You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using the SBOM data, we need to create consistent logic for deriving the artifact_name and artifact_namespace for a package and linking it to the project / GitHub repo that owns it.
For now, the priorities are mainly NPM and CRATES.
For example, this model grabs NPM packages
select distinct
abp.project_source,
abp.project_name,
sbom.package,
sbom.package_source
from `ossd.sbom` as sbom
join `oso.artifacts_by_project_v1` as abp
on
abp.artifact_namespace = lower(sbom.artifact_namespace)
and abp.artifact_name = lower(sbom.artifact_name)
join `oso.projects_by_collection_v1` as pbc
on abp.project_name = pbc.project_name
where
abp.artifact_source = 'GITHUB'
and sbom.package_source = 'NPM
and here is some quick logic to extract naming fields:
def extract_artifacts(pkg):
pkg = pkg.replace('../','').replace('./','')
namespace = pkg
name = pkg
if '/' in pkg:
splt = pkg.split('/')
if len(splt) > 2:
if 'aztec-packages' in pkg:
namespace = splt[0]
name = splt[1]
else:
return (None, None)
else:
namespace, name = splt
namespace = namespace[1:]
return (namespace, name)
The text was updated successfully, but these errors were encountered:
What is it?
Using the SBOM data, we need to create consistent logic for deriving the
artifact_nameandartifact_namespacefor a package and linking it to the project / GitHub repo that owns it.For now, the priorities are mainly NPM and CRATES.
For example, this model grabs NPM packages
and here is some quick logic to extract naming fields:
The text was updated successfully, but these errors were encountered: