Skip to content

Commit ec6cca9

Browse files
mcombuechenmcombuechen
committed
refactor: enrich scorecard data through mutation
1 parent 04ba00b commit ec6cca9

File tree

1 file changed

+25
-14
lines changed

1 file changed

+25
-14
lines changed

lib/scorecard/enrich_cyclonedx.go

+25-14
Original file line numberDiff line numberDiff line change
@@ -28,43 +28,54 @@ import (
2828
"github.com/snyk/parlay/lib/ecosystems"
2929
)
3030

31-
func cdxEnrichExternalReference(component cdx.Component, url string, comment string, refType cdx.ExternalReferenceType) cdx.Component {
31+
func cdxEnrichExternalReference(comp *cdx.Component, url, comment string, refType cdx.ExternalReferenceType) {
3232
ext := cdx.ExternalReference{
3333
URL: url,
3434
Comment: comment,
3535
Type: refType,
3636
}
37-
if component.ExternalReferences == nil {
38-
component.ExternalReferences = &[]cdx.ExternalReference{ext}
37+
38+
if comp.ExternalReferences == nil {
39+
comp.ExternalReferences = &[]cdx.ExternalReference{ext}
3940
} else {
40-
*component.ExternalReferences = append(*component.ExternalReferences, ext)
41+
*comp.ExternalReferences = append(*comp.ExternalReferences, ext)
4142
}
42-
return component
4343
}
4444

4545
func enrichCDX(bom *cdx.BOM) {
4646
comps := utils.DiscoverCDXComponents(bom)
47+
4748
wg := sizedwaitgroup.New(20)
49+
4850
for i := range comps {
4951
wg.Add()
5052
go func(component *cdx.Component) {
5153
defer wg.Done()
54+
5255
purl, err := packageurl.FromString(component.PackageURL)
5356
if err != nil {
5457
return
5558
}
59+
5660
resp, err := ecosystems.GetPackageData(purl)
57-
if err == nil && resp.JSON200 != nil && resp.JSON200.RepositoryUrl != nil {
58-
scorecardUrl := strings.ReplaceAll(*resp.JSON200.RepositoryUrl, "https://", "https://api.securityscorecards.dev/projects/")
59-
response, err := http.Get(scorecardUrl)
60-
if err == nil {
61-
defer response.Body.Close()
62-
if response.StatusCode == http.StatusOK {
63-
*component = cdxEnrichExternalReference(*component, scorecardUrl, "OpenSSF Scorecard", cdx.ERTypeOther)
64-
}
65-
}
61+
if err != nil {
62+
return
6663
}
64+
65+
if resp.JSON200 == nil || resp.JSON200.RepositoryUrl == nil {
66+
return
67+
}
68+
69+
scorecardUrl := strings.ReplaceAll(*resp.JSON200.RepositoryUrl, "https://", "https://api.securityscorecards.dev/projects/")
70+
response, err := http.Get(scorecardUrl)
71+
response.Body.Close()
72+
if err != nil || response.StatusCode != http.StatusOK {
73+
return
74+
}
75+
76+
cdxEnrichExternalReference(component, scorecardUrl, "OpenSSF Scorecard", cdx.ERTypeOther)
6777
}(comps[i])
6878
}
79+
6980
wg.Wait()
7081
}

0 commit comments

Comments
 (0)