diff --git a/docs/reference/analysis-scope-configuration.md b/docs/reference/analysis-scope-configuration.md index 1c386e79..19e0feee 100644 --- a/docs/reference/analysis-scope-configuration.md +++ b/docs/reference/analysis-scope-configuration.md @@ -273,31 +273,19 @@ Architecture Quality is available by default. However, you can still use the var The `architecture` section of the scope file supports the following options: -| Option | Required | Description | -|----------------------------|----------|------------------------------------------------------------------------------------------| -| `model` | No | SIG Architecture Quality Model that should be used for the analysis, defaults to latest. | -| `exclude` | No | See [Excluding files and directories for Architecture Quality](#excluding-files-and-directories-for-architecture-quality). | -| `custom_components` | No | See [Components in Maintainability versus components in Architecture Quality](#components-in-maintainability-versus-components-in-architecture-quality). | -| `add_dependencies` | No | See [Manually specifying architecture dependencies](#manually-specifying-architecture-dependencies). | -| `remove_dependencies` | No | See [Manually specifying architecture dependencies](#manually-removing-architecture-dependencies). | -| `undesirable_dependencies` | No | See [Highlighting undesirable dependencies](#highlighting-undesirable-dependencies). | -| `add_system_elements` | No | See [Manually specifying architecture elements](#manually-specifying-architecture-elements). | +| Option | Required | Description | +|----------------------------|----------|--------------------------------------------------------------------------------------------------------------------------------| +| `model` | No | SIG Architecture Quality Model that should be used for the analysis, defaults to latest. | +| `exclude` | No | See [Excluding files and directories for Architecture Quality](#excluding-files-and-directories-for-architecture-quality). | +| `add_dependencies` | No | See [Manually specifying architecture dependencies](#manually-specifying-architecture-dependencies). | +| `remove_dependencies` | No | See [Manually specifying architecture dependencies](#manually-removing-architecture-dependencies). | +| `undesirable_dependencies` | No | See [Highlighting undesirable dependencies](#highlighting-undesirable-dependencies). | +| `add_system_elements` | No | See [Manually specifying architecture elements](#manually-specifying-architecture-elements). | | `grouping` | No | See [Grouping and annotating components in Architecture Quality](#grouping-and-annotating-components-in-architecture-quality). | -| `history_period_months` | No | See [Analyzing your repository history](#analyzing-your-repository-history). | -| `history_start` | No | See [Analyzing your repository history](#analyzing-your-repository-history). | -| `history_end` | No | See [Analyzing your repository history](#analyzing-your-repository-history). | +| `history_period_months` | No | See [Analyzing your repository history](#analyzing-your-repository-history). | +| `history_start` | No | See [Analyzing your repository history](#analyzing-your-repository-history). | +| `history_end` | No | See [Analyzing your repository history](#analyzing-your-repository-history). | -### Components in Maintainability versus components in Architecture Quality - -By default, Sigrid will automatically detect your system's component structure. This applies to all Sigrid capabilities, so the automatically detected component structure will also be used for Architecture Quality. - -However, it is possible to [manually override the component structure](#defining-components). If you do this, the manually defined components *only* apply to the Maintainability capability, and are not automatically picked up by the Architecture Quality capability. If you *also* want to override the component structure for Architecture Quality, you will need to explicitly add the following option: - - architecture: - custom_components: true - -As explained in the section on [defining components](#defining-components), we recommend you use the automatic component detection. - ### Analyzing your repository history Architecture Quality analyzes both your source code and the repository history. See the [frequently asked questions for architecture quality](../capabilities/faq-architecture.md) for more information on how the repository history is analyzed. diff --git a/docs/reference/aq-json-export-format.md b/docs/reference/aq-json-export-format.md index dc592bf5..caf39e38 100644 --- a/docs/reference/aq-json-export-format.md +++ b/docs/reference/aq-json-export-format.md @@ -111,6 +111,7 @@ picture in the previous section. | systemElement.observationType | See the list of [architecture observations](#architecture-observations) below. Optional field. [1] | | systemElement.technology | Indicates this is a technology-specific system element. Optional field. [2] | | systemElement.annotation | Text description that provides information for system elements. Optional field, defined in configuration. [3] | +| dependency.id | ID based on the dependency's fingerprint. Dependencies will retain the same ID across subsequent scans. | | dependency.sourceElementId | Refers to one of the entries in `systemElements`. | | dependency.targetElementId | Refers to one of the entries in `systemElements`. | | dependency.type | See the [list of dependency types](#dependency-types) below. | diff --git a/resources/sigrid-scope-file.schema.json b/resources/sigrid-scope-file.schema.json index 6020b48a..f823afb0 100644 --- a/resources/sigrid-scope-file.schema.json +++ b/resources/sigrid-scope-file.schema.json @@ -226,26 +226,14 @@ "properties": { "description": { "type": "string" - }, - "action": { - "type": "string" - }, - "technologies": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "array", - "items": { - "type": "string" - } - } - ] } }, - "required": ["description", "action", "technologies"], + "required": ["description"], "additionalProperties": true + }, + "dependency_checker_source": { + "type": "string", + "enum": ["all", "sbom"] } }, @@ -283,25 +271,6 @@ "description": "SIG Maintainability Model that should be used for the analysis, defaults to latest." }, - "alerts": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "When true, will send alert email notifications when noteworthy events happen." - }, - "recipients": { - "type": "array", - "items": { - "type": "string", - "format": "email" - }, - "description": "List of email addresses that should receive alerts." - } - }, - "additionalProperties": false - }, - "dependencychecker": { "type": "object", "properties": { @@ -395,6 +364,9 @@ "type": "string" }, "description": "List of technologies for which the analysis should be disabled." + }, + "source": { + "$ref": "#/definitions/dependency_checker_source" } }, "additionalProperties": false, @@ -418,7 +390,7 @@ }, "custom_components": { "type": "boolean", - "description": "Overrides automatic component detection with components defined manually in scope file." + "description": "Deprecated. This option is obsolete." }, "file_annotation_components": { "type": "boolean", @@ -465,7 +437,7 @@ }, "history_enabled": { "type": "boolean", - "description": "Deprecated, this is now detected automatically." + "description": "Deprecated. This option is obsolete." }, "history": { "anyOf": [ @@ -476,7 +448,7 @@ "type": "string" } ], - "description": "Deprecated, this is now detected automatically." + "description": "Deprecated. This option is obsolete." }, "history_period_months": { "type": "integer", @@ -500,7 +472,7 @@ }, "branch": { "$ref": "#/definitions/branches", - "description": "Repository branch to use, comma-separated for multiple branches. Defaults to current branch." + "description": "Deprecated. This option is obsolete." }, "duplication": { "type": "boolean", @@ -566,10 +538,10 @@ }, "additionalProperties": false, "required": [] - } + }, + "checkmarx": false }, "required": ["languages"], - "not": {"required": ["checkmarx"]}, "title": "Sigrid scope configuration file", "type": "object" } diff --git a/test/test_scope_file_schema.py b/test/test_scope_file_schema.py index c7553c8e..514022e1 100644 --- a/test/test_scope_file_schema.py +++ b/test/test_scope_file_schema.py @@ -12,6 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +import inspect import json import jsonschema import yaml @@ -34,12 +35,11 @@ def testSchemaIsValidJson(self): "description", "properties", "required", - "not", - "title", + "title", "type" ] - self.assertEqual(list(self.schema.keys()), fields) + self.assertEqual(sorted(self.schema.keys()), fields) def testValidScopeFileAgainstSchema(self): scope = """ @@ -71,14 +71,15 @@ def testDisallowedSection(self): languages: - Java checkmarx: - enabled: true + aap: true """ try: parsedScope = yaml.load(scope, Loader=yaml.FullLoader) jsonschema.validate(instance=parsedScope, schema=self.schema) + self.assertTrue(False, "ValidationError should have been raised") except jsonschema.ValidationError as e: - self.assertTrue(e.message.endswith("should not be valid under {'required': ['checkmarx']}")) + self.assertTrue("schema does not allow {'aap': True}" in e.message) def testDependencyCheckerExcludeOptions(self): scope = """ @@ -111,4 +112,24 @@ def testRejectUnknownDependencyCheckerExcludeOptions(self): self.assertTrue(False, "ValidationError should have been raised") except jsonschema.ValidationError as e: self.assertTrue("{'something': 'noot'} is not valid under any of the given schemas" in e.message) - \ No newline at end of file + + def testDependencyCheckerSourceOption(self): + base = inspect.cleandoc(""" + languages: + - Python + dependencychecker: + blocklist: ["NONE"] + """) + + scope = yaml.load(f"{base}\n source: all", Loader=yaml.FullLoader) + jsonschema.validate(instance=scope, schema=self.schema) + + scope = yaml.load(f"{base}\n source: sbom", Loader=yaml.FullLoader) + jsonschema.validate(instance=scope, schema=self.schema) + + try: + scope = yaml.load(f"{base}\n source: aap", Loader=yaml.FullLoader) + jsonschema.validate(instance=scope, schema=self.schema) + self.assertTrue(False, "ValidationError should have been raised") + except jsonschema.ValidationError as e: + self.assertTrue("'aap' is not one of ['all', 'sbom']" in e.message)