Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Removes a large set of unused/obsolete helpers and experimental code paths across the codebase (utilities, normalization helpers, VEX/trustscore helpers, and a crowdsourced VEXing prototype), plus small follow-up adjustments where call sites depended on the removed APIs.
Changes:
- Deleted multiple unused packages/functions (e.g., MITRE CWE mirroring code, crowdsourced VEXing prototype, various utils/helpers and their tests).
- Adjusted artifact lookup behavior by switching
MaybeGetArtifactto return a pointer and updating controller call sites accordingly. - Moved a CycloneDX BOM structural comparison helper from production code into tests.
Reviewed changes
Copilot reviewed 37 out of 37 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| vulndb/mitre_service.go | Removes unused MITRE CWE mirroring service implementation. |
| vulndb/cwe_types.go | Removes unused CWE XML-to-model conversion helper. |
| utils/zip.go | Removes unused zip helpers (ReadZipFile, Unzip) and trims imports. |
| utils/timeutils.go | Removes unused JSON marshal/unmarshal for utils.Date. |
| utils/slice.go | Removes unused Some alias helper. |
| utils/map.go | Removes unused CSV reader helper and imports. |
| utils/concurrency.go | Removes unused APIs and simplifies concurrent result access/error collection. |
| utils/common.go | Removes unused pointer helpers and whitespace-list contains helper. |
| utils/common_test.go | Removes tests for deleted whitespace-list contains helper. |
| transformer/vex_rule_transformer.go | Removes unused VEXRuleToDTO wrapper. |
| statemachine/dependency_vuln_statemachine.go | Removes unused VulnSet.Contains. |
| shared/thirdparty_integration.go | Removes unused ExternalEntitySlug helpers; adds pointer-returning MaybeGetArtifact. |
| shared/pubsub.go | Removes unused convenience methods/constructor on SimpleMessage. |
| shared/core.go | Removes unused generic pointer helper Ptr. |
| shared/context_utils.go | Removes old MaybeGetArtifact implementation from context utilities. |
| services/vex_rule_service.go | Removes unused CycloneDX-to-status mapping helper. |
| services/vex_rule_service_test.go | Removes tests for deleted CycloneDX-to-status mapping helper. |
| normalize/sbom_graph.go | Removes BOM structural comparison helper from production code. |
| normalize/sbom_graph_test.go | Reintroduces BOM structural comparison helper within tests and wires usage. |
| normalize/purl.go | Removes unused PURL beautification and qualifier formatting helpers. |
| normalize/purl_test.go | Removes tests for deleted PURL beautification helper. |
| normalize/deep_sort.go | Removes unused expensive deep-sort canonicalization helper. |
| fixedversion/vulnerability_path_analysis_fixed_version_resolver.go | Removes unused package-manager-to-ecosystem mapper. |
| fixedversion/vulnerability_path_analysis_fixed_version_resolver_test.go | Removes tests for deleted mapper. |
| database/types/jsonb.go | Removes unused StringSlice DB interfaces and JSONB helper. |
| database/repositories/project_risk_history_repository.go | Removes unused project risk history repository constructor/methods (leaves struct). |
| database/models/vulnevent_model.go | Removes unused event-type-to-state mapper. |
| database/models/component_model.go | Removes unused dependency map builder and constant. |
| database/models/comment_model.go | Removes redundant TableName() override. |
| crowdsourcevexing/crowdsourced_vexing.go | Deletes unused crowdsourced VEXing prototype implementation. |
| crowdsourcevexing/crowdsourced_vexing_test.go | Deletes tests for the removed crowdsourced VEXing prototype. |
| controllers/helpers.go | Updates artifact-name derivation to handle pointer-returning MaybeGetArtifact. |
| controllers/dependencyfirewall/oci.go | Minor import block whitespace change (needs gofmt). |
| controllers/asset_controller.go | Updates badges endpoint to handle pointer-returning MaybeGetArtifact. |
| cmd/devguard-scanner/commands/intoto/intoto_record.go | Removes unused .gitignore parsing helper. |
| cmd/devguard-scanner/commands/intoto/intoto_record_test.go | Removes tests for deleted .gitignore parsing helper. |
| cmd/devguard-scanner/commands/clean.go | Removes unused wrapper function and calls cosign clean directly. |
| cmd/devguard-scanner/commands/clean_test.go | Updates tests to call cosign clean directly. |
| cmd/devguard-cli/commands/trustscore.go | Removes unused confidence score calculation helper. |
| accesscontrol/members.go | Removes unused organization member fetching helper (functionality exists elsewhere). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.