search

microsoft / sbom-tool

The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.
MIT License
1.63k stars 133 forks source link

Include dependency tree data about nuget and maven packages #746

Closed jalkire closed 1 month ago

jalkire commented 1 month ago

This PR includes the changes from #457 with an updated pull from main--this PR is just to speed up the merge. Credit goes to @tarun06!

It includes hierarchical package data from CD for nuget and maven packages. It primarily impacts the relationships section of the SBOM.

A subsequent PR will add support for other package types.

codecov-commenter commented 1 month ago

Codecov Report

Attention: Patch coverage is 93.75000% with 2 lines in your changes missing coverage. Please review.

Project coverage is 70.13%. Comparing base (2a6d71e) to head (dbca9ef).

Files with missing lines Patch % Lines
...rosoft.Sbom.Api/Executors/PackageInfoJsonWriter.cs 0.00% 0 Missing and 1 partial :warning:
...i/Workflows/Helpers/RelationshipsArrayGenerator.cs 93.33% 0 Missing and 1 partial :warning:
Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #746 +/- ## ========================================== + Coverage 70.06% 70.13% +0.07% ========================================== Files 277 277 Lines 8622 8646 +24 Branches 1002 1006 +4 ========================================== + Hits 6041 6064 +23 Misses 2063 2063 - Partials 518 519 +1 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.