Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for component properties #3499

Merged
merged 17 commits into from
Apr 14, 2024
Merged

Add support for component properties #3499

merged 17 commits into from
Apr 14, 2024

Conversation

nscuro
Copy link
Member

@nscuro nscuro commented Feb 26, 2024
edited
Loading

Description

Adds support for component properties, similar to how project properties are supported already.

On top of being manageable via REST API, component properties are also ingested upon BOM upload.

Addressed Issue

Closes #2560
Closes #2715
Closes #2717
Closes #2991

Additional Details

Frontend PR: DependencyTrack/frontend#811

Checklist

  • I have read and understand the contributing guidelines
  • This PR fixes a defect, and I have provided tests to verify that the fix is effective
  • This PR implements an enhancement, and I have provided tests to verify that it works as intended
  • This PR introduces changes to the database model, and I have added corresponding update logic
  • This PR introduces new or alters existing behavior, and I have updated the documentation accordingly

@nscuro nscuro added the enhancement New feature or request label Feb 26, 2024
@nscuro nscuro added this to the 4.11 milestone Feb 26, 2024
@nscuro

This comment was marked as outdated.

Sign in to view
@nscuro nscuro force-pushed the issue-2715 branch 2 times, most recently from 851f8b2 to 8c8a3c0 Compare March 2, 2024 17:47
@fnxpt
Copy link

fnxpt commented Mar 4, 2024

@nscuro I will implement it as soon as this is merged... I should need 1 or 2 hours to implement the missing code

@nscuro nscuro mentioned this pull request Apr 1, 2024
Closed
2 tasks
@setchy setchy mentioned this pull request Apr 1, 2024
Closed
5 tasks
nscuro added a commit to nscuro/dependency-track-frontend that referenced this pull request Apr 14, 2024
@nscuro
Add support for component properties
3e8f560 
Based on DependencyTrack/dependency-track#3499

Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro nscuro mentioned this pull request Apr 14, 2024
Merged
1 task
nscuro added a commit to nscuro/dependency-track-frontend that referenced this pull request Apr 14, 2024
@nscuro
Add support for component properties
658b4c9 
Based on DependencyTrack/dependency-track#3499

Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro nscuro marked this pull request as ready for review April 14, 2024 17:22
@codacy-production Codacy Production
Copy link

codacy-production bot commented Apr 14, 2024
edited
Loading

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
Report missing for 7099bac1 86.54% (target: 70.00%)
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (7099bac) Report Missing Report Missing Report Missing
Head commit (11020d1) 21953 16379 74.61%

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#3499) 208 180 86.54%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

You may notice some variations in coverage metrics with the latest Coverage engine update. For more details, visit the documentation

Footnotes

  1. Codacy didn't receive coverage data for the commit, or there was an error processing the received data. Check your integration for errors and validate that your coverage setup is correct.

nscuro and others added 10 commits April 14, 2024 22:07
@nscuro @rkesters
Add component property model and resource
1fbd88f 
Supersedes DependencyTrack#2717

Co-authored-by: Robert Kesterson <rkesters@gmail.com>
Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Ingest component properties from BOM
0cd4332 
Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Update Trivy IT to use OS component and properties
5164bb8 
Relates to DependencyTrack#3369

Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Skip property assertions for legacy BOM processing task
9bc453c 
Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Include project and component properties in CycloneDX exports
57cf065 
Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Apply copyright change
d812964 
Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Add UUID validation; Add Swagger docs for required permissions
d489c2c 
Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Make groupName optional for component properties
59e8e22 
This is primarily to handle CycloneDX properties which do not use namespaces.

Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Handle duplicate component properties
70b02e9 
This extends the identity of a `ComponentProperty` to also include its value. As a consequence, encrypted values will not be supported.

In order to support duplicate `groupName` / `propertyValue` pairs, the `ComponentProperty` class now has a separate `uuid` field in order to still be able to address individual properties via REST API (e.g. for deletion operations).

It is no longer possible to update a `ComponentProperty` via REST API.

Uniqueness of properties is now enforced across `groupName`, `propertyName`, *and* `propertyValue`.

Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
De-duplicate component properties during model conversion
e711933 
Also don't include project properties in BOM exports (yet).

Signed-off-by: nscuro <nscuro@protonmail.com>
nscuro added 6 commits April 14, 2024 22:07
@nscuro
Update property names in Trivy integration test
0fabefc 
Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Fix getComponentProperties query
650e6c2 
Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Ignore component field when serializing ComponentProperty
f39fc0c 
Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Attempt at avoid race conditions with test subscribers
bb30ecf 
Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Try to fix test flakiness by waiting for event processing completion
009cc74 
Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Add @rkesters to release credits
523b5f0 
For his work on the component property feature in DependencyTrack#2717.

Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Implement component property ingest for legacy BOM processing task
11020d1 
Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro nscuro merged commit 9384714 into DependencyTrack:master Apr 14, 2024
11 checks passed
@nscuro nscuro deleted the issue-2715 branch April 14, 2024 21:39
@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 15, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
4.11
2 participants
@nscuro @fnxpt