Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DJC: Provide new command option on Product to "Improve Packages from latest data" #45

Closed
DennisClark opened this issue Feb 8, 2024 · 6 comments
Closed

DJC: Provide new command option on Product to "Improve Packages from latest data" #45

DennisClark opened this issue Feb 8, 2024 · 6 comments
Assignees
@tdruez @DennisClark
Labels
enhancement New feature or request HighPriority High Priority integration Integration with other applications
Milestone
DejaCode 5.1

Comments

@DennisClark
Copy link
Member

Importing an SBOM into a DejaCode Product can be disappointing if the SBOM does not have much license information. A nice feature would be to provide a new command option to "Improve Packages from PurlDB" on the Product "Scan" dropdown:

Step through the Product Packages
Use the PURL to find an entry in the PurlDB
Apply PurlDB field values to empty fields in the Product Package and corresponding Package definitions.
@DennisClark DennisClark added enhancement New feature or request integration Integration with other applications labels Feb 8, 2024
@DennisClark DennisClark added this to the DejaCode 5.1 milestone Feb 8, 2024
@DennisClark DennisClark added the HighPriority High Priority label Apr 1, 2024
@DennisClark
Copy link
Member Author

Given our recent experience with importing real-world SBOMs into DejaCode with rather scant license information, I think we should raise the priority on this one.

@tdruez tdruez mentioned this issue May 28, 2024
Open
tdruez added a commit that referenced this issue May 28, 2024
@tdruez
Skip the PURL fields in update_from_data #45
c255f58 
Signed-off-by: tdruez <tdruez@nexb.com>
tdruez added a commit that referenced this issue May 28, 2024
@tdruez
Add support for generic keywords in PackageAddView.get_initial #45
f8d5d48 
Signed-off-by: tdruez <tdruez@nexb.com>
tdruez added a commit that referenced this issue May 28, 2024
@tdruez
Add update_from_purldb method on the Package model #45
e9490d2 
Signed-off-by: tdruez <tdruez@nexb.com>
tdruez added a commit that referenced this issue May 28, 2024
@tdruez
Add an improve_packages_from_purldb method and view #45
b0a0178 
Signed-off-by: tdruez <tdruez@nexb.com>
tdruez added a commit that referenced this issue Jul 9, 2024
@tdruez
Merge main and fix conflicts #45
b47ebcb 
Signed-off-by: tdruez <tdruez@nexb.com>
tdruez added a commit that referenced this issue Jul 9, 2024
@tdruez
Fix failing tests #45
3151970 
Signed-off-by: tdruez <tdruez@nexb.com>
tdruez added a commit that referenced this issue Jul 10, 2024
@tdruez
Run the improve_packages_from_purldb as async task #45
3841671 
Signed-off-by: tdruez <tdruez@nexb.com>
tdruez added a commit that referenced this issue Jul 10, 2024
@tdruez
Turn off mark_all_notifications_as_read for Product #45
fee26d0 
Signed-off-by: tdruez <tdruez@nexb.com>
@DennisClark
Copy link
Member Author

@tdruez when I click on the notification generated by the "Improve..." process, it takes me to the Product (good) but it is not marking the notification as Read, and it continues to show up in the list.

The basic functionality of the "Improve..." process appears to be working fine, although I am still testing that.

@DennisClark
Copy link
Member Author

@tdruez if possible, it might be better that when I click on the notification, it would open the Product positioned on the History tab rather than the Essentials tab.

@DennisClark DennisClark changed the title Provide new command option to "Improve Packages from PurlDB" on Product "Scan" dropdown Provide new command option on Product to "Improve Packages from latest data" Jul 18, 2024
@DennisClark
Copy link
Member Author

DennisClark commented Jul 18, 2024
edited
Loading

Let's expand this enhancement to include checking the DejaCode Package definitions for updates since a Package was initially assigned to a Product; this can be especially useful if the Package was scanned after it was assigned to the Product, such as from the "Scan all Packages" action. The primary field of interest here would be the license_expression on the Product Package, so that if that field is empty it would be eligible for refreshing from an updated Package.

@DennisClark DennisClark changed the title Provide new command option on Product to "Improve Packages from latest data" DJC: Provide new command option on Product to "Improve Packages from latest data" Jul 22, 2024
tdruez added a commit that referenced this issue Aug 7, 2024
@tdruez
Fix failing tests #45
d9d7add 
Signed-off-by: tdruez <tdruez@nexb.com>
tdruez added a commit that referenced this issue Sep 2, 2024
@tdruez
Proper display of the improve_packages_from_purldb link #45
ee586e8 
Signed-off-by: tdruez <tdruez@nexb.com>
tdruez added a commit that referenced this issue Sep 2, 2024
@tdruez
Add unit tests #45
1a568fc 
Signed-off-by: tdruez <tdruez@nexb.com>
tdruez added a commit that referenced this issue Sep 2, 2024
@tdruez
Display overlay when triggering the "Improve" action #45
8f02c13 
Signed-off-by: tdruez <tdruez@nexb.com>
tdruez added a commit that referenced this issue Sep 2, 2024
@tdruez
Provide feedback on the "Improve" action through the import system #45
578d706 
Signed-off-by: tdruez <tdruez@nexb.com>
tdruez added a commit that referenced this issue Sep 2, 2024
@tdruez
Add a "Improve Packages from PurlDB" action in the Product details view
a8cb6f8 
#45

Signed-off-by: tdruez <tdruez@nexb.com>
@tdruez
Copy link
Contributor

tdruez commented Sep 2, 2024
edited
Loading

@DennisClark The #135 PR has been refined, merged, and deployed.
The "Improve" action is now logged in the "Import" tab of the Product details view, so you can track the progress there and get the list of "Improved" packages directly from that tab.
Feel free to close this one or to let me know about any possible improvements.

@DennisClark
Copy link
Member Author

@tdruez The logging of the Improve action on the Imports tab looks good, thanks. I think we can close this one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tdruez tdruez

@DennisClark DennisClark

Labels
enhancement New feature or request HighPriority High Priority integration Integration with other applications
Projects
None yet
Milestone
DejaCode 5.1
Development

No branches or pull requests
2 participants
@tdruez @DennisClark