Skip to content

Static-SCA: Fix direct component in Sbom calculation for impacted component #644

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
attiasas wants to merge 6 commits into
base: dev
Choose a base branch
from
Open

Static-SCA: Fix direct component in Sbom calculation for impacted component #644

attiasas wants to merge 6 commits into from
+405 −64

Conversation

@attiasas
Copy link
Contributor

@attiasas attiasas commented Jan 19, 2026
edited by eranturgeman
Loading

  • The pull request is targeting the dev branch.
  • The code has been validated to compile successfully by running go vet ./....
  • The code has been formatted properly using go fmt ./....
  • All static analysis checks passed.
  • All tests have passed. If this feature is not already covered by the tests, new tests have been added.
  • Updated the Contributing page / ReadMe page / CI Workflow files if needed.
  • All changes are detailed at the description. if not already covered at JFrog Documentation, new documentation have been added.

We calculated the direct components as the direct parent of the impacted component.
This PR fixes the issue and caclulate the actual direct components in the SBOM for the given impacted component.

In addition:

  1. adding id attribute to simple-json ComponentRow struct with the component BomRef/XrayComponentId
  2. adding location to impact paths as well, if provided.

@attiasas
Static-SCA: Fix direct component in Sbom calculation for impacted com…
fbe0258 
…ponent and add ID to simplejson.ComponentRow
@attiasas attiasas added the ignore for release Automatically generated release notes label Jan 19, 2026
@attiasas attiasas added the safe to test Approve running integration tests on a pull request label Jan 19, 2026
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Jan 19, 2026
@attiasas attiasas added the safe to test Approve running integration tests on a pull request label Jan 19, 2026
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Jan 19, 2026
@attiasas attiasas changed the title Static-SCA: Fix direct component in Sbom calculation for impacted com… Static-SCA: Fix direct component in Sbom calculation for impacted component Jan 19, 2026
@attiasas attiasas added the safe to test Approve running integration tests on a pull request label Jan 19, 2026
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Jan 19, 2026
@attiasas attiasas added the safe to test Approve running integration tests on a pull request label Jan 19, 2026
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Jan 19, 2026
eranturgeman
eranturgeman reviewed Jan 20, 2026
View reviewed changes
eranturgeman
eranturgeman reviewed Jan 20, 2026
View reviewed changes
eranturgeman
eranturgeman reviewed Jan 20, 2026
View reviewed changes
eranturgeman
eranturgeman reviewed Jan 20, 2026
View reviewed changes
eranturgeman
eranturgeman reviewed Jan 20, 2026
View reviewed changes
eranturgeman
eranturgeman reviewed Jan 20, 2026
View reviewed changes
eranturgeman
eranturgeman approved these changes Jan 20, 2026
View reviewed changes
Copy link
Contributor

@eranturgeman eranturgeman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! see my notes and please add in the pr detains what is the addition of the property

@attiasas attiasas added the safe to test Approve running integration tests on a pull request label Jan 20, 2026
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Jan 20, 2026
@github-actions
Copy link

github-actions bot commented Jan 20, 2026

👍 Frogbot scanned this pull request and did not find any new security issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eranturgeman eranturgeman eranturgeman approved these changes

@orto17 orto17 Awaiting requested review from orto17

@eyalk007 eyalk007 Awaiting requested review from eyalk007

Assignees

No one assigned

Labels

ignore for release Automatically generated release notes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@attiasas @eranturgeman