search

vmware-archive / rules_oss_audit

The complexities of identifying and tracking open-source software (OSS) to comply with license requirements adds friction to the development process and can result in product-release delays. At VMware, we solve this problem using Bazel to create an accurate bill of materials containing OSS and third-party packages during a build.
Apache License 2.0
30 stars 11 forks source link

Aspect to handle implicit dependencies. #10

Closed rtabassum closed 2 years ago

rtabassum commented 2 years ago

Aspect to handle implicit dependencies by traversing the output file's generating rules.

Fixes #4

Testing done: Tested with bazel-buildfarm code change locally; diff below. The generated bom now contains 145 packages.

rtabassum@rtabassum-a01 bazel-buildfarm % git diff
diff --git a/BUILD b/BUILD
index 08122f82..5df1961e 100644
--- a/BUILD
+++ b/BUILD
@@ -143,8 +143,8 @@ java_image(

 oss_audit(
     name = "buildfarm-server-audit",
-    #src = "//src/main/java/build/buildfarm/rpms/server:buildfarm-server-rpm",
-    src = "//src/main/java/build/buildfarm/rpms/server:buildfarm-server-rpm2",
+    src = "//src/main/java/build/buildfarm/rpms/server:buildfarm-server-rpm",
+    #src = "//src/main/java/build/buildfarm/rpms/server:buildfarm-server-rpm2",
     #src = "//src/main/java/build/buildfarm:buildfarm-server_deploy.jar"
     #src = "//src/main/java/build/buildfarm:buildfarm-server"
 )
diff --git a/deps.bzl b/deps.bzl
index ba156a62..4058455a 100644
--- a/deps.bzl
+++ b/deps.bzl
@@ -108,9 +108,9 @@ def archive_dependencies(third_party):

         {
             "name": "rules_oss_audit",
-            "sha256": "cabb4d985eb9efe40326436e683a90e74603dd282ae2a0af2a21bf078f07cf1b",
-            "strip_prefix": "rules_oss_audit-5ae338712005a616c11d69a669d669e3742c1c83",
-            "url": "https://github.com/vmware/rules_oss_audit/archive/5ae338712005a616c11d69a669d669e3742c1c83.zip",
+            #"sha256": "cabb4d985eb9efe40326436e683a90e74603dd282ae2a0af2a21bf078f07cf1b",
+            "strip_prefix": "rules_oss_audit-c7aa9df46698717d2e2ad8b5316c177f2da26b92",
+            "url": "https://github.com/vmware/rules_oss_audit/archive/c7aa9df46698717d2e2ad8b5316c177f2da26b92.zip",
         },