dejacode icon indicating copy to clipboard operation
dejacode copied to clipboard
verified publisher icon aboutcode-org

DJC: Enhance DejaCode models to support relating dependencies to packages

Open pombredanne opened this issue 1 year ago • 3 comments

Derived from:

  • https://github.com/nexB/scancode.io/issues/1066

pombredanne avatar Jun 27 '24 15:06 pombredanne

  • Do you have a rough timeframe until when you plan to complete this?
  • Is my understanding correct, that once this is implemented, the foundation is laid for modelling transitive dependencies (#122). It would then be possible to implement an updated SBOM import that retains the hierarchy and exported SBOMs of a project could include them as well.

rogu-beta avatar Jul 01 '24 13:07 rogu-beta

Do you have a rough timeframe until when you plan to complete this?

Now that the new Dependency architecture is complete and stable on the ScanCode.io side, we'll be discussing the design and the DejaCode implementation in the next few days. We should have a better estimate then.

It would then be possible to implement an updated SBOM import that retains the hierarchy and exported SBOMs of a project could include them as well.

Yes, that's the goal, the full "Product" hierarchy would be importable and exportable.

tdruez avatar Jul 01 '24 14:07 tdruez

That is fantastic news! Thank you for all the hard work you put into your software. I'm looking forward to testing the new features as soon as they are available.

rogu-beta avatar Jul 01 '24 14:07 rogu-beta