Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When using Poetry lockfile, allow users to select dependency group(s) #580

Closed
robertlagrant opened this issue Sep 7, 2023 · 3 comments · Fixed by #610
Closed

When using Poetry lockfile, allow users to select dependency group(s) #580

robertlagrant opened this issue Sep 7, 2023 · 3 comments · Fixed by #610
Labels
enhancement New feature or request source: poetry
Milestone
4.0.0

Comments

@robertlagrant
Copy link

Poetry allows for different types of dependency; e.g. production, test, etc. The names are not fixed.

It would be great to be able to select e.g. only production dependencies (and their transitive dependencies) for SBOM output.

E.g.

cyclonedx-py --poetry --poetry-group production
@jkowalleck jkowalleck added the enhancement New feature or request label Sep 7, 2023
@jkowalleck
Copy link
Member

jkowalleck commented Sep 7, 2023
edited
Loading

groups:

cyclonedx-python/cyclonedx_py/parser/poetry.py

Lines 36 to 41 in 7121e24

class PoetryGroupWellknown(Enum):
"""Wellknown Poetry groups.
See https://python-poetry.org/docs/managing-dependencies/#dependency-groups
"""
Main = "main"
Dev = "dev"

feature is kinda implemented in upcoming v4
as CLI switch --omit:

cyclonedx-python/README.md

Lines 84 to 86 in 7121e24

-omit OMIT, --omit OMIT
Omit specified items when using Poetry or PipEnv
(currently supported is dev)

a better implementetion is planend, but depends on #527
if every parser was handled by an own subcommand, then it would be possible to add specific CLI switches, like a poetry-specific --only=main, which would contradict --omit=...

@jkowalleck jkowalleck added this to the 4.0.0 milestone Sep 7, 2023
@jkowalleck jkowalleck mentioned this issue Sep 6, 2023
Closed
@jkowalleck jkowalleck linked a pull request Nov 13, 2023 that will close this issue
feat!: rewrite CLI and parsers #610
Merged
42 tasks
@jkowalleck jkowalleck mentioned this issue Nov 13, 2023
Merged
42 tasks
@jkowalleck jkowalleck mentioned this issue Dec 1, 2023
Merged
9 tasks
@jkowalleck jkowalleck mentioned this issue Dec 25, 2023
Merged
@jkowalleck
Copy link
Member

fixed by #605

@jkowalleck
Copy link
Member

This feature will be part of the next/upcoming major release.
Changelog: see #605
Install via: pip install cyclonedx-bom==4.0.0rc1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request source: poetry
Projects
None yet
Milestone
4.0.0
Development

Successfully merging a pull request may close this issue.

feat!: rewrite CLI and parsers CycloneDX/cyclonedx-python
2 participants
@robertlagrant @jkowalleck