This PR adds generating unique ids to all issues that Sandworm detects.
ids are assigned to license and meta issues
ids are NOT assigned to vulnerabilities, as they have their own ids already
ids are saved on the sandwormIssueId property of an issue
all issues have also been assigned a code sandwormIssueCode and an optional specifier sandwormIssueSpecifier
license issues have been assigned 1XX codes
meta issues have been assigned 2xx codes
For most issues, the id is a combination of issue code + package name + package version:
SWRM-102-spdx-license-ids-3.0.12
Some issues might be generated more than once for a single version, so they also append a specifier:
SWRM-201 install scripts issue is created once for each install script used (pre/post), and will generate ids like SWRM-201-core-js-3.29.0-postinstall
SWRM-203, SWRM-204, and SWRM-205 are created once for each http/git/file dependency in a manifest, and will generate ids like SWRM-203-core-js-3.29.0-react
I've explored hashing the ids, but I think the explicit form is easier to read and use.
This PR adds generating unique ids to all issues that Sandworm detects.
licenseandmetaissuessandwormIssueIdproperty of an issuesandwormIssueCodeand an optional specifiersandwormIssueSpecifierlicenseissues have been assigned 1XX codesmetaissues have been assigned 2xx codesFor most issues, the id is a combination of issue code + package name + package version:
SWRM-102-spdx-license-ids-3.0.12Some issues might be generated more than once for a single version, so they also append a specifier:
SWRM-201install scripts issue is created once for each install script used (pre/post), and will generate ids likeSWRM-201-core-js-3.29.0-postinstallSWRM-203,SWRM-204, andSWRM-205are created once for each http/git/file dependency in a manifest, and will generate ids likeSWRM-203-core-js-3.29.0-reactI've explored hashing the ids, but I think the explicit form is easier to read and use.
Fixes #54