Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
restlessmonkey
@restlessmonkey
Hi - I'm looking for some example Python code to read JSON SBOMs. Is there such a thing in this group?
Steven Esser
@steven-esser
@DarthHater PR merged and new version v0.0.6 of packageurl-js published to NPM. Thanks for the contribution!
Philippe Ombredanne
@pombredanne
:heart:
@restlessmonkey did you mean a CycloneDX or SPDX SBOM?
if yes, that likely to be more something for each respective project :)
Paul Horton
@madpah
Hey All - I raised an Issue package-url/packageurl-python#65 a bit ago - are you open to a PR that types the Python packageurl library?
Paul Horton
@madpah
And secondly, do you want a hand generally with the packageurl-python project?
Philippe Ombredanne
@pombredanne
@madpah Hey :)
@madpah I guess that can OK for such a small library ... but what are the actual benefits of string typing? I am always wondering abou this

And secondly, do you want a hand generally with the packageurl-python project?

Yes! of course

Jeffry Hesse
@DarthHater
Hi hello!!! @steven-esser @pombredanne a colleague at Sonatype is playing with purls and discovered a couple issues (or what he perceives as issues), so here I am with some PRs for you: package-url/packageurl-go#32 (first so far, golang purl lib, seems to be missing the test-suite-json?)
There are a couple test failures, and I think they are valid best I can SORT of tell
Jeffry Hesse
@DarthHater
Ok @steven-esser @pombredanne (and I suppose my friend in SBOMs, @stevespringett ), fixed the test failures and added the test data in on: package-url/packageurl-go#32
Philippe Ombredanne
@pombredanne
@DarthHater awesome!
let me check this over the we
Jeffry Hesse
@DarthHater
No problem buddy!
I'll probably have a couple other tiny PRs too, just to help us use it
Philippe Ombredanne
@pombredanne
@DarthHater even more awesome :bow:
Paul Horton
@madpah

Hey @pombredanne - re PEP-561 typing (and beyond the official Rationale), we had a few downstream folk request us type the CycloneDX Python LIb as they had tools like mypy in their CI processes and it caused extra work (headaches) for them to deal with un-typed dependencies.

tldr: Hygiene I guess?

Re: help @pombredanne - is this the best place to talk specifically about the Python library?
Philippe Ombredanne
@pombredanne
@madpah sure thing
@madpah I feel that typed Python is another language at times and not my Python :P
but I can live with it as long as we are still supporting Python 3.6+ for now
so please go for it :+1:
Paul Horton
@madpah
Sure @pombredanne - will look at a PR then for typing a’la PEP-561
What CI is actually used for package-url Python @pombredanne ? It’s not clear from the repo?
Philippe Ombredanne
@pombredanne
@madpah I am ashamed
The CI seem to be gone entirely :)
Paul Horton
@madpah
Oh dear. Any objection to me getting GitHub Actions or Circle CI up and running for it?
Philippe Ombredanne
@pombredanne
I will merge in a skeleton I use elsewhere with a decent CI setup and enable Azure + Appveyor at least
Paul Horton
@madpah
Sure - whatever you prefer.
Philippe Ombredanne
@pombredanne

Oh dear. Any objection to me getting GitHub Actions or Circle CI up and running for it?

@madpah perfect too

@madpah please go for it :)
Paul Horton
@madpah
Will do @pombredanne
Might need to get some permissions on the main https://github.com/package-url/packageurl-python repo @pombredanne
Philippe Ombredanne
@pombredanne
@madpah unrelated I think you found some use for https://github.com/nexB/pip-requirements-parser in some CycloneDX lib of yours and this sia wesome
Paul Horton
@madpah
We did @pombredanne !
Philippe Ombredanne
@pombredanne
@madpah Let me give you some access as you need. I guess you can be trusted as a committer?
@madpah done :)
1 reply
Jeffry Hesse
@DarthHater
Dang Paul got commit rights before me?!?!
DarthHater @DarthHater shakes fist at air
Paul Horton
@madpah
lol @DarthHater
Paul Horton
@madpah
@pombredanne PR for enabling GitHub Actions is with you for review (merging is blocked for me until 1 approver :-))
Tory Clasen
@tclasen

Anyone know why the python package isn't letting me get a url from a purl?

@app.command()
def get(purl: str):
    parsed = PackageURL.from_string(purl)
    typer.echo(f"Grabbing {parsed}")
    typer.echo("A", purl2url.get_url(purl))
    typer.echo("B", purl2url.get_url(parsed.to_string()))
    typer.echo("C", purl2url.get_url(str(parsed)))
    typer.echo("D", purl2url.get_url(parsed.to_string()))

For this I've tried the two following PURLs:

And for both of them I successfully parse and can print the purl, but the A, B, C, D echos after that are all empty (but don't crash).

Philippe Ombredanne
@pombredanne
It should be reasonably straightforward using tidbits of code from https://github.com/nexB/fetchcode/blob/master/src/fetchcode/package.py and the expansive set in https://github.com/nexB/scancode-toolkit/tree/develop/src/packagedcode
@tclasen can I interest you in contributing these?
@TG1999 ^ ping
@tclasen please start with an issue
Tushar Goel
@TG1999
@pombredanne ack
Jeffry Hesse
@DarthHater
@pombredanne any chance you are gonna check this out soonish? package-url/packageurl-go#32 (coworker is demoing something that relies on it right now, hence asking)