-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
refactor: use UUID for Packages IDs from pom.xml
files.
#7879
base: main
Are you sure you want to change the base?
Conversation
pom.xml
files.pom.xml
files.
@@ -148,7 +148,8 @@ func (p *Parser) parseRoot(root artifact, uniqModules map[string]struct{}) ([]ft | |||
if _, ok := uniqModules[art.String()]; ok { | |||
continue | |||
} | |||
uniqModules[art.String()] = struct{}{} | |||
art.ID = uuid.New() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I want the output reports to be as reproducible as possible. I'm considering another approach, but I have not yet come up with...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you mean using something like a hash instead of UUID?
Description
There are cases when report contains Packages with same
GAV
(GroupID, ArtifactID, version).But these are different packages (see #7824 (comment)).
To avoid confusing and build dependency graph correctly, we need to use
UUID
for each Package frompom.xml
files.This solution also fixes problem with relationships in SBOM formats for this case (see #7824 (comment))
PR blocker - #7889
Related issues
Related PR
workspaceRelationship
#7889Checklist