-
Jamie Tanna authored
Right now, we consume Package URLs (pURLs) for SBOM datasources, and have the ability to derive the pURL for a Renovate dependency but it's not persisted, and is only used when performing lookups to systems that require a pURL, or for `renovate-to-sbom`. To make this data available for other use-cases, we can derive the `package_type` and `package_url` as part of an import of Renovate data and then store it in the database. As this is derived, this is likely to be subtly wrong for some types, so we'll look at improving them as-and-when we discover incorrect categorisation. This also requires refactoring the parameter to `newRenovateDependenciesQuery` as it's no longer getting a full Renovate row, as we don't query the `package_type` or `package_url`. Closes #436, and a step towards #446.
Jamie Tanna authoredRight now, we consume Package URLs (pURLs) for SBOM datasources, and have the ability to derive the pURL for a Renovate dependency but it's not persisted, and is only used when performing lookups to systems that require a pURL, or for `renovate-to-sbom`. To make this data available for other use-cases, we can derive the `package_type` and `package_url` as part of an import of Renovate data and then store it in the database. As this is derived, this is likely to be subtly wrong for some types, so we'll look at improving them as-and-when we discover incorrect categorisation. This also requires refactoring the parameter to `newRenovateDependenciesQuery` as it's no longer getting a full Renovate row, as we don't query the `package_type` or `package_url`. Closes #436, and a step towards #446.
Code owners
Assign users and groups as approvers for specific file changes. Learn more.