed next time.
PackageName string `json:"packageName"`
Repository string `json:"repository"`
Package GSAVulnerablePackage `json:"package,omitempty"`
FixedIn string `json:"fixedIn"`
@@ -316,6 +314,11 @@ func (a GitHubSecurityAlert) RepoURLPackageName() string {
return fmt.Sprintf("%s %s", a.Repository, a.Package.Name)
}
// RepoURLManifestPath should be same format with DependencyGraphManifest.RepoURLFilename()
func (a GitHubSecurityAlert) RepoURLManifestPath() string {
return fmt.Sprintf("%s/%s", a.Repository, a.Package.ManifestPath)
}
type GSAVulnerablePackage struct {
Name string `json:"name"`
Ecosystem string `json:"ecosystem"`