com.metaeffekt.artifact.enrichment.other.ArtifactCorrelationEnrichment Maven / Gradle / Ivy
/*
* Copyright 2021-2024 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.metaeffekt.artifact.enrichment.other;
import com.metaeffekt.artifact.analysis.vulnerability.correlation.ArtifactCorrelationUtil;
import com.metaeffekt.artifact.enrichment.InventoryEnricher;
import com.metaeffekt.artifact.enrichment.configurations.ArtifactCorrelationEnrichmentConfiguration;
import com.metaeffekt.mirror.download.documentation.DocRelevantMethods;
import com.metaeffekt.mirror.download.documentation.EnricherMetadata;
import com.metaeffekt.mirror.download.documentation.InventoryEnrichmentPhase;
import org.metaeffekt.core.inventory.processor.model.Inventory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.File;
/**
* The automatic {@link com.metaeffekt.artifact.enrichment.vulnerability.CpeDerivationEnrichment}
* and other automatic product identifier matching algorithms have no way of reliably and correctly performing their
* task perfectly in all cases for several reasons
* (such as spelling mistakes in the product data on either side, differing naming conventions, multiple products with the same name, and so on).
* To improve the quality of these steps and to enable matching via Microsoft, EOL and other data sources,
* a custom data format is used (Correlation Files) to manually map the component metadata to the product identifiers.
* More details on the artifact-data
schema can be found here.
*/
@EnricherMetadata(
name = "Artifact Correlation YAML", phase = InventoryEnrichmentPhase.PRODUCT_IDENTIFICATION,
intermediateFileSuffix = "correlation", mavenPropertyName = "correlationYamlEnrichment"
)
public class ArtifactCorrelationEnrichment extends InventoryEnricher {
private static final Logger LOG = LoggerFactory.getLogger(ArtifactCorrelationEnrichment.class);
private ArtifactCorrelationEnrichmentConfiguration configuration = new ArtifactCorrelationEnrichmentConfiguration();
public void setConfiguration(ArtifactCorrelationEnrichmentConfiguration configuration) {
this.configuration = configuration;
}
@Override
public ArtifactCorrelationEnrichmentConfiguration getConfiguration() {
return configuration;
}
@Override
@DocRelevantMethods({"ArtifactCorrelationUtil#addYamlToInventory(Inventory, List)"})
protected void performEnrichment(Inventory inventory) {
LOG.info("Performing enrichment using [{}] yaml file{} or director{}", configuration.getYamlFiles().size(), configuration.getYamlFiles().size() == 1 ? "" : "s", configuration.getYamlFiles().size() == 1 ? "y" : "ies");
for (File file : configuration.getYamlFiles()) {
ArtifactCorrelationUtil.addYamlToInventory(inventory, file, super.getSecurityPolicyConfiguration().getJsonSchemaValidationErrorsHandling());
}
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy