Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DJC: Store Dependencies as Packages and support multiple dependency types in the DejaCode model #11

Closed
DennisClark opened this issue Dec 7, 2023 · 2 comments
Closed

DJC: Store Dependencies as Packages and support multiple dependency types in the DejaCode model #11

DennisClark opened this issue Dec 7, 2023 · 2 comments
Assignees
@DennisClark
Labels
design needed Design details needed to complete the issue enhancement New feature or request help wanted Extra attention is needed HighPriority High Priority integration Integration with other applications major Significant level-of-effort vulnerabilities Vulnerability Management
Milestone
DejaCode 5.1

Comments

@DennisClark
Copy link
Member

We should store Dependencies as Packages in DejaCode. Also, in addition to simply creating Product Packages, we really need to provide the necessary qualifiers for Dependencies, especially whether they are declared as required or optional. Needs design. The processes that import Product Inventory Items from ScanCode results, or from an SBOM that provides dependency details, need to be enhanced as well as the model and the corresponding UI presentation in DejaCode.

As we do for Package, the Dependency model should be aligned with the ScanCode-toolkit and ScanCode.io ones:

Note that this improvement would enhance both license compliance and vulnerability management processes in DejaCode.
@DennisClark DennisClark added enhancement New feature or request help wanted Extra attention is needed vulnerabilities Vulnerability Management design needed Design details needed to complete the issue integration Integration with other applications labels Dec 7, 2023
@DennisClark DennisClark added this to the DejaCode 5.1 milestone Dec 7, 2023
@DennisClark DennisClark added the major Significant level-of-effort label Dec 7, 2023
@DennisClark DennisClark self-assigned this Apr 10, 2024
@DennisClark
Copy link
Member Author

See related analysis in SCIO:
aboutcode-org/scancode.io#1145
aboutcode-org/scancode.io#1066

Assuming that the improvements suggested in those issues for SCIO are implemented, we should create a compatible model in DejaCode.

@DennisClark DennisClark added the HighPriority High Priority label Apr 10, 2024
@DennisClark DennisClark mentioned this issue Apr 29, 2024
Open
@DennisClark DennisClark changed the title Store Dependencies as Packages and support multiple dependency types in the DejaCode model DJC: Store Dependencies as Packages and support multiple dependency types in the DejaCode model Jul 22, 2024
@tdruez
Copy link
Contributor

tdruez commented Aug 22, 2024

Implemented in #147 (#138)

@tdruez tdruez closed this as completed Aug 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DennisClark DennisClark

Labels
design needed Design details needed to complete the issue enhancement New feature or request help wanted Extra attention is needed HighPriority High Priority integration Integration with other applications major Significant level-of-effort vulnerabilities Vulnerability Management
Projects
None yet
Milestone
DejaCode 5.1
Development

No branches or pull requests
2 participants
@tdruez @DennisClark