dejacode

dejacode copied to clipboard

Construction of an Inferred URL for a Package is dropping the plus sign

3

Adding the Package available at https://github.com/facebook/sapling/archive/refs/tags/0.2.20240718-145624+f4e9df48.tar.gz to DejaCode is generally successful, but there is a problem with the Inferred URL: Package URL: pkg:github/facebook/[email protected]%20f4e9df48 Filename: sapling-0.2.20240718-145624-f4e9df48.tar.gz Download URL: https://github.com/facebook/sapling/archive/refs/tags/0.2.20240718-145624+f4e9df48.tar.gz Inferred URL:...

DennisClark

Bug: SPDX file generated for DejaCode 5.2 fails to validate

1

The attached file dejacode_nexb_product_dejacode_5.2.spdx.json was generated by SCIO and it fails to validate at https://tools.spdx.org/app/validate/ See screenshot.

DennisClark

BUG: Improve Package from PurlDB failures

6

## Extracted from https://github.com/aboutcode-org/dejacode/issues/295#issuecomment-2824782627 > Running "Improve Package from PurlDB" fails with duplicate key value violates unique constraint"component_catalog_packag_dataspace_id_type_namesp_c6620419_uniq"DETAIL:Key(dataspace_id,type,namespace,name,version,qualifiers,subpath,download_url,filename)=(3,npm,,parse-json,4.0.0,,,https://registry.npmjs.org/parse-json/-/parse-json-4.0.0.tgz,parse-json-4.0.0.tgz)alreadyexists. since assigning the download_url would make it a fully duplicate package. >...

tdruez

BUG: Improve package from PurlDB fails due to parameter in PURL

12

**Describe the bug** Working with DejaCode in a build of https://github.com/aboutcode-org/dejacode/commit/925d4045897da9d7b3de98b8ff3eda3c75b6833d I noticed that several Python package where not being assigned download URLs when using "Improve Package from PurlDB". The...

rogu-beta

Enhancement request: Trigger `populate_purldb` pipeline in ScanCode.io on SBOM import

1

**Is your enhancement request related to a problem? Please describe.** Currently DejaCode has trouble getting all necessary information for scanning package that have been imported from SBOMs. Most often not...

rogu-beta

Enhancement request: Support adding the VCS and similar URLs from ScanCode.io scan results to packages

1

**Is your enhancement request related to a problem? Please describe.** Currently ScanCode.io already provides information in its scan results, if it finds them, such as: - `homepage_url` - `bug_tracking_url` -...

rogu-beta

BUG: DejaCode scan_single_package for previously failed scans results in bad request

6

**Describe the bug** When DejaCode is tasked with analyzing an SBOM it roughly performs two steps: 1. Create a `load_sbom` pipeline in ScanCode.io and import the packages into the inventory...

rogu-beta

BUG: The scheduled update_vulnerabilities is not properly triggered

1

tdruez

Enhancement request: Automatically create PackageSets for Packages in DejaCode

8

As the volume of Packages and Package Versions is rapidly increasing, the value of a DejaCode Component as a summary record for packages increases accordingly - both as a summary...

mjherzog

**Describe the bug** When importing a particular SBOM created with cdxgen, the `load_sbom` pipeline succeeds according to ScanCode.io, but DejaCode reports issues importing the dependencies. The error message states: `The...

rogu-beta