This is an automated email from the ASF dual-hosted git repository.
sbp pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-release.git
The following commit(s) were added to refs/heads/main by this push:
new d69a4d9 Add checks for outdated plugins to the UI
d69a4d9 is described below
commit d69a4d92db592695c1247459abf87b9be3c353e8
Author: Sean B. Palmer <[email protected]>
AuthorDate: Mon Sep 1 17:13:24 2025 +0100
Add checks for outdated plugins to the UI
---
atr/models/results.py | 1 +
atr/routes/sbom.py | 25 +++++++++++++++++++++++--
atr/tasks/sbom.py | 2 ++
3 files changed, 26 insertions(+), 2 deletions(-)
diff --git a/atr/models/results.py b/atr/models/results.py
index 065043e..f069bb2 100644
--- a/atr/models/results.py
+++ b/atr/models/results.py
@@ -104,6 +104,7 @@ class SBOMToolScore(schema.Strict):
file_path: str = schema.description("Relative path to the scored SBOM
file")
warnings: list[str] = schema.description("Warnings from the SBOM tool")
errors: list[str] = schema.description("Errors from the SBOM tool")
+ outdated: str | None = schema.description("Outdated tool from the SBOM
tool")
class SvnImportFiles(schema.Strict):
diff --git a/atr/routes/sbom.py b/atr/routes/sbom.py
index befa143..5a5418c 100644
--- a/atr/routes/sbom.py
+++ b/atr/routes/sbom.py
@@ -111,6 +111,7 @@ async def report(session: routes.CommitterSession, project:
str, version: str, f
await session.release(project, version)
async with db.session() as data:
via = sql.validate_instrumented_attribute
+ # TODO: Abstract this code and the sbomtool.MissingAdapter validators
tasks = (
await data.task(
project_name=project,
@@ -140,8 +141,8 @@ async def report(session: routes.CommitterSession, project:
str, version: str, f
block.p[
"""This is a report by the sbomtool, for debugging and
informational purposes. Please use it only as an approximate
- guideline to the quality of your SBOM file. It currently
- checks for NTIA 2021 minimum data field conformance."""
+ guideline to the quality of your SBOM file. It checks for NTIA 2021
+ minimum data field conformance."""
]
block.p["This report is for revision ",
htpy.code[task_result.revision_number], "."]
@@ -174,6 +175,26 @@ async def report(session: routes.CommitterSession,
project: str, version: str, f
block.h2["Results"]
block.p["No NTIA 2021 minimum data field conformance warnings or
errors found."]
+ outdated = None
+ if task_result.outdated:
+ outdated =
sbomtool.OutdatedAdapter.validate_python(json.loads(task_result.outdated))
+ block.h2["Outdated tool"]
+ if outdated:
+ if outdated.kind == "tool":
+ block.p[
+ f"""The CycloneDX Maven Plugin is outdated. The used version is
+ {outdated.used_version} and the available version is
+ {outdated.available_version}."""
+ ]
+ else:
+ block.p[
+ f"""There was a problem with the SBOM detected when trying to
+ determine if the CycloneDX Maven Plugin is outdated:
+ {outdated.kind.upper()}."""
+ ]
+ else:
+ block.p["No outdated tool found."]
+
return await template.blank("SBOM report", content=block.collect())
diff --git a/atr/tasks/sbom.py b/atr/tasks/sbom.py
index 215c75d..45db7b5 100644
--- a/atr/tasks/sbom.py
+++ b/atr/tasks/sbom.py
@@ -168,6 +168,7 @@ async def score_tool(args: FileArgs) -> results.Results |
None:
raise SBOMScoringError("SBOM file does not exist", {"file_path":
args.file_path})
bundle = sbomtool.path_to_bundle(pathlib.Path(full_path))
warnings, errors = sbomtool.ntia_2021_conformance_issues(bundle.bom)
+ outdated = sbomtool.maven_plugin_outdated_version(bundle.bom)
return results.SBOMToolScore(
kind="sbom_tool_score",
project_name=args.project_name,
@@ -176,6 +177,7 @@ async def score_tool(args: FileArgs) -> results.Results |
None:
file_path=args.file_path,
warnings=[w.model_dump_json() for w in warnings],
errors=[e.model_dump_json() for e in errors],
+ outdated=outdated.model_dump_json() if outdated else None,
)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
