Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: rather than have a hard max recursive depth - syft should detect parent pom cycles #2284

Closed
spiffcs opened this issue Nov 2, 2023 · 2 comments · Fixed by #2769
Closed

feat: rather than have a hard max recursive depth - syft should detect parent pom cycles #2284

spiffcs opened this issue Nov 2, 2023 · 2 comments · Fixed by #2769
Assignees
@kzantow

Comments

@spiffcs
Copy link
Contributor

spiffcs commented Nov 2, 2023

What would you like to be added:
Syft currently has a hard coded cut off for max recursive depth for searching for a parent pom. There is some room where the code could be written to detect cycles, but it was unclear at the time of writing the pom parent look up if that cycles can be exited in this way.

Why is this needed:
More options of searching maven for pom documents with the correct information

Additional context:
#2274 (comment)
@spiffcs spiffcs added the enhancement New feature or request label Nov 2, 2023
@spiffcs spiffcs mentioned this issue Nov 2, 2023
Merged
@ddzzj ddzzj mentioned this issue Nov 27, 2023
Open
@stnert stnert mentioned this issue Nov 28, 2023
Open
@ekmixon ekmixon mentioned this issue Nov 28, 2023
Open
@kzantow kzantow self-assigned this Jul 30, 2024
@kzantow kzantow added this to OSS Jul 30, 2024
@kzantow kzantow moved this to In Review in OSS Jul 30, 2024
@kzantow kzantow linked a pull request Jul 30, 2024 that will close this issue
Feature improved java cataloging #2769
Merged
@kzantow
Copy link
Contributor

kzantow commented Jul 30, 2024

Hey @spiffcs -- #2769 will sorta fix this, but there still is a relatively large parent depth of 10 by default. Do you think we should get rid of the depth altogether? Either way, we need to leave the parameter for backwards compatiblity, I think, until Syft 2.0.

@kzantow
Copy link
Contributor

kzantow commented Jul 31, 2024

Actually, I revisited this behavior in #2769 and disabled the depth check by default, since the code was already checking for cycles, so I think this can be considered fixed by that PR.

@spiffcs spiffcs closed this as completed Aug 1, 2024
@github-project-automation github-project-automation bot moved this from In Review to Done in OSS Aug 1, 2024
@kzantow kzantow removed the enhancement New feature or request label Aug 8, 2024
@BrewTestBot BrewTestBot mentioned this issue Aug 9, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kzantow kzantow

Labels
None yet
Projects
OSS
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Feature improved java cataloging GijsCalis/syft
2 participants
@kzantow @spiffcs