Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Displays dependency tree in relationships section for Nuget and Maven #457

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Displays dependency tree in relationships section for Nuget and Maven #457

wants to merge 2 commits into from

Conversation

tarun06
Copy link
Contributor

@tarun06 tarun06 commented Dec 5, 2023
edited
Loading

This PR solves the issue #251 . It depends on component detector pr microsoft/component-detection#927

It lists Hierarchy of packages in relationship section of the SBOM.
here is the output

`

{
"files": [...],
"packages": [
{
"name": "Microsoft.Extensions.Caching.Memory",
"SPDXID": "SPDXRef-Package-3505490951140ED4F9AEE7B75E2DF347926C49A4EC41E3FDDB277E46F56C6E46",
"downloadLocation": "NOASSERTION",
"filesAnalyzed": false,
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"versionInfo": "7.0.0",
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:nuget/Microsoft.Extensions.Caching.Memory@7.0.0"
}
],
"supplier": "NOASSERTION"
},
{
"name": "Microsoft.EntityFrameworkCore.Analyzers",
"SPDXID": "SPDXRef-Package-A0B0F68FECEEAEE4F98067023C661AC2C54C9517BEF753711F43E003CC250716",
"downloadLocation": "NOASSERTION",
"filesAnalyzed": false,
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"versionInfo": "7.0.5",
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:nuget/Microsoft.EntityFrameworkCore.Analyzers@7.0.5"
}
],
"supplier": "NOASSERTION"
},
{
"name": "Microsoft.EntityFrameworkCore.Abstractions",
"SPDXID": "SPDXRef-Package-D0DC877776F81F3401A4EF7EF930E3196DE65AF657771CD3446B39A00199FDB5",
"downloadLocation": "NOASSERTION",
"filesAnalyzed": false,
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"versionInfo": "7.0.5",
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:nuget/Microsoft.EntityFrameworkCore.Abstractions@7.0.5"
}
],
"supplier": "NOASSERTION"
},
{
"name": "Microsoft.EntityFrameworkCore",
"SPDXID": "SPDXRef-Package-3E570839C2016B9FB360FFCAD405CDEAC3EB94B123CD29985990D9364576D7D9",
"downloadLocation": "NOASSERTION",
"filesAnalyzed": false,
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"versionInfo": "7.0.5",
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:nuget/Microsoft.EntityFrameworkCore@7.0.5"
}
],
"supplier": "NOASSERTION"
},
{
"name": "Microsoft.Extensions.Caching.Abstractions",
"SPDXID": "SPDXRef-Package-1A8ED08FCCB0E96A340A7589485C1A7D63FFDAD628A019657EC7169841E3DB83",
"downloadLocation": "NOASSERTION",
"filesAnalyzed": false,
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"versionInfo": "7.0.0",
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:nuget/Microsoft.Extensions.Caching.Abstractions@7.0.0"
}
],
"supplier": "NOASSERTION"
},
{
"name": "Microsoft.Extensions.Logging",
"SPDXID": "SPDXRef-Package-D6B10CA94F55A75F0746B799EAE1E7372994298991EA077E6BA70102EA1CB0CE",
"downloadLocation": "NOASSERTION",
"filesAnalyzed": false,
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"versionInfo": "7.0.0",
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:nuget/Microsoft.Extensions.Logging@7.0.0"
}
],
"supplier": "NOASSERTION"
},
{
"name": "Microsoft.Extensions.Logging.Abstractions",
"SPDXID": "SPDXRef-Package-40E1A9E59C44F0CD9170AD10FCF36B05A76D5491CC455DE3F2ADE9EBF152931D",
"downloadLocation": "NOASSERTION",
"filesAnalyzed": false,
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"versionInfo": "7.0.0",
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:nuget/Microsoft.Extensions.Logging.Abstractions@7.0.0"
}
],
"supplier": "NOASSERTION"
},
{
"name": "Microsoft.Extensions.DependencyInjection.Abstractions",
"SPDXID": "SPDXRef-Package-9072CAF711EF3F7816C9CA11A1500951578C47C5463795B78FBC556470847F01",
"downloadLocation": "NOASSERTION",
"filesAnalyzed": false,
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"versionInfo": "7.0.0",
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:nuget/Microsoft.Extensions.DependencyInjection.Abstractions@7.0.0"
}
],
"supplier": "NOASSERTION"
},
{
"name": "Newtonsoft.Json",
"SPDXID": "SPDXRef-Package-B886264C88915A93892AFBE3D28CD5B3C8B7990F0C6A47AD506184440C46436E",
"downloadLocation": "NOASSERTION",
"filesAnalyzed": false,
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"versionInfo": "13.0.3",
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:nuget/Newtonsoft.Json@13.0.3"
}
],
"supplier": "NOASSERTION"
},
{
"name": "Microsoft.Extensions.Primitives",
"SPDXID": "SPDXRef-Package-659FC6F6442DDDEB1A085D79166237DC05B228DAF796D7615D512FA9E3217439",
"downloadLocation": "NOASSERTION",
"filesAnalyzed": false,
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"versionInfo": "7.0.0",
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:nuget/Microsoft.Extensions.Primitives@7.0.0"
}
],
"supplier": "NOASSERTION"
},
{
"name": "Microsoft.Extensions.DependencyInjection",
"SPDXID": "SPDXRef-Package-03D59A9847F8B707779ED14E9E8B45C1DF1CE09F29AEA2706935CA888E6C09CC",
"downloadLocation": "NOASSERTION",
"filesAnalyzed": false,
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"versionInfo": "7.0.0",
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:nuget/Microsoft.Extensions.DependencyInjection@7.0.0"
}
],
"supplier": "NOASSERTION"
},
{
"name": "Microsoft.Extensions.Options",
"SPDXID": "SPDXRef-Package-902A49EE1292AAB53E6AB794ED81360C3AB9D97FB3A6E6D16678720C8CF9DE4A",
"downloadLocation": "NOASSERTION",
"filesAnalyzed": false,
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"versionInfo": "7.0.0",
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:nuget/Microsoft.Extensions.Options@7.0.0"
}
],
"supplier": "NOASSERTION"
},
{
"name": "System.Runtime.CompilerServices.Unsafe",
"SPDXID": "SPDXRef-Package-1B140F7FA3F784DD56CC7A8B4145E9AD58D8CDD4C249A0F27F2262E47C9B41AF",
"downloadLocation": "NOASSERTION",
"filesAnalyzed": false,
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"versionInfo": "6.0.0",
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:nuget/System.Runtime.CompilerServices.Unsafe@6.0.0"
}
],
"supplier": "NOASSERTION"
},
{
"name": "test",
"SPDXID": "SPDXRef-RootPackage",
"downloadLocation": "NOASSERTION",
"packageVerificationCode": {
"packageVerificationCodeValue": "62b8955c1539a2992ba95cbc22517787c2906c94"
},
"filesAnalyzed": true,
"licenseConcluded": "NOASSERTION",
"licenseInfoFromFiles": [
"NOASSERTION"
],
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"versionInfo": "1.0",
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:swid/soko/www.test.com/test@1.0?tag_id=ef4d4899-f13b-4244-ad0f-ddf636cfaf44"
}
],
"supplier": "Organization: soko",
"hasFiles": [
"SPDXRef-File--obj-Debug-net6.0-TestSbom.GlobalUsings.g.cs-35D3B87FE8DA7BFCCDCFFA070E3BB6BE112A4E34",
"SPDXRef-File--bin-Debug-net6.0-Microsoft.EntityFrameworkCore.dll-DFCA7C271DA0506216BDC633009FF867147E89AA",
"SPDXRef-File--obj-Debug-net6.0-ref-TestSbom.dll-6E0360945BC27AFF85532402952A90ADB3AFF908",
"SPDXRef-File--obj-Debug-net6.0-TestSbom.csproj.CopyComplete-DA39A3EE5E6B4B0D3255BFEF95601890AFD80709",
"SPDXRef-File--obj-TestSbom.csproj.nuget.g.props-8F35316BC9F606DB0DDE2726751528475158FE30",
"SPDXRef-File--bin-Debug-net6.0-TestSbom.deps.json-1F7D8B8802102E91DDA95523533D73C634D6EFCD",
"SPDXRef-File--bin-Debug-net6.0-Microsoft.Extensions.Caching.Memory.dll-0CFA3F1BE8F6B8F9A9439DCBA0BBED12DB4D58C0",
"SPDXRef-File--obj-Debug-net6.0-TestSbom.csproj.FileListAbsolute.txt-9B2CA5A1477D9C0C284248BF0AEB9840DDA3AE36",
"SPDXRef-File--obj-Debug-net6.0-.NETCoreApp-Version-v6.0.AssemblyAttributes.cs-6B1215ADDE948589162C699DE73CC867CD4D9826",
"SPDXRef-File--bin-Debug-net6.0-TestSbom.exe-5276E2E6E5F5DEA26CB482BDE865C5E7360766AC",
"SPDXRef-File--bin-Debug-net6.0-Microsoft.Extensions.DependencyInjection.dll-5F62514899132AED440854E599B742683BCEA1D5",
"SPDXRef-File--Program.cs-02314002D64A8A7FB389BF90258C7049B1A448B3",
"SPDXRef-File--obj-Debug-net6.0-TestSbom.pdb-504FD6545BF8439C024B3816A6BD8C8F2B00F2C0",
"SPDXRef-File--obj-Debug-net6.0-TestSbom.csproj.AssemblyReference.cache-BF89A401D10782B65A46D27E6025F7ACA0DF1D7B",
"SPDXRef-File--obj-TestSbom.csproj.nuget.dgspec.json-AB15BC416B8A66DD44256DD8406EE58FFDA57E30",
"SPDXRef-File--bin-Debug-net6.0-Newtonsoft.Json.dll-F3130F7FD4B414B5AEC04EB87ED800EB84DD2154",
"SPDXRef-File--bin-Debug-net6.0-Microsoft.Extensions.Caching.Abstractions.dll-CBB5349B9EF110D51AB28CF6E9EA8ACCA6C16E2A",
"SPDXRef-File--obj-Debug-net6.0-TestSbom.genruntimeconfig.cache-DC6FF88845C301EF8FDA1B6C2C9A341A5EC9F628",
"SPDXRef-File--obj-Debug-net6.0-TestSbom.AssemblyInfoInputs.cache-2E01BBEF76E1674647864041D94624382F41A73E",
"SPDXRef-File--obj-project.assets.json-DC2DC0D19805D6675C5117473825173541F3774B",
"SPDXRef-File--bin-Debug-net6.0-Microsoft.Extensions.Options.dll-F65C6BAA8A36CBB5B28249177FD74FA1279CFD1C",
"SPDXRef-File--bin-Debug-net6.0-Microsoft.EntityFrameworkCore.Abstractions.dll-9AF2DE71A525B194046C30907C246A8C734729D6",
"SPDXRef-File--obj-Debug-net6.0-TestSbom.GeneratedMSBuildEditorConfig.editorconfig-805C8271C88266F8154A6E7D73AC7ADFB2E4980C",
"SPDXRef-File--obj-Debug-net6.0-TestSbom.AssemblyInfo.cs-26E2291584E716FF799C542A7565E8D89012C36B",
"SPDXRef-File--bin-Debug-net6.0-TestSbom.runtimeconfig.json-FDDB6AA875C839338EE9613336F23367F726DB17",
"SPDXRef-File--bin-Debug-net6.0-Microsoft.Extensions.Logging.dll-C623BA7AAF28DFE6B54FC0AD43C6EBA912C6B336",
"SPDXRef-File--TestSbom.sln-F4B456AE7135A5C48AE15722A4AA69593AA14057",
"SPDXRef-File--bin-Debug-net6.0-Microsoft.Extensions.Primitives.dll-A51ACEA6A9183D6C73DCEDB5B0536F2A5EFD5F43",
"SPDXRef-File--obj-Debug-net6.0-TestSbom.dll-08A7DB3DB478379D7E149043688F5DDC9637ABD5",
"SPDXRef-File--obj-Debug-net6.0-apphost.exe-5276E2E6E5F5DEA26CB482BDE865C5E7360766AC",
"SPDXRef-File--bin-Debug-net6.0-TestSbom.pdb-504FD6545BF8439C024B3816A6BD8C8F2B00F2C0",
"SPDXRef-File--bin-Debug-net6.0-Microsoft.Extensions.Logging.Abstractions.dll-EB1C84DA67D382390397E30FE801A38944BCF48C",
"SPDXRef-File--TestSbom.csproj-068371A207A7FEFBBE84CDB26A0DC45E8C5745B8",
"SPDXRef-File--obj-Debug-net6.0-TestSbom.assets.cache-E2476AD84407C84C573B1D255A8A4B78D6336C97",
"SPDXRef-File--obj-project.nuget.cache-7D40FB85C37D7C3E11C7FA28F03F6C727C40108E",
"SPDXRef-File--obj-Debug-net6.0-refint-TestSbom.dll-6E0360945BC27AFF85532402952A90ADB3AFF908",
"SPDXRef-File--obj-Debug-net6.0-TestSbom.csproj.CoreCompileInputs.cache-20C0E327D340E8B3EC900C3C70031929D918801C",
"SPDXRef-File--obj-TestSbom.csproj.nuget.g.targets-A7D0B31730F7623CDF4F75999400205A2C3905D8",
"SPDXRef-File--bin-Debug-net6.0-TestSbom.dll-08A7DB3DB478379D7E149043688F5DDC9637ABD5",
"SPDXRef-File--bin-Debug-net6.0-Microsoft.Extensions.DependencyInjection.Abstractions.dll-B75730D6C1EF5E0CA6D7F7A1A5EE540AEE940836"
]
}
],
"externalDocumentRefs": [],
"relationships": [
{
"relationshipType": "DESCRIBES",
"relatedSpdxElement": "SPDXRef-RootPackage",
"spdxElementId": "SPDXRef-DOCUMENT"
},
{
"relationshipType": "DEPENDS_ON",
"relatedSpdxElement": "SPDXRef-Package-03D59A9847F8B707779ED14E9E8B45C1DF1CE09F29AEA2706935CA888E6C09CC",
"spdxElementId": "SPDXRef-Package-3E570839C2016B9FB360FFCAD405CDEAC3EB94B123CD29985990D9364576D7D9"
},
{
"relationshipType": "DEPENDS_ON",
"relatedSpdxElement": "SPDXRef-Package-659FC6F6442DDDEB1A085D79166237DC05B228DAF796D7615D512FA9E3217439",
"spdxElementId": "SPDXRef-Package-1A8ED08FCCB0E96A340A7589485C1A7D63FFDAD628A019657EC7169841E3DB83"
},
{
"relationshipType": "DEPENDS_ON",
"relatedSpdxElement": "SPDXRef-Package-1B140F7FA3F784DD56CC7A8B4145E9AD58D8CDD4C249A0F27F2262E47C9B41AF",
"spdxElementId": "SPDXRef-Package-659FC6F6442DDDEB1A085D79166237DC05B228DAF796D7615D512FA9E3217439"
},
{
"relationshipType": "DEPENDS_ON",
"relatedSpdxElement": "SPDXRef-Package-40E1A9E59C44F0CD9170AD10FCF36B05A76D5491CC455DE3F2ADE9EBF152931D",
"spdxElementId": "SPDXRef-Package-3505490951140ED4F9AEE7B75E2DF347926C49A4EC41E3FDDB277E46F56C6E46"
},
{
"relationshipType": "DEPENDS_ON",
"relatedSpdxElement": "SPDXRef-Package-D6B10CA94F55A75F0746B799EAE1E7372994298991EA077E6BA70102EA1CB0CE",
"spdxElementId": "SPDXRef-Package-3E570839C2016B9FB360FFCAD405CDEAC3EB94B123CD29985990D9364576D7D9"
},
{
"relationshipType": "DEPENDS_ON",
"relatedSpdxElement": "SPDXRef-Package-9072CAF711EF3F7816C9CA11A1500951578C47C5463795B78FBC556470847F01",
"spdxElementId": "SPDXRef-Package-3505490951140ED4F9AEE7B75E2DF347926C49A4EC41E3FDDB277E46F56C6E46"
},
{
"relationshipType": "DEPENDS_ON",
"relatedSpdxElement": "SPDXRef-Package-1A8ED08FCCB0E96A340A7589485C1A7D63FFDAD628A019657EC7169841E3DB83",
"spdxElementId": "SPDXRef-Package-3505490951140ED4F9AEE7B75E2DF347926C49A4EC41E3FDDB277E46F56C6E46"
},
{
"relationshipType": "DEPENDS_ON",
"relatedSpdxElement": "SPDXRef-Package-3E570839C2016B9FB360FFCAD405CDEAC3EB94B123CD29985990D9364576D7D9",
"spdxElementId": "SPDXRef-RootPackage"
},
{
"relationshipType": "DEPENDS_ON",
"relatedSpdxElement": "SPDXRef-Package-B886264C88915A93892AFBE3D28CD5B3C8B7990F0C6A47AD506184440C46436E",
"spdxElementId": "SPDXRef-RootPackage"
},
{
"relationshipType": "DEPENDS_ON",
"relatedSpdxElement": "SPDXRef-Package-D0DC877776F81F3401A4EF7EF930E3196DE65AF657771CD3446B39A00199FDB5",
"spdxElementId": "SPDXRef-Package-3E570839C2016B9FB360FFCAD405CDEAC3EB94B123CD29985990D9364576D7D9"
},
{
"relationshipType": "DEPENDS_ON",
"relatedSpdxElement": "SPDXRef-Package-902A49EE1292AAB53E6AB794ED81360C3AB9D97FB3A6E6D16678720C8CF9DE4A",
"spdxElementId": "SPDXRef-Package-3505490951140ED4F9AEE7B75E2DF347926C49A4EC41E3FDDB277E46F56C6E46"
},
{
"relationshipType": "DEPENDS_ON",
"relatedSpdxElement": "SPDXRef-Package-A0B0F68FECEEAEE4F98067023C661AC2C54C9517BEF753711F43E003CC250716",
"spdxElementId": "SPDXRef-Package-3E570839C2016B9FB360FFCAD405CDEAC3EB94B123CD29985990D9364576D7D9"
},
{
"relationshipType": "DEPENDS_ON",
"relatedSpdxElement": "SPDXRef-Package-3505490951140ED4F9AEE7B75E2DF347926C49A4EC41E3FDDB277E46F56C6E46",
"spdxElementId": "SPDXRef-Package-3E570839C2016B9FB360FFCAD405CDEAC3EB94B123CD29985990D9364576D7D9"
}
],
"spdxVersion": "SPDX-2.2",
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"name": "test 1.0",
"documentNamespace": "https://www.test.com/test/1.0/bqnGpsLeoUilD2Ew5N2F_w",
"creationInfo": {
"created": "2023-12-05T09:41:19Z",
"creators": [
"Organization: soko",
"Tool: Microsoft.SBOMTool-2.0.1"
]
},
"documentDescribes": [
"SPDXRef-RootPackage"
]
}
`
@tarun06 tarun06 requested a review from a team as a code owner December 5, 2023 09:57
@tarun06 tarun06 mentioned this pull request Dec 5, 2023
Merged
@tarun06 tarun06 force-pushed the 251-Displays-dependency-tree-in-relationships-section-for-Nuget-and-Maven branch from 2290444 to 30d564f Compare January 18, 2024 05:08
@tarun06 tarun06 force-pushed the 251-Displays-dependency-tree-in-relationships-section-for-Nuget-and-Maven branch from 1dbd15d to 92d7752 Compare February 1, 2024 05:41
@tarun06
Copy link
Contributor Author

tarun06 commented Feb 2, 2024

@ByAgenT @jiaw37 Could you please review this PR?
@tarun06
Copy link
Contributor Author

tarun06 commented Mar 5, 2024

@Team, Could you please review this PR?
@tarun06 tarun06 force-pushed the 251-Displays-dependency-tree-in-relationships-section-for-Nuget-and-Maven branch 2 times, most recently from c19b0f5 to 356717d Compare July 21, 2024 17:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
1 participant
@tarun06