Fast, portable and reliable dependency analysis for any codebase. Supports license & vulnerability scanning for large monoliths. Language-agnostic; integrates with 20+ build systems.
Updates the issue summary datatype to treat targets as optional.
Note: I put this in "unreleased" because, since we're also doing the Core-side change, I don't think this is worth the time of going through the release process on its own, and can just go in the next release we perform.
Mostly I just integrated this change on this end for on-premise users and for completeness (if we consider it optional, we should consider it optional on the client side too).
Acceptance criteria
fossa test and fossa report are able to work on first-party-license-scanned builds, without the changes in the linked Core PR.
Testing plan
I tested manually against the current production version of FOSSA:
; fossa test -p {project} --revision {revision} --debug
[DEBUG] Loading configuration file from "/Users/jessica/projects/fossa-cli/"
Using project name: {project}
Using revision: {revision}
[DEBUG] [ Checking build completion for {revision}... ]
[DEBUG] [ Waiting for issue scan completion... ]
[DEBUG] An issue occurred
*** Relevant Errors ***
Error: An error occurred when deserializing a response from the FOSSA API:Error in $.summary: key "targets" not found
Traceback:
- Calling FOSSA API
[ERROR] An issue occurred
*** Relevant Errors ***
Error: An error occurred when deserializing a response from the FOSSA API:Error in $.summary: key "targets" not found
After this change:
; cabal run fossa -- test -p {project} --revision {revision} --debug
[DEBUG] Loading configuration file from "/Users/jessica/projects/fossa-cli/"
Using project name: `{project}`
Using revision: `{revision}`
[DEBUG] [ Checking build completion for {revision}... ]
[DEBUG] [ Waiting for issue scan completion... ]
[DEBUG]
[ERROR]
========================================================================
Tested Following Project:
========================================================================
Project Title: {project}
Project Revision: {revision}
Project Visibility: public
COMPLIANCE ISSUES (Total 4)
========================================================================
Flagged by Policy (Total 4)
========================================================================
{ ... omitted project specific details ... }
[DEBUG] An issue occurred
*** Relevant Errors ***
Error: The scan has revealed issues. Number of issues found: 4
Traceback:
(none)
[ERROR] An issue occurred
*** Relevant Errors ***
Error: The scan has revealed issues. Number of issues found: 4
[x] I added tests for this PR's change (or explained in the PR description why tests don't make sense).
[x] If this PR introduced a user-visible change, I added documentation into docs/.
[x] If this PR added docs, I added links as appropriate to the user manual's ToC in docs/README.ms and gave consideration to how discoverable or not my documentation is.
[x] If this change is externally visible, I updated Changelog.md. If this PR did not mark a release, I added my changes into an # Unreleased section at the top.
[x] If I made changes to .fossa.yml or fossa-deps.{json.yml}, I updated docs/references/files/*.schema.json AND I have updated example files used by fossa init command. You may also need to update these if you have added/removed new dependency type (e.g. pip) or analysis target type (e.g. poetry).
[x] If I made changes to a subcommand's options, I updated docs/references/subcommands/<subcommand>.md.
Overview
Companion PR to https://github.com/fossas/FOSSA/pull/12559, fixes https://fossa.atlassian.net/browse/ANE-1738 but in a different way.
Updates the issue summary datatype to treat targets as optional.
Note: I put this in "unreleased" because, since we're also doing the Core-side change, I don't think this is worth the time of going through the release process on its own, and can just go in the next release we perform.
Mostly I just integrated this change on this end for on-premise users and for completeness (if we consider it optional, we should consider it optional on the client side too).
Acceptance criteria
fossa test
andfossa report
are able to work on first-party-license-scanned builds, without the changes in the linked Core PR.Testing plan
I tested manually against the current production version of FOSSA:
After this change:
Risks
None
Metrics
None
References
Fixes https://fossa.atlassian.net/browse/ANE-1738
Checklist
docs/
.docs/README.ms
and gave consideration to how discoverable or not my documentation is.Changelog.md
. If this PR did not mark a release, I added my changes into an# Unreleased
section at the top..fossa.yml
orfossa-deps.{json.yml}
, I updateddocs/references/files/*.schema.json
AND I have updated example files used byfossa init
command. You may also need to update these if you have added/removed new dependency type (e.g.pip
) or analysis target type (e.g.poetry
).docs/references/subcommands/<subcommand>.md
.