Merge pull request #94 from ruromero/multisource

feat!: update data model for multi-source

README.md

@@ -79,19 +79,29 @@ in order to retrieve just a Summary. Use the `verbose=false` Query parameter to
 $ http :8080/api/v3/analysis Content-Type:"application/vnd.cyclonedx+json" Accept:"application/json" @'target/sbom.json' verbose==false
 
 {
-    "dependencies": [],
-    "summary": {
-        "dependencies": {
-            "scanned": 11,
-            "transitive": 217
-        },
-        "vulnerabilities": {
-            "critical": 1,
-            "direct": 6,
-            "high": 4,
-            "low": 5,
-            "medium": 10,
-            "total": 20
+    "snyk": {
+        "status": {
+            "name": "snyk",
+            "code": 200,
+            "message": "OK",
+            "ok": true
+        }
+        "dependencies": [
+            ...
+        ],
+        "summary": {
+            "dependencies": {
+                "scanned": 11,
+                "transitive": 217
+            },
+            "vulnerabilities": {
+                "critical": 1,
+                "direct": 6,
+                "high": 4,
+                "low": 5,
+                "medium": 10,
+                "total": 20
+            }
         }
     }
 }
@@ -154,23 +164,28 @@ Content-Type: application/json
 Content-Transfer-Encoding: binary
 
 {
-    "summary": {
-        "dependencies": {
-            ...
-        },
-        "vulnerabilities": {
+    "snyk": {
+        "status": {
             ...
         }
-    },
-    "dependencies": [
-        {
-        "ref": {
-            "name": "log4j:log4j",
-            "version": "1.2.17"
+        "summary": {
+            "dependencies": {
+            ...
+            },
+            "vulnerabilities": {
+            ...
+            }
         },
-        ...
-        }
-    ]
+        "dependencies": [
+            {
+            "ref": {
+                "name": "log4j:log4j",
+                "version": "1.2.17"
+            },
+            ...
+            }
+        ]
+    }
 }
 ------=_Part_2_2047647971.1682593849895
 Content-Type: text/html

api-spec/v3/openapi.yaml

@@ -46,23 +46,23 @@ paths:
             schema:
               type: object
       responses:
-        '200':
+        200:
           description: Full dependency analysis from all the available providers
           content:
             application/json:
               schema:
                 $ref: '#/components/schemas/AnalysisReport'
             text/html:
               schema:
-                type: object
+                type: string
             multipart/mixed:
               schema:
                 type: object
                 properties:
                   json_report:
-                    $ref: '#/components/schemas/AnalysisReport'
-                  html_report:
                     type: object
+                  html_report:
+                    type: string
         '422':
           description: Invalid request
           content:
@@ -132,13 +132,17 @@ components:
   schemas:
     AnalysisReport:
       type: object
-      properties:
-        summary:
-          $ref: '#/components/schemas/Summary'
-        dependencies:
-          type: array
-          items:
-            $ref: '#/components/schemas/DependencyReport'
+      additionalProperties:
+        type: object
+        properties:
+          status:
+            $ref: '#/components/schemas/ProviderStatus'
+          summary:
+            $ref: '#/components/schemas/Summary'
+          dependencies:
+            type: array
+            items:
+              $ref: '#/components/schemas/DependencyReport'
     PackageRef:
       type: object
       description: PackageURL used to identify a dependency artifact
@@ -173,7 +177,6 @@ components:
         issues:
           - id: SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426
             title: Denial of Service (DoS)
-            source: snyk
             cvss:
               attackVector: Network
               attackComplexity: High
@@ -196,7 +199,6 @@ components:
             issues:
               - id: SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426
                 title: Denial of Service (DoS)
-                source: snyk
                 cvss:
                   attackVector: Network
                   attackComplexity: High
@@ -233,8 +235,6 @@ components:
           type: string
         title:
           type: string
-        source:
-          type: string
         cvss:
           $ref: '#/components/schemas/CvssVector'
         cvssScore:
@@ -252,7 +252,6 @@ components:
       example:
         id: SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426
         title: Denial of Service (DoS)
-        source: snyk
         cvss:
           attackVector: Network
           attackComplexity: High
@@ -291,7 +290,6 @@ components:
         issues:
           - id: SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426
             title: Denial of Service (DoS)
-            source: snyk
             cvss:
               attackVector: Network
               attackComplexity: High
@@ -329,10 +327,6 @@ components:
           $ref: '#/components/schemas/DependenciesSummary'
         vulnerabilities:
           $ref: '#/components/schemas/VulnerabilitiesSummary'
-        providerStatuses:
-          type: array
-          items:
-              $ref: '#/components/schemas/ProviderStatus'
     DependenciesSummary:
       type: object
       properties:
@@ -360,9 +354,9 @@ components:
       properties:
         ok:
           type: boolean
-        provider:
+        name:
           type: string
-        status:
+        code:
           type: integer
         message:
           type: string

pom.xml

@@ -334,9 +334,10 @@
               <generateModelTests>false</generateModelTests>
               <generateModelDocumentation>false</generateModelDocumentation>
               <generateApiTests>false</generateApiTests>
+              <generateAliasAsModel>true</generateAliasAsModel>
               <addCompileSourceRoot>false</addCompileSourceRoot>
               <addTestCompileSourceRoot>false</addTestCompileSourceRoot>
-              <inlineSchemaNameMappings>analysis_200_response=AnalysisResponse</inlineSchemaNameMappings>
+              <inlineSchemaNameMappings>analysis_200_response=MultipartResponse,analysis_report_value=ProviderReport</inlineSchemaNameMappings>
               <schemaMappings>PackageRef=com.redhat.exhort.api.PackageRef</schemaMappings>
             </configuration>
           </execution>

src/main/docker/Dockerfile.multi-stage

@@ -1,8 +1,10 @@
 ## Stage 1 : build with maven builder image with native capabilities
-FROM quay.io/quarkus/ubi-quarkus-mandrel-builder-image:22.3-java17 AS build
+FROM quay.io/quarkus/ubi-quarkus-mandrel-builder-image:jdk-17 AS build
 COPY --chown=quarkus:quarkus mvnw /code/mvnw
 COPY --chown=quarkus:quarkus .mvn /code/.mvn
 COPY --chown=quarkus:quarkus pom.xml /code/
+COPY --chown=quarkus:quarkus api-spec /code/api-spec
+
 USER quarkus
 WORKDIR /code
 RUN ./mvnw -B org.apache.maven.plugins:maven-dependency-plugin:3.1.2:go-offline

src/main/java/com/redhat/exhort/integration/Constants.java

@@ -57,6 +57,7 @@ private Constants() {}
   public static final String PKG_MANAGER_PROPERTY = "pkgManager";
   public static final String REQUEST_CONTENT_PROPERTY = "requestContent";
   public static final String REPORT_PROPERTY = "report";
+  public static final String DEPENDENCY_TREE_PROPERTY = "dependencyTree";
   public static final String PROVIDER_PRIVATE_DATA_PROPERTY = "providerPrivateData";
   public static final String RESPONSE_STATUS_PROPERTY = "responseStatus";