search

bgnetworks / meta-dependencytrack

A Yocto meta-layer for generating CycloneDX SBOMs and automatically uploading them to Dependency Track.
https://bgnet.works
Other
19 stars 22 forks source link

Normalize names for related packages #1

Open hellbent opened 2 years ago

hellbent commented 2 years ago

Currently we emit package with duplicate names such as:

    {
      "name": "foo:a foo:b foo:c",
      "version": "7.78.0",
      "cpe": "cpe:2.3:a:foo:a:7.78.0:*:*:*:*:*:*:*"
    },
    {
      "name": "foo:a foo:b foo:c",
      "version": "7.78.0",
      "cpe": "cpe:2.3:a:foo:b:7.78.0:*:*:*:*:*:*:*"
    },
    {
      "name": "foo:a foo:b foo:c",
      "version": "7.78.0",
      "cpe": "cpe:2.3:a:foo:c:7.78.0:*:*:*:*:*:*:*"
    },

These should have three distinct names:

    {
      "name": "foo:a",
      "version": "7.78.0",
      "cpe": "cpe:2.3:a:foo:a:7.78.0:*:*:*:*:*:*:*"
    },
    {
      "name": "foo:b",
      "version": "7.78.0",
      "cpe": "cpe:2.3:a:foo:b:7.78.0:*:*:*:*:*:*:*"
    },
    {
      "name": "foo:c",
      "version": "7.78.0",
      "cpe": "cpe:2.3:a:foo:c:7.78.0:*:*:*:*:*:*:*"
    },