Merge branch 'main' into update-oidc

mongodb-js · Jun 6, 2024 · 97f9c5e · 97f9c5e
2 parents e07ef08 + 30e0f00
commit 97f9c5e
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 6 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/packages/sbom-tools/README.md b/packages/sbom-tools/README.md
@@ -11,6 +11,8 @@ And exposes a `mongodb-sbom-tools` binary providing the following commands:
 - `generate-vulnerability-report`: Generates a report of vulnerabilities from the output of snyk test and a dependencies json file containing all the dependencies.
 - `generate-3rd-party-notices`: Generates a 3rd party notices file based on the licenses information collected by the WebpackDependenciesPlugin. Also validates the licenses.
 - `scan-node-js`: A script to produce a list of vulnerabilities affecting a Node.js version in the same format as snyk test (useful as we are redistributing Node.js with mongosh).
+- `fetch-codeql-results`: A script to fetch CodeQL results from GitHub.
+- `sarif-to-markdown`: Convert SARIF CodeQL results to markdown.
 
 ### `WebpackDependenciesPlugin`
 

diff --git a/packages/sbom-tools/package.json b/packages/sbom-tools/package.json
@@ -16,7 +16,7 @@
     "email": "[email protected]"
   },
   "homepage": "https://github.com/mongodb-js/devtools-shared",
-  "version": "0.6.0",
+  "version": "0.6.2",
   "repository": {
     "type": "git",
     "url": "https://github.com/mongodb-js/devtools-shared.git"

diff --git a/packages/sbom-tools/src/commands/fetch-codeql-results.ts b/packages/sbom-tools/src/commands/fetch-codeql-results.ts
@@ -17,6 +17,7 @@ type ResolvedCommitInformation = {
   repo: string;
   forPackage?: string;
   commit: string;
+  alternativeRef?: string;
 };
 
 type UnresolvedRepoInformation = Omit<ResolvedCommitInformation, 'commit'> &
@@ -25,7 +26,7 @@ type UnresolvedRepoInformation = Omit<ResolvedCommitInformation, 'commit'> &
 // Get CodeQL SARIF reports for a single commit in a single repository
 async function getSingleCommitSarif(
   octokit: Octokit,
-  { owner, repo, commit }: ResolvedCommitInformation
+  { owner, repo, commit, alternativeRef }: ResolvedCommitInformation
 ): Promise<unknown[]> {
   const reportIds = new Set<number>();
   for (let page = 0; ; page++) {
@@ -36,7 +37,7 @@ async function getSingleCommitSarif(
     });
     const previousPageAlreadyHadSomeData = reportIds.size > 0;
     for (const item of data) {
-      if (item.commit_sha === commit) {
+      if (item.commit_sha === commit || item.ref === alternativeRef) {
         reportIds.add(item.id);
       }
     }
@@ -183,11 +184,17 @@ async function getCurrentRepo(): Promise<ResolvedCommitInformation> {
       encoding: 'utf8',
     })
   ).stdout.trim();
+
+  let alternativeRef;
+  if (process.env.GITHUB_PR_NUMBER) {
+    alternativeRef = `refs/pull/${process.env.GITHUB_PR_NUMBER}/merge`;
+  }
+
   const repo = repoForPackageJSON(
     JSON.parse(await fs.readFile('package.json', 'utf8')),
     '<root>'
   );
-  return { ...repo, commit };
+  return { ...repo, commit, alternativeRef };
 }
 
 export async function fetchCodeQLResults(

diff --git a/resources/cidrs.json b/resources/cidrs.json