Skip to content

PURL qualifier-based search #144

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tngraf merged 4 commits into from
Jul 24, 2025
Merged

PURL qualifier-based search #144

tngraf merged 4 commits into from
Jul 24, 2025

Conversation

@gernot-h
Copy link
Collaborator

@gernot-h gernot-h commented Apr 24, 2025
edited
Loading

Contains following changes/features:

Fixes #139
Fixes #150

@gernot-h gernot-h force-pushed the feat/purl-qualifier-search branch 2 times, most recently from 75a5b6f to 32f0448 Compare April 28, 2025 18:16
@gernot-h gernot-h force-pushed the feat/purl-qualifier-search branch 4 times, most recently from 2000045 to f03cf04 Compare May 6, 2025 10:08
@gernot-h gernot-h force-pushed the feat/purl-qualifier-search branch 2 times, most recently from 956eccd to 2fe0b65 Compare May 14, 2025 11:21
@gernot-h gernot-h force-pushed the feat/purl-qualifier-search branch from 2fe0b65 to 454b41d Compare May 22, 2025 14:50
@gernot-h gernot-h force-pushed the feat/purl-qualifier-search branch from 454b41d to 44ced97 Compare June 4, 2025 16:11
@gernot-h gernot-h force-pushed the feat/purl-qualifier-search branch 3 times, most recently from 5bf491a to 19382df Compare July 1, 2025 13:55
@gernot-h gernot-h mentioned this pull request Jul 1, 2025
Closed
@gernot-h gernot-h force-pushed the feat/purl-qualifier-search branch 2 times, most recently from 49ec3bd to 91c0628 Compare July 14, 2025 08:05
@gernot-h
Copy link
Collaborator Author

gernot-h commented Jul 22, 2025
edited
Loading

This is mostly ready, but unconditionally changing the mapping behaviour. I agreed with @tngraf to keep current mapping behaviour as default and add commandline switches for the new mapping algorithms.

Currently, we have the following switches changing behaviour of "bom map":

  • -all – report all name matches if there are no version matches
  • --mode – allows to only show found or notfound entries in output SBOM
  • --dbx – ignore Debian version string suffices during mapping

-all and --dbx seem to be used not only in "bom map", but also for "bom createcomponents" and "bom show".

To not end up with numerous cmdline parameters in "bom map", I agreed with @tngraf to deprecate -all and --dbx for "bom map" and instead add a new parameter --matchmode with comma-separated options like all-versions (replacing -all), ignore-debian (replacing --dbx), full-search (new feature from this MR: return all best matches for releases and PURLs), qualifier-match (new feature from this MR: consider PURL qualifiers).

@gernot-h gernot-h force-pushed the feat/purl-qualifier-search branch from 91c0628 to 3fad13e Compare July 22, 2025 11:27
gernot-h added 3 commits July 22, 2025 16:16
@gernot-h
feat(bom map): check all releases for best matches
636849a 
The previous code used to abort the mapping on the first good match. So
better or equal other matches could stay unnoticed. Also, the mapping
result may have depended on the order in which releases were found.

bom map --matchmode full-search allows to check all releases for
possible matches and thus assure that the mapping results are
deterministic and contain best matches.  To get the logic right, we also
need to do the checks in the order of MapResult priorities.
@gernot-h
feat(bom map): support multiple PURL matches
fc02a55 
This allows to return multiple PURL results. This is needed to implement
PURL fallback mapping with qualifiers (#139).
@gernot-h
feat(bom): map and createreleases consider PURL qualifiers
8153bbd 
This adds support for PURLs with qualifiers, introducing the following
semantics: Only qualifiers specified in the BOM are compared.  If
entries are found where all of them match, only those are returned.
@gernot-h gernot-h force-pushed the feat/purl-qualifier-search branch from 3fad13e to 8153bbd Compare July 22, 2025 15:55
@gernot-h gernot-h marked this pull request as ready for review July 22, 2025 18:44
@gernot-h gernot-h requested a review from tngraf July 22, 2025 18:44
@gernot-h
Copy link
Collaborator Author

gernot-h commented Jul 22, 2025

@t-graf, the PR is finally ready for review and probably merging. This basically contains three changes:

  • replace --dbx and -all by --matchmode (first commit)
  • matchmode "full-search" to check all releases and report all best matches (commits 2 + 3)
  • matchmode "qualifier-match" match using PURL qualifiers (commit 4, the largest one)

I suggest to review the changes commit by commit, and if you want we can also split this into two PRs, just let me know!

@tngraf tngraf merged commit 8f27203 into main Jul 24, 2025
6 checks passed
@gernot-h gernot-h deleted the feat/purl-qualifier-search branch July 29, 2025 10:24
gernot-h added a commit to sw360/capywfa that referenced this pull request Jul 29, 2025
@gernot-h
poetry: switch back to CaPyCli main
ddedaff 
Qualifier code from sw360/capycli#144 has been merged.
gernot-h added a commit to sw360/capywfa that referenced this pull request Jul 29, 2025
@gernot-h
poetry: switch back to CaPyCli main
16ffdd2 
Qualifier code from sw360/capycli#144 has been merged.
gernot-h added a commit to sw360/capywfa that referenced this pull request Jul 29, 2025
@gernot-h
poetry: switch back to CaPyCli main
8f3b00f 
Qualifier code from sw360/capycli#144 has been merged.
@gernot-h gernot-h mentioned this pull request Dec 23, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tngraf tngraf tngraf approved these changes

Assignees

@t-graf t-graf

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

new option for "bom map" to allow multiple good matches PURL fallback mapping strategy

4 participants

@gernot-h @tngraf @t-graf