All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.metaeffekt.artifact.enrichment.other.ArtifactCorrelationEnrichment Maven / Gradle / Ivy

/*
 * Copyright 2021-2024 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.metaeffekt.artifact.enrichment.other;

import com.metaeffekt.artifact.analysis.vulnerability.correlation.ArtifactCorrelationUtil;
import com.metaeffekt.artifact.enrichment.InventoryEnricher;
import com.metaeffekt.artifact.enrichment.configurations.ArtifactCorrelationEnrichmentConfiguration;
import com.metaeffekt.mirror.download.documentation.DocRelevantMethods;
import com.metaeffekt.mirror.download.documentation.EnricherMetadata;
import com.metaeffekt.mirror.download.documentation.InventoryEnrichmentPhase;
import org.metaeffekt.core.inventory.processor.model.Inventory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.io.File;

/**
 * 

The automatic {@link com.metaeffekt.artifact.enrichment.vulnerability.CpeDerivationEnrichment} * and other automatic product identifier matching algorithms have no way of reliably and correctly performing their * task perfectly in all cases for several reasons * (such as spelling mistakes in the product data on either side, differing naming conventions, multiple products with the same name, and so on).

*

To improve the quality of these steps and to enable matching via Microsoft, EOL and other data sources, * a custom data format is used (Correlation Files) to manually map the component metadata to the product identifiers. * More details on the artifact-data schema can be found here.

*/ @EnricherMetadata( name = "Artifact Correlation YAML", phase = InventoryEnrichmentPhase.PRODUCT_IDENTIFICATION, intermediateFileSuffix = "correlation", mavenPropertyName = "correlationYamlEnrichment" ) public class ArtifactCorrelationEnrichment extends InventoryEnricher { private static final Logger LOG = LoggerFactory.getLogger(ArtifactCorrelationEnrichment.class); private ArtifactCorrelationEnrichmentConfiguration configuration = new ArtifactCorrelationEnrichmentConfiguration(); public void setConfiguration(ArtifactCorrelationEnrichmentConfiguration configuration) { this.configuration = configuration; } @Override public ArtifactCorrelationEnrichmentConfiguration getConfiguration() { return configuration; } @Override @DocRelevantMethods({"ArtifactCorrelationUtil#addYamlToInventory(Inventory, List)"}) protected void performEnrichment(Inventory inventory) { LOG.info("Performing enrichment using [{}] yaml file{} or director{}", configuration.getYamlFiles().size(), configuration.getYamlFiles().size() == 1 ? "" : "s", configuration.getYamlFiles().size() == 1 ? "y" : "ies"); for (File file : configuration.getYamlFiles()) { ArtifactCorrelationUtil.addYamlToInventory(inventory, file, super.getSecurityPolicyConfiguration().getJsonSchemaValidationErrorsHandling()); } } }




© 2015 - 2025 Weber Informatics LLC | Privacy Policy