(tooling-trusted-release) branch main updated: Make the plugin search broader

sbp Tue, 02 Sep 2025 20:44:10 -0700

This is an automated email from the ASF dual-hosted git repository.

sbp pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-release.git



The following commit(s) were added to refs/heads/main by this push:
     new d332385  Make the plugin search broader
d332385 is described below

commit d332385f4adcb806f090d0b1291a41a497b0574c
Author: Sean B. Palmer <[email protected]>
AuthorDate: Mon Sep 1 17:28:29 2025 +0100

    Make the plugin search broader
---
 atr/sbomtool.py | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/atr/sbomtool.py b/atr/sbomtool.py
index a226edb..88f6389 100644
--- a/atr/sbomtool.py
+++ b/atr/sbomtool.py
@@ -193,12 +193,14 @@ class Component(Lax):
 class ToolComponent(Lax):
     name: str | None = None
     version: str | None = None
+    description: str | None = None
 
 
 class Tool(Lax):
-    vendor: str | None = None
+    # vendor: str | None = None
     name: str | None = None
     version: str | None = None
+    description: str | None = None
 
 
 class Tools(Lax):
@@ -606,10 +608,12 @@ def maven_plugin_outdated_version(bom: Bom) -> Outdated | 
None:
     # This is just a warning, of course
     if bom.metadata is None:
         return OutdatedMissingMetadata()
-    if bom.metadata.timestamp is None:
+    timestamp = bom.metadata.timestamp
+    if timestamp is None:
         # This quite often isn't available
         # We could use the file mtime, but that's extremely heuristic
-        return OutdatedMissingTimestamp()
+        # return OutdatedMissingTimestamp()
+        timestamp = 
datetime.datetime.now(datetime.UTC).strftime("%Y-%m-%dT%H:%M:%SZ")
     tools = []
     t = bom.metadata.tools
     if isinstance(t, list):
@@ -617,14 +621,19 @@ def maven_plugin_outdated_version(bom: Bom) -> Outdated | 
None:
     elif t:
         tools = t.components or []
     for tool in tools:
-        if tool.name != "cyclonedx-maven-plugin":
+        names_or_descriptions = {
+            "cyclonedx maven plugin",
+            "cyclonedx-maven-plugin",
+        }
+        name_or_description = (tool.name or tool.description or "").lower()
+        if name_or_description not in names_or_descriptions:
             continue
         if tool.version is None:
-            return OutdatedMissingVersion(name=tool.name)
-        available_version = 
maven_plugin_outdated_version_core(bom.metadata.timestamp, tool.version)
+            return OutdatedMissingVersion(name=name_or_description)
+        available_version = maven_plugin_outdated_version_core(timestamp, 
tool.version)
         if available_version is not None:
             return OutdatedTool(
-                name=tool.name,
+                name=name_or_description,
                 used_version=tool.version,
                 available_version=available_version,
             )


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

(tooling-trusted-release) branch main updated: Make the plugin search broader

Reply via email to