bundler-sbom 0.1.5 → 0.1.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bb32eb6e21ec3b09fe1d3d199b978c44313f119ee57bb9d3899b20ae443020c0
-  data.tar.gz: 36b4b1b637fbafa93ac463418e5e26330146cff96b7c2e76733bc7c5b4a2cfc9
+  metadata.gz: bb720a4c1407de48380f89d81cfb76c76c9aaf72477e06de9d42e2154b278ddf
+  data.tar.gz: '0596c33babc35714c4515f6eb7f018bbabbe22350734650c060f34788a28bb0f'
 SHA512:
-  metadata.gz: 39825222126b541eaf3df0b04c5b9784ce7cdc68d6fd837f642cad6e6ce5e6196a709a31154565f97efaea0ab8f1f483417daada360e331990a675880f3f75e6
-  data.tar.gz: f95ddbec1b92a9eeffd0732f31d30005e3fb36d85f3c381454977a7130e24630e32fe4d6fbfbf005f3cefaaa35d5bc264c92aa29403d64aff33050797727505b
+  metadata.gz: a1878c226f0f1dc92967c05dcb52539de886734eed0395a734164c426d14cffcccebf53c13dab7f5113c4497efe44c9b7bcca2898d638a1f84cc88362502f1f8
+  data.tar.gz: 5fb51be53f651ec22422f33fdbb8859842cef43911681ed70d104f9582856f741816491df1a8b67a322122f4eecb21355dabdd9e6d103ab85016f08ea5506a90

data/Gemfile

@@ -3,6 +3,7 @@ source "https://rubygems.org"
 gemspec
 
 group :development do
+  gem "thor"
   gem "rake"
   gem "rspec"
   gem "simplecov", require: false

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 SHIBATA Hiroshi
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/lib/bundler/sbom/cli.rb

@@ -1,5 +1,6 @@
 require "json"
 require "bundler/sbom/generator"
+require "bundler/sbom/reporter"
 
 module Bundler
   module Sbom
@@ -20,7 +21,7 @@ module Bundler
 
         begin
           sbom = JSON.parse(File.read("bom.json"))
-          Bundler::Sbom::Generator.display_license_report(sbom)
+          Bundler::Sbom::Reporter.display_license_report(sbom)
         rescue JSON::ParserError
           Bundler.ui.error("Error: bom.json is not a valid JSON file")
           exit 1

data/lib/bundler/sbom/generator.rb

@@ -3,11 +3,14 @@ require "securerandom"
 
 module Bundler
   module Sbom
+    class GemfileLockNotFoundError < StandardError; end
+
     class Generator
       def self.generate_sbom
         lockfile_path = Bundler.default_lockfile
-        unless lockfile_path.exist?
-          abort "No Gemfile.lock found. Run `bundle install` first."
+        if !lockfile_path || !lockfile_path.exist?
+          Bundler.ui.error "No Gemfile.lock found. Run `bundle install` first."
+          raise GemfileLockNotFoundError, "No Gemfile.lock found"
         end
 
         lockfile = Bundler::LockfileParser.new(lockfile_path.read)
@@ -57,6 +60,7 @@ module Bundler
             "filesAnalyzed" => false,
             "licenseConcluded" => license_string,
             "licenseDeclared" => license_string,
+            "copyrightText" => "NOASSERTION",
             "supplier" => "NOASSERTION",
             "externalRefs" => [
               {
@@ -69,50 +73,9 @@ module Bundler
           sbom["packages"] << package
         end
 
+        sbom["documentDescribes"] = sbom["packages"].map { |p| p["SPDXID"] }
         sbom
       end
-
-      def self.display_license_report(sbom)
-        license_count = analyze_licenses(sbom)
-        sorted_licenses = license_count.sort_by { |_, count| -count }
-
-        puts "=== License Usage in SBOM ==="
-        puts "Total packages: #{sbom["packages"].size}"
-        puts
-
-        sorted_licenses.each do |license, count|
-          puts "#{license}: #{count} package(s)"
-        end
-
-        puts "\n=== Packages by License ==="
-        sorted_licenses.each do |license, _|
-          packages = sbom["packages"].select do |package|
-            if package["licenseDeclared"].include?(",")
-              package["licenseDeclared"].split(",").map(&:strip).include?(license)
-            else
-              package["licenseDeclared"] == license
-            end
-          end
-
-          puts "\n#{license} (#{packages.size} package(s)):"
-          packages.each do |package|
-            puts "  - #{package["name"]} (#{package["versionInfo"]})"
-          end
-        end
-      end
-
-      private
-
-      def self.analyze_licenses(sbom)
-        license_count = Hash.new(0)
-        sbom["packages"].each do |package|
-          licenses = package["licenseDeclared"].split(",").map(&:strip)
-          licenses.each do |license|
-            license_count[license] += 1
-          end
-        end
-        license_count
-      end
     end
   end
 end

data/lib/bundler/sbom/reporter.rb

@@ -0,0 +1,47 @@
+module Bundler
+  module Sbom
+    class Reporter
+      def self.display_license_report(sbom)
+        license_count = analyze_licenses(sbom)
+        sorted_licenses = license_count.sort_by { |_, count| -count }
+
+        puts "=== License Usage in SBOM ==="
+        puts "Total packages: #{sbom["packages"].size}"
+        puts
+
+        sorted_licenses.each do |license, count|
+          puts "#{license}: #{count} package(s)"
+        end
+
+        puts "\n=== Packages by License ==="
+        sorted_licenses.each do |license, _|
+          packages = sbom["packages"].select do |package|
+            if package["licenseDeclared"].include?(",")
+              package["licenseDeclared"].split(",").map(&:strip).include?(license)
+            else
+              package["licenseDeclared"] == license
+            end
+          end
+
+          puts "\n#{license} (#{packages.size} package(s)):"
+          packages.each do |package|
+            puts "  - #{package["name"]} (#{package["versionInfo"]})"
+          end
+        end
+      end
+
+      private
+
+      def self.analyze_licenses(sbom)
+        license_count = Hash.new(0)
+        sbom["packages"].each do |package|
+          licenses = package["licenseDeclared"].split(",").map(&:strip)
+          licenses.each do |license|
+            license_count[license] += 1
+          end
+        end
+        license_count
+      end
+    end
+  end
+end

data/lib/bundler/sbom/version.rb

@@ -1,5 +1,5 @@
 module Bundler
   module Sbom
-    VERSION = "0.1.5"
+    VERSION = "0.1.6"
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bundler-sbom
 version: !ruby/object:Gem::Version
-  version: 0.1.5
+  version: 0.1.6
 platform: ruby
 authors:
 - SHIBATA Hiroshi
@@ -23,7 +23,7 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '2.0'
-description: Generate CycloneDX SBOM(Software Bill of Materials) files with Bundler
+description: Generate SPDX SBOM(Software Bill of Materials) files with Bundler
 email:
 - hsbt@ruby-lang.org
 executables: []
@@ -31,15 +31,18 @@ extensions: []
 extra_rdoc_files: []
 files:
 - Gemfile
+- LICENSE
 - README.md
 - Rakefile
 - lib/bundler/sbom.rb
 - lib/bundler/sbom/cli.rb
 - lib/bundler/sbom/generator.rb
+- lib/bundler/sbom/reporter.rb
 - lib/bundler/sbom/version.rb
 - plugins.rb
 homepage: https://github.com/hsbt/bundler-sbom
-licenses: []
+licenses:
+- MIT
 metadata:
   homepage_uri: https://github.com/hsbt/bundler-sbom
   source_code_uri: https://github.com/hsbt/bundler-sbom
@@ -61,5 +64,5 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 rubygems_version: 3.6.2
 specification_version: 4
-summary: Generate CycloneDX SBOM(Software Bill of Materials) files with Bundler
+summary: Generate SPDX SBOM(Software Bill of Materials) files with Bundler
 test_files: []