Native jar parsing #833
Merged
Native jar parsing #833
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
prabhu
added a commit
that referenced
this pull request
Jan 28, 2024
* Native jar parsing Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Reduce build artefacts Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Update maven plugin Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * deno tests Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> --------- Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
prabhu
added a commit
that referenced
this pull request
Jan 29, 2024
* Switch to java 21, node >= 20 (#816) * Switch to java 21, node >= 20 Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Use temurin Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * update atom Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> --------- Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Rebase from master Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * deno improvements (#832) * Switch to java 21, node >= 20 (#816) Prettier fixes Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> Test fixes Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> Enable deno lint Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Update workflow Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> --------- Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Native jar parsing (#833) * Native jar parsing Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Reduce build artefacts Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Update maven plugin Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * deno tests Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> --------- Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Feature/cross plat builds (#836) * Use matrix strategy to build native exes Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> --------- Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Remove xml format (#837) * Lint fixes Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Remove xml generation support Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> --------- Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Lint fix (#831) Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Include git metadata under formulation (#839) * Include git metadata under formulation Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * 1.4 fixes Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * git.js was matching git on windows and causing infinite loop :) Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> --------- Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Update java version Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * [cbom] OS crypto libraries (#842) * cbom os queries Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Capture crypto libs under formulation Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Support for < 1.6 for cryptographic asset Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> --------- Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Publish images from release branches Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Feature/v10 tweaks (#844) * Use package instead of name for portage Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Flatpak wip Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> --------- Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * dotnet dependency tree was getting lost without the type (#847) Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Fixes #848 in v10 (#850) Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Collect build context under formulation (#851) * Temp commit Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Collect build tools information Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * disable flaky test Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> --------- Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Ignore additional types during tar extraction (#853) * Ignore additional types during tar extraction Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Handle maven search timeout Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> --------- Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> --------- Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In deep mode, cdxgen was repeatedly invoking the
jar -tfcommand to catalog the entries in a jar file. This approach proved to be both slow and error-prone since the jar command may not be available in certain runtime-only installations.This PR replaces the jar invocation with a native zip read operation, which looks significantly faster, especially while creating SBOM with evidence for large Java codebases.
We can backport this to 9.x, if there is any demand from evinse users.