refactor: Decoupling Project Analysis from Risk Score Check #12
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 5 commits
February 1, 2024 13:43
nvima
changed the title
Khartris
reviewed
Feb 1, 2024
|
|
||
| - `url`: Dependency Track API URL | ||
| - `apiKey`: Dependency Track API KEY | ||
| - `projectUUID`: *Optional* - You need to set UUID or projectName and projectVersion |
There was a problem hiding this comment.
Is the logic here UUID || (projectName && projectVersion) or is it (UUID && projectVersion) || (projectName && projectVersion)?
There was a problem hiding this comment.
It's "UUID || (projectName && projectVersion)"
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request introduces a significant structural improvement to the Dependency Track plugin by decoupling the project analysis process from the risk score check. Previously, these two functionalities were bundled together in a single task, leading to inefficiencies and the need for timeouts due to the time Dependency Track takes to analyze projects.
Key changes in this update include:
Introduction of analyzeProject Task: A new, standalone task that exclusively handles the analysis of projects. This task allows for more precise control over when and how project analysis is triggered, especially useful for projects initially created as inactive.
Refinement of Risk Score Check: The risk score check functionality has been isolated into its own task, eliminating the need for timeouts and streamlining the process. This change allows for the risk score check to be integrated at a later stage in the pipeline, such as post end-to-end testing, enhancing the overall workflow efficiency.
Updated runDepTrackWorkflow Task: The runDepTrackWorkflow task no longer includes the risk score check. Users who prefer the comprehensive workflow must now explicitly invoke the riskScore task alongside runDepTrackWorkflow.
This pull request introduces a breaking change for users who rely solely on the runDepTrackWorkflow task for risk score assessment. To adapt to this change, such users will need to include the riskScore task in their pipeline explicitly.
The aim of these changes is to offer users more flexibility and control over their CI/CD pipelines, ensuring each task within the Dependency Track plugin is purpose-driven and efficiently executed.