add supporting requirements to pass dependabot locations via mappings

Killklli · Killklli · commit e438e190342c · 2024-06-24T19:45:30.000-04:00
diff --git a/src/ghastoolkit/octokit/dependabot.py b/src/ghastoolkit/octokit/dependabot.py
@@ -95,6 +95,7 @@ def getAlerts(
                         ),
                         advisory=advisory,
                         purl=f"pkg:{package.get('ecosystem')}/{package.get('name')}".lower(),
+                        manifest=alert.get("manifest_path"),
                     )
                 )
 
@@ -148,4 +149,4 @@ def getAlertsGraphQL(self) -> list[DependencyAlert]:
             self.graphql.cursor = alerts.get("pageInfo", {}).get("endCursor", "")
 
         logger.debug(f"Number of Dependabot Alerts :: {len(results)}")
-        return results
+        return results
diff --git a/src/ghastoolkit/octokit/dependencygraph.py b/src/ghastoolkit/octokit/dependencygraph.py
@@ -225,6 +225,7 @@ def getDependenciesInPR(self, base: str, head: str) -> Dependencies:
                         summary=alert.get("advisory_summary"),
                         url=alert.get("advisory_ghsa_url"),
                     ),
+                    manifest=alert.get("manifest"),
                 )
                 dep.alerts.append(dep_alert)
 
@@ -262,4 +263,4 @@ def submitSbom(self, sbom: dict[Any, Any]):
             "/repos/{owner}/{repo}/dependency-graph/snapshots",
             sbom,
             expected=201,
-        )
+        )
diff --git a/src/ghastoolkit/supplychain/dependencies.py b/src/ghastoolkit/supplychain/dependencies.py
@@ -51,7 +51,7 @@ def getPurl(self, version: bool = True) -> str:
         if self.manager:
             result += f"{self.manager.lower()}/"
         if self.namespace:
-            result += f"{self.namespace}/"
+            result += f"{self.namespace}:"
         result += f"{self.name}"
         if version and self.version:
             result += f"@{self.version}"
@@ -231,4 +231,4 @@ def updateDependency(self, dependency: Dependency):
     def updateDependencies(self, dependencies: "Dependencies"):
         """Update a list of dependencies."""
         for dep in dependencies:
-            self.updateDependency(dep)
+            self.updateDependency(dep)
diff --git a/src/ghastoolkit/supplychain/dependencyalert.py b/src/ghastoolkit/supplychain/dependencyalert.py
@@ -23,6 +23,9 @@ class DependencyAlert(OctoItem):
     created_at: Optional[str] = None
     """Created Timestamp"""
 
+    manifest: Optional[str] = None
+    """Manifest"""
+
     def __init_post__(self):
         if not self.created_at:
             self.created_at = datetime.now().strftime("%Y-%m-%dT%XZ")
@@ -36,4 +39,4 @@ def createdAt(self) -> Optional[datetime]:
             return datetime.strptime(self.created_at, "%Y-%m-%dT%XZ")
 
     def __str__(self) -> str:
-        return f"DependencyAlert({self.advisory.ghsa_id}, {self.severity})"
+        return f"DependencyAlert({self.advisory.ghsa_id}, {self.severity})"

Original file line number	Diff line number	Diff line change
`@@ -95,6 +95,7 @@ def getAlerts(`
`95`	`95`	`),`
`96`	`96`	`advisory=advisory,`
`97`	`97`	`purl=f"pkg:{package.get('ecosystem')}/{package.get('name')}".lower(),`
	`98`	`+ manifest=alert.get("manifest_path"),`
`98`	`99`	`)`
`99`	`100`	`)`
`100`	`101`
`@@ -148,4 +149,4 @@ def getAlertsGraphQL(self) -> list[DependencyAlert]:`
`148`	`149`	`self.graphql.cursor = alerts.get("pageInfo", {}).get("endCursor", "")`
`149`	`150`
`150`	`151`	`logger.debug(f"Number of Dependabot Alerts :: {len(results)}")`
`151`		`- return results`
	`152`	`+ return results`