M7 Master PR #4
Closed
M7 Master PR #4
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bchassoul
requested review from
GwendalLaurent,
IciaCarroBarallobre and
bchassoul
This new category is "Source-available Non-commercial": the license does not fulfill the Open Source Definition and contains clauses explicitly limiting the licensed material from being used commercially. Signed-off-by: Nicolas Nobelis <[email protected]>
Update dependencies to latest available versions to benefit from upstream improvements. Signed-off-by: Thomas Steenbergen <[email protected]>
Update WebApp code to replace APIs that have been deprecated in Ant Design v6. See [1] for the complete list. [1]: https://ant.design/docs/react/migration-v6#api-adjustments Signed-off-by: Thomas Steenbergen <[email protected]>
Upgrade to Ant Design v6 introduced changes to the `Tag` API, resulting in incorrect styling. Signed-off-by: Thomas Steenbergen <[email protected]>
Update `Statistics` so it matches the properties of the current version of Statistics.kt. Signed-off-by: Thomas Steenbergen <[email protected]>
Update index.html to use an ORT evaluated model result which has curations, package configurations and labels. Subsequent commits will focus on effectively displaying these elements withing the WebApp report. Signed-off-by: Thomas Steenbergen <[email protected]>
Add helper function to retrieve a WebAppPackage from the OrtResult by its package identifier. Signed-off-by: Thomas Steenbergen <[email protected]>
Implement RepsitoryConfiguration and all required classes based on [RepositoryConfiguration.kt][1] to prepare for showing its contents within the WebApp. [1]: https://github.com/oss-review-toolkit/ort/blob/75.0.0/model/src/main/kotlin/config/RepositoryConfiguration.kt Signed-off-by: Thomas Steenbergen <[email protected]>
Re-align the package curation representation with recent introduction of indexing by 8d924fb. Add `hasCurations()` to make it easy and fast to determine whether a package has package curations. Signed-off-by: Thomas Steenbergen <[email protected]>
Implement support in the model for package configurations so we can display them in future commits. Signed-off-by: Thomas Steenbergen <[email protected]>
Add an option in ResultsTable to show or hide a "Curations" column that indicates whether a curation was applied to a package to correct its metadata. Signed-off-by: Thomas Steenbergen <[email protected]>
Add an option in ResultsTable to show or hide a "Configs" column that indicates whether a package configuration was applied to a package to correct its license findings or exclude file paths. Signed-off-by: Thomas Steenbergen <[email protected]>
The .ort.yml file supports more than just excludes so renaming tab title to just name the file. Signed-off-by: Thomas Steenbergen <[email protected]>
Display ORT package curations as YAML in AboutModel to show applied curations. Signed-off-by: Thomas Steenbergen <[email protected]>
Display ORT package configurations as YAML in AboutModel to show applied configurations. Signed-off-by: Thomas Steenbergen <[email protected]>
Fix an issue reported by `yarn lint`. Signed-off-by: Thomas Steenbergen <[email protected]>
maennchen
changed the base branch from
main
to
cyclone-to-projectanalyzerresult
maennchen
changed the base branch from
cyclone-to-projectanalyzerresult
to
main
This was referenced Jan 15, 2026
maennchen
force-pushed
the
sosef/m7
branch
2 times, most recently
from
bf91d9a to
0bb4a3d
Compare
Prepare for showing the package labels in the WebApp. Signed-off-by: Frank Viernau <[email protected]>
This test failing was probably hidden in between other unrelated failures. Signed-off-by: Sebastian Schuberth <[email protected]>
maennchen
force-pushed
the
sosef/m7
branch
3 times, most recently
from
0eaccfc to
84e8b2c
Compare
The `Dropdown.Button` and `Pagination.position` have been marked as deprecated in Ant Design v6 migration[1]. [1]: https://ant.design/docs/react/migration-v6 Signed-off-by: Thomas Steenbergen <[email protected]>
Show package curations for selected package if present as part of the package details view. Signed-off-by: Thomas Steenbergen <[email protected]>
Show package configurations for selected package if present as part of the package details view. Signed-off-by: Thomas Steenbergen <[email protected]>
Increase the Drawer opened in the Tree tab to 70% of the browser window so there is sufficient space to display scan results. Set a minimum width of 1000px to ensure usability on smaller screens. Signed-off-by: Thomas Steenbergen <[email protected]>
Restore showing VCS info within the 'Repository' column in the Table view. It was lost during the refactor in commit 403d1bc. Signed-off-by: Thomas Steenbergen <[email protected]>
Remove `render` from getColumnSearchProps as its unnecessary and blocks setting custom `render` on columns when the function is used. Signed-off-by: Thomas Steenbergen <[email protected]>
To include package labels introduced in 4d74aa5. Signed-off-by: Thomas Steenbergen <[email protected]>
Show package labels (when present in curations) on package listings and detail views so users can more easily find and identify labeled packages. For example, packages tagged as coming from a specific team or unit within the organization. Signed-off-by: Thomas Steenbergen <[email protected]>
Rename OrtResult YAML functions for consistency. Remove 'String' from function names since YAML is always represented as a string in JavaScript. Signed-off-by: Thomas Steenbergen <[email protected]>
Install mix_sbom binary with sigstore signature verification using cosign. Signed-off-by: Jonatan Männchen <[email protected]>
Install rebar3_sbom binary using the bombom wrapper with sigstore signature verification using cosign, Co-authored-by: Jonatan Männchen<[email protected]> Signed-off-by: GwendalLaurent <[email protected]>
Add a new utils/cyclonedx module that provides reusable functionality for analyzing CycloneDX SBOMs. This enables multiple package managers to analyze CycloneDX SBOMs by extending the shared CycloneDxPackageManager class. The new module includes: - CycloneDxPackageManager abstract base class for SBOM analysis - CycloneDxSbom for parsing CycloneDX JSON files - CycloneDxDependencyHandler for dependency translation - CycloneDxDependency for dependency representation - Comprehensive test coverage for CycloneDX utilities Co-authored-by: Barbara Chassoul <[email protected]> Co-authored-by: Jonatan Männchen<[email protected]> Signed-off-by: IciaC <[email protected]>
Signed-off-by: Barbara Chassoul <[email protected]>
Signed-off-by: Barbara Chassoul <[email protected]>
Add support for analyzing Elixir projects using mix_sbom for CycloneDX SBOM generation. Supports single projects and umbrella workspaces with proper handling of Hex packages. Signed-off-by: Jonatan Männchen <[email protected]>
Add support for analyzing Erlang projects using bombom for CycloneDX SBOM generation. Supports single projects with proper handling of Hex packages. Signed-off-by: Jonatan Männchen <[email protected]>
Add Mix and Rebar3 to the list of known package managers in the analyzer configuration and JSON schema. Signed-off-by: Jonatan Männchen <[email protected]>
Add Mix & Rebar3 to the analyzer documentation listing supported package managers. Signed-off-by: Jonatan Männchen <[email protected]>
This prevents caches and temporary files from being persisted to the image, reducing its size by ~500 MB. More importantly, it fixes an "AccessDenied" error when running with ort-ci-action. Burrito-based tools (mix_sbom, bombom) extract a musl runtime to /tmp on first run. When this happens during the Docker build, the files are owned by the ort user with mode 0754 (no execute for others). The ort-ci-action runs containers with -u $(id -u):$(id -g), so the user may not be ort and cannot execute the musl library. By using tmpfs mounts, these files are not persisted and each container creates them fresh with appropriate permissions. Signed-off-by: Jonatan Männchen <[email protected]>
Author
|
TODOs all closed, track future state in oss-review-toolkit#11319 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
TODO
@bchassoul - Add @IciaCarroBarallobre as co-author in 454446dIcia is already the primary author.ghcr.io/erlef/ort:sosef-m7