dejacode icon indicating copy to clipboard operation
dejacode copied to clipboard
verified publisher icon aboutcode-org

DJC: Provide new command option on Product to "Improve Packages from latest data"

Open DennisClark opened this issue 1 year ago • 4 comments

Importing an SBOM into a DejaCode Product can be disappointing if the SBOM does not have much license information. A nice feature would be to provide a new command option to "Improve Packages from PurlDB" on the Product "Scan" dropdown:

Step through the Product Packages Use the PURL to find an entry in the PurlDB Apply PurlDB field values to empty fields in the Product Package and corresponding Package definitions.

DennisClark avatar Feb 08 '24 20:02 DennisClark

Given our recent experience with importing real-world SBOMs into DejaCode with rather scant license information, I think we should raise the priority on this one.

DennisClark avatar Apr 01 '24 14:04 DennisClark

@tdruez when I click on the notification generated by the "Improve..." process, it takes me to the Product (good) but it is not marking the notification as Read, and it continues to show up in the list.

The basic functionality of the "Improve..." process appears to be working fine, although I am still testing that.

DennisClark avatar Jul 10 '24 17:07 DennisClark

@tdruez if possible, it might be better that when I click on the notification, it would open the Product positioned on the History tab rather than the Essentials tab.

DennisClark avatar Jul 10 '24 17:07 DennisClark

Let's expand this enhancement to include checking the DejaCode Package definitions for updates since a Package was initially assigned to a Product; this can be especially useful if the Package was scanned after it was assigned to the Product, such as from the "Scan all Packages" action. The primary field of interest here would be the license_expression on the Product Package, so that if that field is empty it would be eligible for refreshing from an updated Package.

DennisClark avatar Jul 18 '24 17:07 DennisClark

@DennisClark The https://github.com/aboutcode-org/dejacode/pull/135 PR has been refined, merged, and deployed. The "Improve" action is now logged in the "Import" tab of the Product details view, so you can track the progress there and get the list of "Improved" packages directly from that tab. Feel free to close this one or to let me know about any possible improvements.

tdruez avatar Sep 02 '24 16:09 tdruez

@tdruez The logging of the Improve action on the Imports tab looks good, thanks. I think we can close this one.

DennisClark avatar Sep 03 '24 16:09 DennisClark