Skip to content

Commit 5f10119

Browse files
jasonhills-mongodbjasonhills-mongodb
committed
Improve context_type tracking
1 parent dc18657 commit 5f10119

File tree

1 file changed

+20
-4
lines changed

1 file changed

+20
-4
lines changed

etc/sbom/endorctl_utils.py

Lines changed: 20 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -56,10 +56,21 @@ class EndorContextType(Enum):
5656

5757
# Objects from a scan of the default branch. All objects in the OSS namespace are in the main context. The context ID is always default.
5858
MAIN = "CONTEXT_TYPE_MAIN"
59+
CONTEXT_TYPE_MAIN = "CONTEXT_TYPE_MAIN"
5960
# Objects from a scan of a specific branch. The context ID is the branch reference name.
6061
REF = "CONTEXT_TYPE_REF"
62+
CONTEXT_TYPE_REF = "CONTEXT_TYPE_REF"
6163
# Objects from a PR scan. The context ID is the PR UUID. Objects in this context are deleted after 30 days.
6264
CI_RUN = "CONTEXT_TYPE_CI_RUN"
65+
CONTEXT_TYPE_CI_RUN = "CONTEXT_TYPE_CI_RUN"
66+
# Objects from an SBOM scan. The context ID is the SBOM serial number or some other unique identifier.
67+
SBOM = "CONTEXT_TYPE_SBOM"
68+
CONTEXT_TYPE_SBOM = "CONTEXT_TYPE_SBOM"
69+
# Indicates that this object is a copy/temporary value of an object in another project. Used for same-tenant dependencies.
70+
# In source code reference this is equivalent to “vendor” folders. Package versions in the external context are only scanned for call
71+
# graphs. No other operations are performed on them.
72+
EXTERNAL = "CONTEXT_TYPE_EXTERNAL"
73+
CONTEXT_TYPE_EXTERNAL = "CONTEXT_TYPE_EXTERNAL"
6374

6475

6576
class EndorFilter:
@@ -78,8 +89,12 @@ def _base_filters(self):
7889

7990
return base_filters
8091

81-
def repository_version(self, project_uuid=None, sha=None, ref=None):
92+
def repository_version(self, project_uuid=None, sha=None, ref=None, context_type:EndorContextType=None, context_type_exclude:EndorContextType=None):
8293
filters = self._base_filters()
94+
if context_type:
95+
filters.append(f"context.type=={context_type.value}")
96+
if context_type_exclude:
97+
filters.append(f"context.type!={context_type_exclude.value}")
8398
if project_uuid:
8499
filters.append(f"meta.parent_uuid=={project_uuid}")
85100
if sha:
@@ -428,8 +443,9 @@ def get_sbom_for_branch(self, git_url: str, branch: str) -> dict:
428443
app_name = project["spec"]["git"]["full_name"]
429444

430445
# RepositoryVersion: get the context for the latest branch scan
431-
filter_str = endor_filter.repository_version(project_uuid, ref=branch)
446+
filter_str = endor_filter.repository_version(project_uuid, ref=branch, context_type_exclude=EndorContextType.CI_RUN)
432447
repository_version = self.get_repository_version(filter_str)
448+
repository_version_context_type = EndorContextType[repository_version["context"]["type"]]
433449
repository_version_uuid = repository_version["uuid"]
434450
repository_version_ref = repository_version["spec"]["version"]["ref"]
435451
repository_version_sha = repository_version["spec"]["version"]["sha"]
@@ -441,13 +457,13 @@ def get_sbom_for_branch(self, git_url: str, branch: str) -> dict:
441457

442458
# ScanResult: search for a completed scan
443459
filter_str = endor_filter.scan_result(
444-
EndorContextType.MAIN, project_uuid, repository_version_ref, repository_version_sha
460+
repository_version_context_type, project_uuid, repository_version_ref, repository_version_sha
445461
)
446462
scan_result = self.get_scan_result(filter_str, retry=False)
447463
project_uuid = scan_result["meta"]["parent_uuid"]
448464

449465
# PackageVersions: get package versions for SBOM
450-
if branch == "master":
466+
if branch in ["master","main"]:
451467
context_type = EndorContextType.MAIN
452468
context_id = "default"
453469
else:

0 commit comments

Comments
 (0)