Skip to content

Commit

Permalink
chore: fix creation of cdx provides relationships
Browse files Browse the repository at this point in the history
  • Loading branch information
@ctron
ctron committed Jan 31, 2025
1 parent d3056ce commit 9d1912e
Showing 1 changed file with 32 additions and 3 deletions.
35 changes: 32 additions & 3 deletions modules/ingestor/src/graph/sbom/cyclonedx.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -151,10 +151,13 @@ impl SbomContext {
// create relationships

for left in sbom.dependencies.iter().flatten() {
// https://github.com/trustification/trustify/issues/1131
// Do we need to qualify this so that only "arch=src" refs
// get the GeneratedFrom relationship?
for target in left.depends_on.iter().flatten() {
log::debug!("Adding dependency - left: {}, right: {}", left.ref_, target);
creator.relate(left.ref_.clone(), Relationship::Dependency, target.clone());
}

for target in left.provides.iter().flatten() {
log::debug!("Adding generates - left: {}, right: {}", left.ref_, target);
creator.relate(left.ref_.clone(), Relationship::Generates, target.clone());
}
}
Expand Down Expand Up @@ -378,6 +381,32 @@ impl<'a> ComponentCreator<'a> {
self.relationships
.relate(node_id.clone(), Relationship::Variant, target);
}

for variant in comp
.pedigree
.iter()
.flat_map(|pedigree| pedigree.variants.iter().flatten())
{
let target = variant
.bom_ref
.clone()
.unwrap_or_else(|| Uuid::new_v4().to_string());

// create the component

let creator = ComponentCreator::new(
self.cpes,
self.purls,
self.licenses,
self.packages,
self.relationships,
);

creator.create(variant);

self.relationships
.relate(node_id.clone(), Relationship::Variant, target);
}
}

pub fn add_cpe(&mut self, cpe: Cpe) {
Expand Down

0 comments on commit 9d1912e

Please sign in to comment.