SLCORE-1525 Rename SCA issues to dependency risks

Author: damien-urruty-sonarsource

API_CHANGES.md

@@ -1,22 +1,28 @@
 # 10.27
 
+## Breaking changes
+
+* Merge `org.sonarsource.sonarlint.core.rpc.protocol.backend.tracking.DependencyRiskTrackingRpcService` into `org.sonarsource.sonarlint.core.rpc.protocol.backend.sca.DependencyRiskRpcService`.
+* Rename `org.sonarsource.sonarlint.core.rpc.protocol.SonarLintRpcClient.didChangeScaIssues` to `org.sonarsource.sonarlint.core.rpc.protocol.SonarLintRpcClient.didChangeDependencyRisks`.
+
 ## New features
 
-* Allow changing status of SCA issues via `org.sonarsource.sonarlint.core.rpc.protocol.backend.sca.ScaRpcService.changeStatus`.
-  * Required parameters are `configScopeId`, `issueId` and `transition`.
+* Allow changing status of dependency risks (SCA issues) via `org.sonarsource.sonarlint.core.rpc.protocol.backend.sca.DependencyRiskRpcService.changeStatus`.
+  * Required parameters are `configScopeId`, `dependencyRiskKey` and `transition`.
   * If transition is `ACCEPT`, `FIXED`, or `SAFE`, a `comment` field is mandatory
-* Allow clients to open dependency risk (SCA issues) in browser
-  * Introduce `org.sonarsource.sonarlint.core.rpc.protocol.backend.sca.ScaRpcService.openDependencyRiskInBrowser` that accepts `configScopeId` and `dependencyRiskKey` (UUID) parameters
-* Allow clients to record interactions with dependency risks (SCA issues) in telemetry
+* Allow clients to open dependency risk in browser
+  * Introduce `org.sonarsource.sonarlint.core.rpc.protocol.backend.sca.DependencyRiskRpcService.openDependencyRiskInBrowser` that accepts `configScopeId` and `dependencyRiskKey` (UUID) parameters
+* Allow clients to record interactions with dependency risks in telemetry
   * Introduce `org.sonarsource.sonarlint.core.rpc.protocol.backend.telemetry.TelemetryRpcService.dependencyRiskInvestigatedLocally` method
-* Add a new `org.sonarsource.sonarlint.core.rpc.protocol.backend.sca.ScaRpcService.getDependencyRiskDetails`.
+* Add a new `org.sonarsource.sonarlint.core.rpc.protocol.backend.sca.DependencyRiskRpcService.getDependencyRiskDetails`.
 
 # 10.26
 
 ## New features
 
 * Add a new `SCA_SYNCHRONIZATION` value in `org.sonarsource.sonarlint.core.rpc.protocol.backend.initialize.BackendCapability`. Clients using the feature need to declare it at initialization time.
 * Introduce a new `org.sonarsource.sonarlint.core.rpc.protocol.backend.tracking.ScaIssueTrackingRpcService` service and a `listAll` method
+* Introduce a new `org.sonarsource.sonarlint.core.rpc.protocol.SonarLintRpcClient.didChangeScaIssues` notification.
 
 # 10.25
 

backend/core/src/main/java/org/sonarsource/sonarlint/core/event/ScaIssuesSynchronizedEvent.java renamed to backend/core/src/main/java/org/sonarsource/sonarlint/core/event/DependencyRisksSynchronizedEvent.java

@@ -19,8 +19,8 @@
  */
 package org.sonarsource.sonarlint.core.event;
 
-import org.sonarsource.sonarlint.core.serverconnection.issues.ServerScaIssue;
+import org.sonarsource.sonarlint.core.serverconnection.issues.ServerDependencyRisk;
 import org.sonarsource.sonarlint.core.serverconnection.storage.UpdateSummary;
 
-public record ScaIssuesSynchronizedEvent(String connectionId, String sonarProjectKey, String sonarBranch, UpdateSummary<ServerScaIssue> summary) {
+public record DependencyRisksSynchronizedEvent(String connectionId, String sonarProjectKey, String sonarBranch, UpdateSummary<ServerDependencyRisk> summary) {
 }

backend/core/src/main/java/org/sonarsource/sonarlint/core/sca/ScaService.java renamed to backend/core/src/main/java/org/sonarsource/sonarlint/core/sca/DependencyRiskService.java

@@ -34,17 +34,17 @@
 import org.sonarsource.sonarlint.core.rpc.protocol.backend.sca.DependencyRiskTransition;
 import org.sonarsource.sonarlint.core.rpc.protocol.backend.sca.GetDependencyRiskDetailsResponse;
 import org.sonarsource.sonarlint.core.rpc.protocol.backend.tracking.AffectedPackageDto;
-import org.sonarsource.sonarlint.core.rpc.protocol.backend.tracking.ScaIssueDto;
+import org.sonarsource.sonarlint.core.rpc.protocol.backend.tracking.DependencyRiskDto;
 import org.sonarsource.sonarlint.core.rpc.protocol.client.OpenUrlInBrowserParams;
 import org.sonarsource.sonarlint.core.serverapi.EndpointParams;
 import org.sonarsource.sonarlint.core.serverapi.ServerApiHelper;
 import org.sonarsource.sonarlint.core.serverapi.UrlUtils;
 import org.sonarsource.sonarlint.core.serverapi.sca.GetIssueReleaseResponse;
-import org.sonarsource.sonarlint.core.serverconnection.issues.ServerScaIssue;
+import org.sonarsource.sonarlint.core.serverconnection.issues.ServerDependencyRisk;
 import org.sonarsource.sonarlint.core.storage.StorageService;
 import org.sonarsource.sonarlint.core.telemetry.TelemetryService;
 
-public class ScaService {
+public class DependencyRiskService {
   private static final SonarLintLogger LOG = SonarLintLogger.get();
 
   private final ConfigurationRepository configurationRepository;
@@ -55,7 +55,7 @@ public class ScaService {
   private final SonarLintRpcClient client;
   private final TelemetryService telemetryService;
 
-  public ScaService(ConfigurationRepository configurationRepository, ConnectionConfigurationRepository connectionRepository, StorageService storageService,
+  public DependencyRiskService(ConfigurationRepository configurationRepository, ConnectionConfigurationRepository connectionRepository, StorageService storageService,
     SonarQubeClientManager sonarQubeClientManager, SonarProjectBranchTrackingService branchTrackingService, SonarLintRpcClient client, TelemetryService telemetryService) {
     this.configurationRepository = configurationRepository;
     this.connectionRepository = connectionRepository;
@@ -66,7 +66,7 @@ public ScaService(ConfigurationRepository configurationRepository, ConnectionCon
     this.telemetryService = telemetryService;
   }
 
-  public void changeStatus(String configurationScopeId, UUID issueReleaseKey, DependencyRiskTransition transition, @CheckForNull String comment,
+  public void changeStatus(String configurationScopeId, UUID dependencyRiskKey, DependencyRiskTransition transition, @CheckForNull String comment,
     SonarLintCancelMonitor cancelMonitor) {
     var binding = configurationRepository.getEffectiveBindingOrThrow(configurationScopeId);
     var serverConnection = sonarQubeClientManager.getClientOrThrow(binding.connectionId());
@@ -77,27 +77,27 @@ public void changeStatus(String configurationScopeId, UUID issueReleaseKey, Depe
       throw new IllegalArgumentException("Could not determine matched branch for configuration scope " + configurationScopeId);
     }
 
-    var scaIssues = projectServerIssueStore.loadScaIssues(branchName.get());
-    var dependencyRiskOpt = scaIssues.stream().filter(issue -> issue.key().equals(issueReleaseKey)).findFirst();
+    var dependencyRisks = projectServerIssueStore.loadDependencyRisks(branchName.get());
+    var dependencyRiskOpt = dependencyRisks.stream().filter(risk -> risk.key().equals(dependencyRiskKey)).findFirst();
 
     if (dependencyRiskOpt.isEmpty()) {
-      throw new ScaIssueNotFoundException("Dependency Risk with key " + issueReleaseKey.toString() + " was not found", issueReleaseKey.toString());
+      throw new DependencyRiskNotFoundException("Dependency Risk with key " + dependencyRiskKey + " was not found", dependencyRiskKey.toString());
     }
 
     var dependencyRisk = dependencyRiskOpt.get();
 
     if (!dependencyRisk.transitions().contains(adaptTransition(transition))) {
-      throw new IllegalArgumentException("Transition " + transition + " is not allowed for this SCA issue");
+      throw new IllegalArgumentException("Transition " + transition + " is not allowed for this dependency risk");
     }
 
     if ((transition == DependencyRiskTransition.ACCEPT || transition == DependencyRiskTransition.SAFE || transition == DependencyRiskTransition.FIXED)
       && (comment == null || comment.isBlank())) {
       throw new IllegalArgumentException("Comment is required for ACCEPT, FIXED, and SAFE transitions");
     }
 
-    LOG.info("Changing SCA issue status for issue {} to {} with comment: {}", issueReleaseKey, transition, comment);
+    LOG.info("Changing status for dependency risk {} to {} with comment: {}", dependencyRiskKey, transition, comment);
 
-    serverConnection.withClientApi(serverApi -> serverApi.sca().changeStatus(issueReleaseKey, transition.name(), comment, cancelMonitor));
+    serverConnection.withClientApi(serverApi -> serverApi.sca().changeStatus(dependencyRiskKey, transition.name(), comment, cancelMonitor));
   }
 
   public GetDependencyRiskDetailsResponse getDependencyRiskDetails(String configurationScopeId, String dependencyRiskKey, SonarLintCancelMonitor cancelMonitor) {
@@ -117,13 +117,13 @@ public GetDependencyRiskDetailsResponse getDependencyRiskDetails(String configur
     return convertToRpcResponse(serverResponse);
   }
 
-  private static ServerScaIssue.Transition adaptTransition(DependencyRiskTransition transition) {
+  private static ServerDependencyRisk.Transition adaptTransition(DependencyRiskTransition transition) {
     return switch (transition) {
-      case REOPEN -> ServerScaIssue.Transition.REOPEN;
-      case CONFIRM -> ServerScaIssue.Transition.CONFIRM;
-      case ACCEPT -> ServerScaIssue.Transition.ACCEPT;
-      case SAFE -> ServerScaIssue.Transition.SAFE;
-      case FIXED -> ServerScaIssue.Transition.FIXED;
+      case REOPEN -> ServerDependencyRisk.Transition.REOPEN;
+      case CONFIRM -> ServerDependencyRisk.Transition.CONFIRM;
+      case ACCEPT -> ServerDependencyRisk.Transition.ACCEPT;
+      case SAFE -> ServerDependencyRisk.Transition.SAFE;
+      case FIXED -> ServerDependencyRisk.Transition.FIXED;
     };
   }
 
@@ -147,8 +147,8 @@ private static GetDependencyRiskDetailsResponse convertToRpcResponse(GetIssueRel
         .build())
       .toList();
 
-    return new GetDependencyRiskDetailsResponse(serverResponse.key(), ScaIssueDto.Severity.valueOf(serverResponse.severity().name()), serverResponse.release().packageName(),
-      serverResponse.release().version(), ScaIssueDto.Type.valueOf(serverResponse.type().name()), serverResponse.vulnerability().vulnerabilityId(),
+    return new GetDependencyRiskDetailsResponse(serverResponse.key(), DependencyRiskDto.Severity.valueOf(serverResponse.severity().name()), serverResponse.release().packageName(),
+      serverResponse.release().version(), DependencyRiskDto.Type.valueOf(serverResponse.type().name()), serverResponse.vulnerability().vulnerabilityId(),
       serverResponse.vulnerability().description(), affectedPackages);
   }
 
@@ -163,14 +163,14 @@ public void openDependencyRiskInBrowser(String configurationScopeId, UUID depend
       throw new IllegalArgumentException(String.format("Configuration scope %s has no matching branch, unable to open dependency risk", configurationScopeId));
     }
 
-    var url = buildScaBrowseUrl(effectiveBinding.get().sonarProjectKey(), branchName.get(), dependencyKey, endpointParams.get());
+    var url = buildDependencyRiskBrowseUrl(effectiveBinding.get().sonarProjectKey(), branchName.get(), dependencyKey, endpointParams.get());
 
     client.openUrlInBrowser(new OpenUrlInBrowserParams(url));
 
     telemetryService.dependencyRiskInvestigatedRemotely();
   }
 
-  static String buildScaBrowseUrl(String projectKey, String branch, UUID dependencyKey, EndpointParams endpointParams) {
+  static String buildDependencyRiskBrowseUrl(String projectKey, String branch, UUID dependencyKey, EndpointParams endpointParams) {
     var relativePath = new StringBuilder("/dependency-risks/")
       .append(UrlUtils.urlEncode(dependencyKey.toString()))
       .append("/what?id=")
@@ -182,16 +182,16 @@ static String buildScaBrowseUrl(String projectKey, String branch, UUID dependenc
     return ServerApiHelper.concat(endpointParams.getBaseUrl(), relativePath);
   }
 
-  public static class ScaIssueNotFoundException extends RuntimeException {
-    private final String issueKey;
+  public static class DependencyRiskNotFoundException extends RuntimeException {
+    private final String key;
 
-    public ScaIssueNotFoundException(String message, String issueKey) {
+    public DependencyRiskNotFoundException(String message, String key) {
       super(message);
-      this.issueKey = issueKey;
+      this.key = key;
     }
 
-    public String getIssueKey() {
-      return issueKey;
+    public String getKey() {
+      return key;
     }
   }
 }

backend/core/src/main/java/org/sonarsource/sonarlint/core/spring/SonarLintSpringAppConfig.java

@@ -99,13 +99,13 @@
 import org.sonarsource.sonarlint.core.sync.HotspotSynchronizationService;
 import org.sonarsource.sonarlint.core.sync.IssueSynchronizationService;
 import org.sonarsource.sonarlint.core.sync.ScaSynchronizationService;
-import org.sonarsource.sonarlint.core.sca.ScaService;
+import org.sonarsource.sonarlint.core.sca.DependencyRiskService;
 import org.sonarsource.sonarlint.core.sync.SonarProjectBranchesSynchronizationService;
 import org.sonarsource.sonarlint.core.sync.SynchronizationService;
 import org.sonarsource.sonarlint.core.sync.TaintSynchronizationService;
 import org.sonarsource.sonarlint.core.tracking.KnownFindingsStorageService;
 import org.sonarsource.sonarlint.core.tracking.LocalOnlyIssueRepository;
-import org.sonarsource.sonarlint.core.tracking.ScaIssueTrackingService;
+import org.sonarsource.sonarlint.core.tracking.DependencyRiskTrackingService;
 import org.sonarsource.sonarlint.core.tracking.TaintVulnerabilityTrackingService;
 import org.sonarsource.sonarlint.core.tracking.TrackingService;
 import org.sonarsource.sonarlint.core.websocket.WebSocketService;
@@ -169,7 +169,7 @@
   NewCodeService.class,
   RequestHandlerBindingAssistant.class,
   TaintVulnerabilityTrackingService.class,
-  ScaIssueTrackingService.class,
+  DependencyRiskTrackingService.class,
   SonarProjectBranchesSynchronizationService.class,
   TaintSynchronizationService.class,
   IssueSynchronizationService.class,
@@ -196,7 +196,7 @@
   AiCodeFixService.class,
   ClientAwareTaskManager.class,
   ScaSynchronizationService.class,
-  ScaService.class,
+  DependencyRiskService.class,
 })
 public class SonarLintSpringAppConfig {
 

backend/core/src/main/java/org/sonarsource/sonarlint/core/sync/ScaSynchronizationService.java

@@ -21,11 +21,11 @@
 
 import org.sonarsource.sonarlint.core.commons.log.SonarLintLogger;
 import org.sonarsource.sonarlint.core.commons.progress.SonarLintCancelMonitor;
-import org.sonarsource.sonarlint.core.event.ScaIssuesSynchronizedEvent;
+import org.sonarsource.sonarlint.core.event.DependencyRisksSynchronizedEvent;
 import org.sonarsource.sonarlint.core.rpc.protocol.backend.initialize.BackendCapability;
 import org.sonarsource.sonarlint.core.rpc.protocol.backend.initialize.InitializeParams;
 import org.sonarsource.sonarlint.core.serverapi.ServerApi;
-import org.sonarsource.sonarlint.core.serverconnection.issues.ServerScaIssue;
+import org.sonarsource.sonarlint.core.serverconnection.issues.ServerDependencyRisk;
 import org.sonarsource.sonarlint.core.serverconnection.storage.UpdateSummary;
 import org.sonarsource.sonarlint.core.storage.StorageService;
 import org.springframework.context.ApplicationEventPublisher;
@@ -53,48 +53,48 @@ public void synchronize(ServerApi serverApi, String connectionId, String sonarPr
     if (!isScaSupported(serverApi, connectionId)) {
       return;
     }
-    LOG.info("[SYNC] Synchronizing SCA issues for project '{}' on branch '{}'", sonarProjectKey, branchName);
+    LOG.info("[SYNC] Synchronizing dependency risks for project '{}' on branch '{}'", sonarProjectKey, branchName);
 
-    var summary = updateServerScaIssuesForProject(serverApi, connectionId, sonarProjectKey, branchName, cancelMonitor);
+    var summary = updateServerDependencyRisksForProject(serverApi, connectionId, sonarProjectKey, branchName, cancelMonitor);
     if (summary.hasAnythingChanged()) {
-      eventPublisher.publishEvent(new ScaIssuesSynchronizedEvent(connectionId, sonarProjectKey, branchName, summary));
+      eventPublisher.publishEvent(new DependencyRisksSynchronizedEvent(connectionId, sonarProjectKey, branchName, summary));
     }
   }
 
-  private UpdateSummary<ServerScaIssue> updateServerScaIssuesForProject(ServerApi serverApi, String connectionId, String sonarProjectKey, String branchName,
+  private UpdateSummary<ServerDependencyRisk> updateServerDependencyRisksForProject(ServerApi serverApi, String connectionId, String sonarProjectKey, String branchName,
     SonarLintCancelMonitor cancelMonitor) {
     var issuesReleases = serverApi.sca().getIssuesReleases(sonarProjectKey, branchName, cancelMonitor);
     var findingsStore = storageService.connection(connectionId).project(sonarProjectKey).findings();
 
-    var previousScaIssues = findingsStore.loadScaIssues(branchName);
-    var previousScaIssueKeys = previousScaIssues.stream().map(ServerScaIssue::key).collect(toSet());
+    var previousDependencyRisks = findingsStore.loadDependencyRisks(branchName);
+    var previousDependencyRiskKeys = previousDependencyRisks.stream().map(ServerDependencyRisk::key).collect(toSet());
 
-    var scaIssues = issuesReleases.issuesReleases().stream()
-      .map(issueRelease -> new ServerScaIssue(
+    var serverDependencyRisks = issuesReleases.issuesReleases().stream()
+      .map(issueRelease -> new ServerDependencyRisk(
         issueRelease.key(),
-        ServerScaIssue.Type.valueOf(issueRelease.type().name()),
-        ServerScaIssue.Severity.valueOf(issueRelease.severity().name()),
-        ServerScaIssue.Status.valueOf(issueRelease.status().name()),
+        ServerDependencyRisk.Type.valueOf(issueRelease.type().name()),
+        ServerDependencyRisk.Severity.valueOf(issueRelease.severity().name()),
+        ServerDependencyRisk.Status.valueOf(issueRelease.status().name()),
         issueRelease.release().packageName(),
         issueRelease.release().version(),
-        issueRelease.transitions().stream().map(Enum::name).map(ServerScaIssue.Transition::valueOf).toList()))
+        issueRelease.transitions().stream().map(Enum::name).map(ServerDependencyRisk.Transition::valueOf).toList()))
       .toList();
 
-    findingsStore.replaceAllScaIssuesOfBranch(branchName, scaIssues);
+    findingsStore.replaceAllDependencyRisksOfBranch(branchName, serverDependencyRisks);
 
-    var newScaIssueKeys = scaIssues.stream().map(ServerScaIssue::key).collect(toSet());
-    var deletedScaIssueIds = previousScaIssues.stream()
-      .map(ServerScaIssue::key)
-      .filter(key -> !newScaIssueKeys.contains(key))
+    var newDependencyRiskKeys = serverDependencyRisks.stream().map(ServerDependencyRisk::key).collect(toSet());
+    var deletedDependencyRiskIds = previousDependencyRisks.stream()
+      .map(ServerDependencyRisk::key)
+      .filter(key -> !newDependencyRiskKeys.contains(key))
       .collect(toSet());
-    var addedScaIssues = scaIssues.stream()
-      .filter(issue -> !previousScaIssueKeys.contains(issue.key()))
+    var addedDependencyRisks = serverDependencyRisks.stream()
+      .filter(issue -> !previousDependencyRiskKeys.contains(issue.key()))
       .toList();
-    var updatedScaIssues = scaIssues.stream()
-      .filter(issue -> previousScaIssueKeys.contains(issue.key()))
+    var updatedDependencyRisks = serverDependencyRisks.stream()
+      .filter(issue -> previousDependencyRiskKeys.contains(issue.key()))
       .toList();
 
-    return new UpdateSummary<>(deletedScaIssueIds, addedScaIssues, updatedScaIssues);
+    return new UpdateSummary<>(deletedDependencyRiskIds, addedDependencyRisks, updatedDependencyRisks);
   }
 
   private boolean isScaSupported(ServerApi serverApi, String connectionId) {