-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(dbt): map sboms to known artifacts (#2547)
* feat(dbt): map sboms to known artifacts * fix: update comment
- Loading branch information
Showing
1 changed file
with
60 additions
and
0 deletions.
There are no files selected for viewing
60 changes: 60 additions & 0 deletions
60
warehouse/dbt/models/intermediate/directory/int_sbom_artifacts.sql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,60 @@ | ||
| with ranked_snapshots as ( | ||
| select | ||
| artifact_source, | ||
| package_source, | ||
| package_version, | ||
| snapshot_at, | ||
| lower(artifact_namespace) as artifact_namespace, | ||
| lower(artifact_name) as artifact_name, | ||
| lower(package) as package, | ||
| row_number() over ( | ||
| partition by | ||
| artifact_source, | ||
| artifact_namespace, | ||
| artifact_name, | ||
| package_source, | ||
| package, | ||
| package_version | ||
| order by snapshot_at asc | ||
| ) as row_num | ||
| from {{ source('ossd', 'sbom') }} | ||
| ), | ||
|
|
||
| sbom_artifacts as ( | ||
| select | ||
| artifact_source, | ||
| artifact_namespace, | ||
| artifact_name, | ||
| package_source, | ||
| package, | ||
| package_version, | ||
| snapshot_at | ||
| from ranked_snapshots | ||
| where row_num = 1 | ||
| ) | ||
|
|
||
| select | ||
| {# | ||
| Because we use repo.id as the artifact_source_id for github, we need to lookup the artifact_id for the SBOM repo. If the artifact is not found, this will return null. | ||
| #} | ||
| all_repos.artifact_id, | ||
| sbom_artifacts.artifact_source, | ||
| sbom_artifacts.artifact_namespace, | ||
| sbom_artifacts.artifact_name, | ||
| {# | ||
| Because we only index packages that are found in OSSD, most of the time this will return a null package_artifact_id. | ||
| #} | ||
| all_packages.artifact_id as package_artifact_id, | ||
| sbom_artifacts.package_source as package_artifact_source, | ||
| sbom_artifacts.package as package_artifact_name, | ||
| sbom_artifacts.package_version as package_version, | ||
| sbom_artifacts.snapshot_at | ||
| from sbom_artifacts | ||
| left outer join {{ ref('int_all_artifacts') }} as all_repos | ||
| on | ||
| sbom_artifacts.artifact_namespace = all_repos.artifact_namespace | ||
| and sbom_artifacts.artifact_name = all_repos.artifact_name | ||
| left outer join {{ ref('int_all_artifacts') }} as all_packages | ||
| on | ||
| sbom_artifacts.package = all_packages.artifact_name | ||
| and sbom_artifacts.package_source = all_packages.artifact_source |