Skip to content

844 license risks#878

Merged
timbastin merged 19 commits into
mainfrom
844-license-risks
Jul 25, 2025
Merged

844 license risks#878
timbastin merged 19 commits into
mainfrom
844-license-risks

Conversation

@Hubtrick-Git
Copy link
Copy Markdown
Collaborator

@Hubtrick-Git Hubtrick-Git commented Jul 12, 2025
edited
Loading

Added license risk table to the database
Dependency Vuln Scans now automatically check each dependency if they have a valid license
Added endpoints to interact with License Risks just like dependency-/firstParty-Vulns
On-top a user can manually set a final license
Wrote some simple test to test helper functions

@Hubtrick-Git Hubtrick-Git linked an issue Jul 12, 2025 that may be closed by this pull request
License-Risks #844
Closed
@Hubtrick-Git
Copy link
Copy Markdown
Collaborator Author

Hubtrick-Git commented Jul 12, 2025

Do we also need to include the scanner ids in the Calculate hash function since, the super key is technically assetID, assetVersionName, pURL and scanner ID since the same component in the same assetVersion can be found by multiple scanner leading to duplicate vulnIDs?

@Hubtrick-Git
Copy link
Copy Markdown
Collaborator Author

Hubtrick-Git commented Jul 12, 2025

did not yet merge with main, makes the code review probably easier and there is yet again a problem with go embed in the asset version controller

@Hubtrick-Git Hubtrick-Git marked this pull request as ready for review July 14, 2025 07:50
@timbastin
Copy link
Copy Markdown
Member

timbastin commented Jul 23, 2025

I think this should work now - would be great to have a test for it...

timbastin
timbastin reviewed Jul 23, 2025
View reviewed changes
Comment thread cmd/devguard/api/api.go Outdated
@timbastin timbastin merged commit dda532d into main Jul 25, 2025
1 check passed
@timbastin timbastin deleted the 844-license-risks branch July 25, 2025 11:55
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jul 25, 2025

Merging this branch changes the coverage (6 decrease, 4 increase)

Impacted Packages Coverage Δ 🤖
github.com/l3montree-dev/devguard/cmd/devguard-cli/commands 0.00% (ø)
github.com/l3montree-dev/devguard/cmd/devguard/api 12.89% (-0.22%) 👎
github.com/l3montree-dev/devguard/internal/core 4.95% (-0.14%) 👎
github.com/l3montree-dev/devguard/internal/core/assetversion 26.16% (+0.14%) 👍
github.com/l3montree-dev/devguard/internal/core/component 57.81% (+25.76%) 🌟
github.com/l3montree-dev/devguard/internal/core/daemon 44.76% (+0.19%) 👍
github.com/l3montree-dev/devguard/internal/core/integrations/githubint 17.99% (-0.35%) 👎
github.com/l3montree-dev/devguard/internal/core/integrations/gitlabint 12.89% (+0.07%) 👍
github.com/l3montree-dev/devguard/internal/core/vuln 7.92% (-2.96%) 👎
github.com/l3montree-dev/devguard/internal/core/vulndb/scan 40.45% (ø)
github.com/l3montree-dev/devguard/internal/database/models 53.14% (-0.85%) 👎
github.com/l3montree-dev/devguard/internal/database/repositories 1.45% (-0.04%) 👎
github.com/l3montree-dev/devguard/internal/inithelper 0.00% (ø)
github.com/l3montree-dev/devguard/mocks 0.00% (ø)
Coverage by file

Changed files (no unit tests)

Changed File Coverage Δ Total Covered Missed 🤖
github.com/l3montree-dev/devguard/cmd/devguard-cli/commands/components.go 0.00% (ø) 44 (+1) 0 44 (+1)
github.com/l3montree-dev/devguard/cmd/devguard/api/api.go 12.89% (-0.22%) 357 (+6) 46 311 (+6) 👎
github.com/l3montree-dev/devguard/internal/core/assetversion/asset_version_controller.go 7.30% (ø) 233 17 216
github.com/l3montree-dev/devguard/internal/core/assetversion/asset_version_service.go 26.63% (ø) 383 102 281
github.com/l3montree-dev/devguard/internal/core/common_interfaces.go 0.00% (ø) 0 0 0
github.com/l3montree-dev/devguard/internal/core/component/component_controller.go 0.00% (ø) 34 (-1) 0 34 (-1)
github.com/l3montree-dev/devguard/internal/core/component/component_service.go 79.31% (+25.74%) 87 (+3) 69 (+24) 18 (-21) 🌟
github.com/l3montree-dev/devguard/internal/core/component/license_overwrite_controller.go 0.00% (ø) 0 (-30) 0 0 (-30)
github.com/l3montree-dev/devguard/internal/core/context_utils.go 5.58% (-0.18%) 197 (+6) 11 186 (+6) 👎
github.com/l3montree-dev/devguard/internal/core/daemon/deps_dev_daemon.go 0.00% (ø) 14 (+1) 0 14 (+1)
github.com/l3montree-dev/devguard/internal/core/daemon/scan_daemon.go 83.33% (+0.48%) 72 (+2) 60 (+2) 12 👍
github.com/l3montree-dev/devguard/internal/core/integrations/githubint/github_integration.go 20.53% (-0.45%) 419 (+9) 86 333 (+9) 👎
github.com/l3montree-dev/devguard/internal/core/integrations/gitlabint/gitlab_handle_event.go 0.00% (ø) 78 (+8) 0 78 (+8)
github.com/l3montree-dev/devguard/internal/core/integrations/gitlabint/gitlab_integration.go 13.41% (+0.33%) 522 (+2) 70 (+2) 452 👍
github.com/l3montree-dev/devguard/internal/core/vuln/dependency_vuln_service.go 8.02% (ø) 162 13 149
github.com/l3montree-dev/devguard/internal/core/vuln/first_party_vuln_controller.go 0.00% (ø) 97 0 97
github.com/l3montree-dev/devguard/internal/core/vuln/first_party_vuln_dto.go 0.00% (ø) 1 0 1
github.com/l3montree-dev/devguard/internal/core/vuln/license_risk_controller.go 0.00% (ø) 99 (+99) 0 99 (+99)
github.com/l3montree-dev/devguard/internal/core/vuln/license_risk_dto.go 0.00% (ø) 1 (+1) 0 1 (+1)
github.com/l3montree-dev/devguard/internal/core/vuln/license_risk_service.go 1.23% (+1.23%) 81 (+81) 1 (+1) 80 (+80) 👍
github.com/l3montree-dev/devguard/internal/database/models/license_overwrite_model.go 0.00% (ø) 0 (-1) 0 0 (-1)
github.com/l3montree-dev/devguard/internal/database/models/license_risk_model.go 0.00% (ø) 7 (+7) 0 7 (+7)
github.com/l3montree-dev/devguard/internal/database/models/vulnevent_model.go 35.11% (ø) 94 33 61
github.com/l3montree-dev/devguard/internal/database/repositories/component_repository.go 0.00% (ø) 142 0 142
github.com/l3montree-dev/devguard/internal/database/repositories/license_overwrite_repository.go 0.00% (ø) 0 (-15) 0 0 (-15)
github.com/l3montree-dev/devguard/internal/database/repositories/license_risk_repository.go 0.00% (ø) 54 (+54) 0 54 (+54)
github.com/l3montree-dev/devguard/internal/inithelper/intialize_modules.go 0.00% (ø) 9 (+1) 0 9 (+1)
github.com/l3montree-dev/devguard/mocks/mock_ComponentRepository.go 0.00% (ø) 0 0 0
github.com/l3montree-dev/devguard/mocks/mock_ComponentService.go 0.00% (ø) 0 0 0
github.com/l3montree-dev/devguard/mocks/mock_LicenseOverwriteRepository.go 0.00% (ø) 0 0 0
github.com/l3montree-dev/devguard/mocks/mock_LicenseRiskRepository.go 0.00% (ø) 0 0 0
github.com/l3montree-dev/devguard/mocks/mock_LicenseRiskService.go 0.00% (ø) 0 0 0
github.com/l3montree-dev/devguard/mocks/mock_StatisticsService.go 0.00% (ø) 0 0 0

Please note that the "Total", "Covered", and "Missed" counts above refer to code statements instead of lines of code. The value in brackets refers to the test coverage of that file in the old version of the code.

Changed unit test files

  • github.com/l3montree-dev/devguard/internal/core/component/component_service_integration_test.go
  • github.com/l3montree-dev/devguard/internal/core/component/component_service_test.go
  • github.com/l3montree-dev/devguard/internal/core/vulndb/scan/scan_integration_test.go

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@timbastin timbastin timbastin approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

License-Risks

2 participants

@Hubtrick-Git @timbastin