CycloneDX Validation #415
CycloneDX Validation #415
Conversation
| @@ -0,0 +1,1054 @@ | |||
| { | |||
| "$schema": "http://json-schema.org/draft-04/schema#", | |||
jeffrey778zhan
force-pushed
the
jeffreyz/CycloneDX-Validator
branch
from
9a556b5
to
6075e33
Compare
|
|
||
| # for each scanner report, run the appropriate converter | ||
| @scan_reports.each do |scan_report| | ||
| cyclonedx_report[:components] << converter(scan_report[0]) | ||
| cyclonedx_report[:components] += converter(scan_report[0]) |
There was a problem hiding this comment.
Did convertor go from returning an item to returning an array?
There was a problem hiding this comment.
Right, converter returns an array of components (i.e a list of components built from a gemfile) and the final CycloneDX report expects a list of components rather than a list of lists so had to make this change.
| info = @scan_report.to_h.fetch(:info) | ||
| return [] unless info[:dependencies] |
There was a problem hiding this comment.
If there are no dependencies, would info[:dependencies] be nil or something like [] or {}?
There was a problem hiding this comment.
Yep info[:dependencies] becomes nil which causes errors if the code execution proceeds to info[:dependencies].each leading to an exception
| def initialize(scan_reports, config = {}) | ||
| @scan_reports = scan_reports | ||
| @config = config | ||
| end | ||
|
|
||
| CYCLONEDX_SPEC_VERSION = "1.3".freeze | ||
| CYCLONEDX_VERSION = "1".freeze | ||
| CYCLONEDX_VERSION = 1 |
There was a problem hiding this comment.
Why was the freeze taken out?
There was a problem hiding this comment.
Rubocop said it was redundant Style/RedundantFreeze: Do not freeze immutable objects, as freezing them has no effect.
What Changed?
Added support to validate CycloneDX generated reports against json-schema.
How was it tested?
Unit tests
Usage of CycloneDX Schema
Usage of CycloneDX Json Schema approved