component-detection icon indicating copy to clipboard operation
component-detection copied to clipboard
verified publisher icon microsoft

Clarify on "Scanning" vs "Graph Creation"

Open sschuberth opened this issue 4 years ago • 4 comments

The Feature Overview contains a table with "Scanning" and "Graph Creation" headers, but I'm having a hard time understanding what esp. "Scanning" means in this context, if not scanning for dependencies, which (to me) implies the creation of a dependency graph.

Or does "Scanning" mean that only direct dependencies are identified, but not transitive ones? Could you please clarify?

sschuberth avatar Jan 04 '22 17:01 sschuberth

Thanks for bringing up this question! The distinction between graph creation and scanning is whether we are capturing the parent/child relationships between the dependencies.

Scanning

Direct dependencies

Have no defined parent/child relationships so graph creation isn't possible.

Transitive dependencies, no relationships

It's possible for some of our detectors to discover transitive dependencies but only as a flat list. If that's the case, without knowing the relationships between the transitive dependencies, graph creation isn't possible.

Graph Creation

Transitive dependencies + relationships

Only when transitive dependencies are available and the parent/child relationship between them is available can we do graph creation.

tevoinea avatar Jan 10 '22 15:01 tevoinea

Thanks for the clarification 👍🏻

So, phrased differently, "Graph Creation" implies getting direct and transitive dependencies incl. their relationships. And for "Scanning" dependencies without relationships, there are two sub-cases, firstly where only direct dependencies are captured, and secondly where also transitive dependencies are captured. Would it make sense to distinguish between these sub-cases also in the Feature Overview?

sschuberth avatar Jan 10 '22 15:01 sschuberth

Yup, you got it exactly right.

There's definitely value in distinguishing those sub cases. I'm thinking we can add 2 columns for direct dependencies and transitive dependencies in the detailed feature overview^1. That way we can keep the ReadMe clean and we can highlight some of those subtle differences between the detectors for anyone looking to do a deeper dive into the project's capabilities.

If that sounds good to you then we can create 2 tasks:

  • [ ] Document the difference between "Scanning" and "Graph Creation" (this comment can be a good starting point)
  • [ ] Add 2 columns for Direct Dependencies and Transitive Dependencies to the detailed feature overview^1

tevoinea avatar Jan 10 '22 16:01 tevoinea

Sounds good to me, thanks again!

sschuberth avatar Jan 10 '22 16:01 sschuberth