Closed thaljef closed 2 years ago
This repository and the code in it provide bindings to the Black Duck REST API and examples for how to use it. By definition, there is no direct access to the database.
Also, as of v2021.10.0 there is no filter on releasedOn available (through the BD REST API) for BOM components.
As I understand the Client API, you can pass additional query parameters to the Requests library. So code like this...
params = {'sort' : 'releasedOn DESC'}
sorted_components = bd.get_resource('versions', component), params=params)
...generates a request with this URL...
https://poc37.blackduck.synopsys.com/api/components/763029b0-80a1-4f82-8b73-b6632c671f6a/versions?sort=releasedOn+DESC&offset=0&limit=250
...which appears to do-what-I-mean. Is this not the intended way to use the Client module?
The strategy used at lines 123 to 130 in
get_upstream_copyrights.py
to find older component versions seems inefficient because it requires reading all possible values from the database and then sorting them. This would be more efficient if we let the database sort them and then read them from a generator and discarding items that aren't older. Ideally, we could filter the query onreleasedOn
and avoid this business altogether, but I'm not sure that's possible with the API.