cyclonedx-ruby 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/bin/cyclonedx-ruby +4 -0
- data/lib/bom_builder.rb +145 -0
- data/lib/bom_helpers.rb +54 -0
- data/lib/licenses.json +434 -0
- metadata +134 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 789745148f02bbf9096f4cff69edd4bc685002a18963bc2aa884c8e9672ec20b
|
4
|
+
data.tar.gz: 60c926690951432f792e56ae26bbf0bcae47d79e2d080824b8a082a356743c27
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 8f0b8e63d08b95c7a38faba23724bcad4767fdfd825088e9854ac33b1482d646834ff4fe5f1f6e891e852384293853a4b3d4a242950921df4ffa5451a46e537b
|
7
|
+
data.tar.gz: 19da07694e83e5ce056cfce3a35dc511dfae41969ff3ad443168ba38a40779f010b13998b72bd5f8bf3cce7fb51bfa0b26b930acb96ff45fa3e1836e2afef562
|
data/bin/cyclonedx-ruby
ADDED
data/lib/bom_builder.rb
ADDED
@@ -0,0 +1,145 @@
|
|
1
|
+
require "bundler"
|
2
|
+
require "fileutils"
|
3
|
+
require "json"
|
4
|
+
require "logger"
|
5
|
+
require "nokogiri"
|
6
|
+
require "optparse"
|
7
|
+
require "ostruct"
|
8
|
+
require "rest_client"
|
9
|
+
require 'securerandom'
|
10
|
+
require_relative "bom_helpers"
|
11
|
+
|
12
|
+
class Bombuilder
|
13
|
+
def self.build(path)
|
14
|
+
original_working_directory = Dir.pwd
|
15
|
+
setup(path)
|
16
|
+
specs_list
|
17
|
+
bom = build_bom(@gems)
|
18
|
+
|
19
|
+
begin
|
20
|
+
@logger.info("Changing directory to the original working directory located at #{original_working_directory}")
|
21
|
+
Dir.chdir original_working_directory
|
22
|
+
rescue => e
|
23
|
+
@logger.error("Unable to change directory the original working directory located at #{original_working_directory}. #{e.message}: #{e.backtrace.join('\n')}")
|
24
|
+
abort
|
25
|
+
end
|
26
|
+
|
27
|
+
bom_directory = File.dirname(@bom_file_path)
|
28
|
+
begin
|
29
|
+
FileUtils.mkdir_p(bom_directory) unless File.directory?(bom_directory)
|
30
|
+
rescue => e
|
31
|
+
@logger.error("Unable to create the directory to hold the BOM output at #{@bom_directory}. #{e.message}: #{e.backtrace.join('\n')}")
|
32
|
+
abort
|
33
|
+
end
|
34
|
+
|
35
|
+
begin
|
36
|
+
@logger.info("Writing BOM to #{@bom_file_path}...")
|
37
|
+
File.open(@bom_file_path, "w") {|file| file.write(bom)}
|
38
|
+
|
39
|
+
if @options[:verbose]
|
40
|
+
@logger.info("#{@gems.size} gems were written to BOM located at #{@bom_file_path}")
|
41
|
+
else
|
42
|
+
puts "#{@gems.size} gems were written to BOM located at #{@bom_file_path}"
|
43
|
+
end
|
44
|
+
rescue => e
|
45
|
+
@logger.error("Unable to write BOM to #{@bom_file_path}. #{e.message}: #{e.backtrace.join('\n')}")
|
46
|
+
abort
|
47
|
+
end
|
48
|
+
end
|
49
|
+
private
|
50
|
+
def self.setup(path)
|
51
|
+
@options = {}
|
52
|
+
OptionParser.new do |opts|
|
53
|
+
opts.banner = "Usage: cyclonedx-ruby [options]"
|
54
|
+
|
55
|
+
opts.on("-v", "--[no-]verbose", "Run verbosely") do |v|
|
56
|
+
@options[:verbose] = v
|
57
|
+
end
|
58
|
+
opts.on("-p", "--path path", "(Required) Path to Ruby project directory") do |path|
|
59
|
+
@options[:path] = path
|
60
|
+
end
|
61
|
+
opts.on("-o", "--output bom_file_path", "(Optional) Path to output the bom.xml file to") do |bom_file_path|
|
62
|
+
@options[:bom_file_path] = bom_file_path
|
63
|
+
end
|
64
|
+
opts.on_tail("-h", "--help", "Show help message") do
|
65
|
+
puts opts
|
66
|
+
exit
|
67
|
+
end
|
68
|
+
end.parse!
|
69
|
+
|
70
|
+
@logger = Logger.new(STDOUT)
|
71
|
+
if @options[:verbose]
|
72
|
+
@logger.level = Logger::INFO
|
73
|
+
else
|
74
|
+
@logger.level = Logger::ERROR
|
75
|
+
end
|
76
|
+
|
77
|
+
@gems = []
|
78
|
+
licenses_file = File.read "#{__dir__}/licenses.json"
|
79
|
+
@licenses_list = JSON.parse(licenses_file)
|
80
|
+
|
81
|
+
if @options[:path].nil?
|
82
|
+
@logger.error("missing path to project directory")
|
83
|
+
abort
|
84
|
+
end
|
85
|
+
|
86
|
+
if !File.directory?(@options[:path])
|
87
|
+
@logger.error("path provided is not a valid directory. path provided was: #{@options[:path]}")
|
88
|
+
abort
|
89
|
+
end
|
90
|
+
|
91
|
+
begin
|
92
|
+
@logger.info("Changing directory to Ruby project directory located at #{@options[:path]}")
|
93
|
+
Dir.chdir @options[:path]
|
94
|
+
rescue => e
|
95
|
+
@logger.error("Unable to change directory to Ruby project directory located at #{@options[:path]}. #{e.message}: #{e.backtrace.join('\n')}")
|
96
|
+
abort
|
97
|
+
end
|
98
|
+
|
99
|
+
if @options[:bom_file_path].nil?
|
100
|
+
@bom_file_path = "./bom.xml"
|
101
|
+
else
|
102
|
+
@bom_file_path = @options[:bom_file_path]
|
103
|
+
end
|
104
|
+
|
105
|
+
@logger.info("BOM will be written to #{@bom_file_path}")
|
106
|
+
|
107
|
+
begin
|
108
|
+
gemfile_path = @options[:path] + "/" + "Gemfile.lock"
|
109
|
+
@logger.info("Parsing specs from #{gemfile_path}...")
|
110
|
+
gemfile_contents = File.read(gemfile_path)
|
111
|
+
@specs = Bundler::LockfileParser.new(gemfile_contents).specs
|
112
|
+
@logger.info("Specs successfully parsed!")
|
113
|
+
rescue => e
|
114
|
+
@logger.error("Unable to parse specs from #{gemfile_path}. #{e.message}: #{e.backtrace.join('\n')}")
|
115
|
+
abort
|
116
|
+
end
|
117
|
+
end
|
118
|
+
|
119
|
+
def self.specs_list
|
120
|
+
count = 0
|
121
|
+
@specs.each do |dependency|
|
122
|
+
object = OpenStruct.new
|
123
|
+
object.name = dependency.name
|
124
|
+
object.version = dependency.version
|
125
|
+
object.purl = purl(object.name, object.version)
|
126
|
+
gem = get_gem(object.name, object.version)
|
127
|
+
next if gem.nil?
|
128
|
+
|
129
|
+
if gem["licenses"] and gem["licenses"].length > 0
|
130
|
+
if @licenses_list.include? gem["licenses"].first
|
131
|
+
object.license_id = gem["licenses"].first
|
132
|
+
else
|
133
|
+
object.license_name = gem["licenses"].first
|
134
|
+
end
|
135
|
+
end
|
136
|
+
|
137
|
+
object.author = gem["authors"]
|
138
|
+
object.description = gem["summary"]
|
139
|
+
object.hash = gem["sha"]
|
140
|
+
@gems.push(object)
|
141
|
+
count += 1
|
142
|
+
@logger.info("#{object.name}:#{object.version} gem added")
|
143
|
+
end
|
144
|
+
end
|
145
|
+
end
|
data/lib/bom_helpers.rb
ADDED
@@ -0,0 +1,54 @@
|
|
1
|
+
def purl(name, version)
|
2
|
+
purl = "pkg:gem/" + name + "@" + version.to_s
|
3
|
+
end
|
4
|
+
|
5
|
+
def random_urn_uuid()
|
6
|
+
random_urn_uuid = "urn:uuid:" + SecureRandom.uuid
|
7
|
+
end
|
8
|
+
|
9
|
+
def build_bom(gems)
|
10
|
+
builder = Nokogiri::XML::Builder.new(:encoding => "UTF-8") do |xml|
|
11
|
+
attributes = {"xmlns" => "http://cyclonedx.org/schema/bom/1.1", "version" => "1", "serialNumber" => random_urn_uuid}
|
12
|
+
xml.bom(attributes) do
|
13
|
+
xml.components {
|
14
|
+
gems.each do |gem|
|
15
|
+
xml.component("type" => "library") {
|
16
|
+
xml.name gem["name"]
|
17
|
+
xml.version gem["version"]
|
18
|
+
xml.description gem["description"]
|
19
|
+
xml.hashes{
|
20
|
+
xml.hash_ gem["hash"], :alg => "SHA-256"
|
21
|
+
}
|
22
|
+
if gem["license_id"]
|
23
|
+
xml.licenses {
|
24
|
+
xml.license{
|
25
|
+
xml.id gem["license_id"]
|
26
|
+
}
|
27
|
+
}
|
28
|
+
elsif gem["license_name"]
|
29
|
+
xml.licenses {
|
30
|
+
xml.license{
|
31
|
+
xml.name gem["license_name"]
|
32
|
+
}
|
33
|
+
}
|
34
|
+
end
|
35
|
+
xml.purl gem["purl"]
|
36
|
+
}
|
37
|
+
end
|
38
|
+
}
|
39
|
+
end
|
40
|
+
end
|
41
|
+
builder.to_xml
|
42
|
+
end
|
43
|
+
|
44
|
+
def get_gem(name, version)
|
45
|
+
url = "https://rubygems.org/api/v1/versions/#{name}.json"
|
46
|
+
begin
|
47
|
+
response = RestClient.get(url)
|
48
|
+
body = JSON.parse(response.body)
|
49
|
+
body.select {|item| item["number"] == version.to_s}.first
|
50
|
+
rescue
|
51
|
+
@logger.warn("#{name} couldn't be fetched")
|
52
|
+
return nil
|
53
|
+
end
|
54
|
+
end
|
data/lib/licenses.json
ADDED
@@ -0,0 +1,434 @@
|
|
1
|
+
[
|
2
|
+
"0BSD",
|
3
|
+
"AAL",
|
4
|
+
"ADSL",
|
5
|
+
"AFL-1.1",
|
6
|
+
"AFL-1.2",
|
7
|
+
"AFL-2.0",
|
8
|
+
"AFL-2.1",
|
9
|
+
"AFL-3.0",
|
10
|
+
"AGPL-1.0",
|
11
|
+
"AGPL-1.0-only",
|
12
|
+
"AGPL-1.0-or-later",
|
13
|
+
"AGPL-3.0",
|
14
|
+
"AGPL-3.0-only",
|
15
|
+
"AGPL-3.0-or-later",
|
16
|
+
"AMDPLPA",
|
17
|
+
"AML",
|
18
|
+
"AMPAS",
|
19
|
+
"ANTLR-PD",
|
20
|
+
"APAFML",
|
21
|
+
"APL-1.0",
|
22
|
+
"APSL-1.0",
|
23
|
+
"APSL-1.1",
|
24
|
+
"APSL-1.2",
|
25
|
+
"APSL-2.0",
|
26
|
+
"Abstyles",
|
27
|
+
"Adobe-2006",
|
28
|
+
"Adobe-Glyph",
|
29
|
+
"Afmparse",
|
30
|
+
"Aladdin",
|
31
|
+
"Apache-1.0",
|
32
|
+
"Apache-1.1",
|
33
|
+
"Apache-2.0",
|
34
|
+
"Artistic-1.0",
|
35
|
+
"Artistic-1.0-Perl",
|
36
|
+
"Artistic-1.0-cl8",
|
37
|
+
"Artistic-2.0",
|
38
|
+
"BSD-1-Clause",
|
39
|
+
"BSD-2-Clause",
|
40
|
+
"BSD-2-Clause-FreeBSD",
|
41
|
+
"BSD-2-Clause-NetBSD",
|
42
|
+
"BSD-2-Clause-Patent",
|
43
|
+
"BSD-3-Clause",
|
44
|
+
"BSD-3-Clause-Attribution",
|
45
|
+
"BSD-3-Clause-Clear",
|
46
|
+
"BSD-3-Clause-LBNL",
|
47
|
+
"BSD-3-Clause-No-Nuclear-License",
|
48
|
+
"BSD-3-Clause-No-Nuclear-License-2014",
|
49
|
+
"BSD-3-Clause-No-Nuclear-Warranty",
|
50
|
+
"BSD-3-Clause-Open-MPI",
|
51
|
+
"BSD-4-Clause",
|
52
|
+
"BSD-4-Clause-UC",
|
53
|
+
"BSD-Protection",
|
54
|
+
"BSD-Source-Code",
|
55
|
+
"BSL-1.0",
|
56
|
+
"Bahyph",
|
57
|
+
"Barr",
|
58
|
+
"Beerware",
|
59
|
+
"BitTorrent-1.0",
|
60
|
+
"BitTorrent-1.1",
|
61
|
+
"BlueOak-1.0.0",
|
62
|
+
"Borceux",
|
63
|
+
"CATOSL-1.1",
|
64
|
+
"CC-BY-1.0",
|
65
|
+
"CC-BY-2.0",
|
66
|
+
"CC-BY-2.5",
|
67
|
+
"CC-BY-3.0",
|
68
|
+
"CC-BY-4.0",
|
69
|
+
"CC-BY-NC-1.0",
|
70
|
+
"CC-BY-NC-2.0",
|
71
|
+
"CC-BY-NC-2.5",
|
72
|
+
"CC-BY-NC-3.0",
|
73
|
+
"CC-BY-NC-4.0",
|
74
|
+
"CC-BY-NC-ND-1.0",
|
75
|
+
"CC-BY-NC-ND-2.0",
|
76
|
+
"CC-BY-NC-ND-2.5",
|
77
|
+
"CC-BY-NC-ND-3.0",
|
78
|
+
"CC-BY-NC-ND-4.0",
|
79
|
+
"CC-BY-NC-SA-1.0",
|
80
|
+
"CC-BY-NC-SA-2.0",
|
81
|
+
"CC-BY-NC-SA-2.5",
|
82
|
+
"CC-BY-NC-SA-3.0",
|
83
|
+
"CC-BY-NC-SA-4.0",
|
84
|
+
"CC-BY-ND-1.0",
|
85
|
+
"CC-BY-ND-2.0",
|
86
|
+
"CC-BY-ND-2.5",
|
87
|
+
"CC-BY-ND-3.0",
|
88
|
+
"CC-BY-ND-4.0",
|
89
|
+
"CC-BY-SA-1.0",
|
90
|
+
"CC-BY-SA-2.0",
|
91
|
+
"CC-BY-SA-2.5",
|
92
|
+
"CC-BY-SA-3.0",
|
93
|
+
"CC-BY-SA-4.0",
|
94
|
+
"CC-PDDC",
|
95
|
+
"CC0-1.0",
|
96
|
+
"CDDL-1.0",
|
97
|
+
"CDDL-1.1",
|
98
|
+
"CDLA-Permissive-1.0",
|
99
|
+
"CDLA-Sharing-1.0",
|
100
|
+
"CECILL-1.0",
|
101
|
+
"CECILL-1.1",
|
102
|
+
"CECILL-2.0",
|
103
|
+
"CECILL-2.1",
|
104
|
+
"CECILL-B",
|
105
|
+
"CECILL-C",
|
106
|
+
"CERN-OHL-1.1",
|
107
|
+
"CERN-OHL-1.2",
|
108
|
+
"CNRI-Jython",
|
109
|
+
"CNRI-Python",
|
110
|
+
"CNRI-Python-GPL-Compatible",
|
111
|
+
"CPAL-1.0",
|
112
|
+
"CPL-1.0",
|
113
|
+
"CPOL-1.02",
|
114
|
+
"CUA-OPL-1.0",
|
115
|
+
"Caldera",
|
116
|
+
"ClArtistic",
|
117
|
+
"Condor-1.1",
|
118
|
+
"Crossword",
|
119
|
+
"CrystalStacker",
|
120
|
+
"Cube",
|
121
|
+
"D-FSL-1.0",
|
122
|
+
"DOC",
|
123
|
+
"DSDP",
|
124
|
+
"Dotseqn",
|
125
|
+
"ECL-1.0",
|
126
|
+
"ECL-2.0",
|
127
|
+
"EFL-1.0",
|
128
|
+
"EFL-2.0",
|
129
|
+
"EPL-1.0",
|
130
|
+
"EPL-2.0",
|
131
|
+
"EUDatagrid",
|
132
|
+
"EUPL-1.0",
|
133
|
+
"EUPL-1.1",
|
134
|
+
"EUPL-1.2",
|
135
|
+
"Entessa",
|
136
|
+
"ErlPL-1.1",
|
137
|
+
"Eurosym",
|
138
|
+
"FSFAP",
|
139
|
+
"FSFUL",
|
140
|
+
"FSFULLR",
|
141
|
+
"FTL",
|
142
|
+
"Fair",
|
143
|
+
"Frameworx-1.0",
|
144
|
+
"FreeImage",
|
145
|
+
"GFDL-1.1",
|
146
|
+
"GFDL-1.1-only",
|
147
|
+
"GFDL-1.1-or-later",
|
148
|
+
"GFDL-1.2",
|
149
|
+
"GFDL-1.2-only",
|
150
|
+
"GFDL-1.2-or-later",
|
151
|
+
"GFDL-1.3",
|
152
|
+
"GFDL-1.3-only",
|
153
|
+
"GFDL-1.3-or-later",
|
154
|
+
"GL2PS",
|
155
|
+
"GPL-1.0",
|
156
|
+
"GPL-1.0+",
|
157
|
+
"GPL-1.0-only",
|
158
|
+
"GPL-1.0-or-later",
|
159
|
+
"GPL-2.0",
|
160
|
+
"GPL-2.0+",
|
161
|
+
"GPL-2.0-only",
|
162
|
+
"GPL-2.0-or-later",
|
163
|
+
"GPL-2.0-with-GCC-exception",
|
164
|
+
"GPL-2.0-with-autoconf-exception",
|
165
|
+
"GPL-2.0-with-bison-exception",
|
166
|
+
"GPL-2.0-with-classpath-exception",
|
167
|
+
"GPL-2.0-with-font-exception",
|
168
|
+
"GPL-3.0",
|
169
|
+
"GPL-3.0+",
|
170
|
+
"GPL-3.0-only",
|
171
|
+
"GPL-3.0-or-later",
|
172
|
+
"GPL-3.0-with-GCC-exception",
|
173
|
+
"GPL-3.0-with-autoconf-exception",
|
174
|
+
"Giftware",
|
175
|
+
"Glide",
|
176
|
+
"Glulxe",
|
177
|
+
"HPND",
|
178
|
+
"HPND-sell-variant",
|
179
|
+
"HaskellReport",
|
180
|
+
"IBM-pibs",
|
181
|
+
"ICU",
|
182
|
+
"IJG",
|
183
|
+
"IPA",
|
184
|
+
"IPL-1.0",
|
185
|
+
"ISC",
|
186
|
+
"ImageMagick",
|
187
|
+
"Imlib2",
|
188
|
+
"Info-ZIP",
|
189
|
+
"Intel",
|
190
|
+
"Intel-ACPI",
|
191
|
+
"Interbase-1.0",
|
192
|
+
"JPNIC",
|
193
|
+
"JSON",
|
194
|
+
"JasPer-2.0",
|
195
|
+
"LAL-1.2",
|
196
|
+
"LAL-1.3",
|
197
|
+
"LGPL-2.0",
|
198
|
+
"LGPL-2.0+",
|
199
|
+
"LGPL-2.0-only",
|
200
|
+
"LGPL-2.0-or-later",
|
201
|
+
"LGPL-2.1",
|
202
|
+
"LGPL-2.1+",
|
203
|
+
"LGPL-2.1-only",
|
204
|
+
"LGPL-2.1-or-later",
|
205
|
+
"LGPL-3.0",
|
206
|
+
"LGPL-3.0+",
|
207
|
+
"LGPL-3.0-only",
|
208
|
+
"LGPL-3.0-or-later",
|
209
|
+
"LGPLLR",
|
210
|
+
"LPL-1.0",
|
211
|
+
"LPL-1.02",
|
212
|
+
"LPPL-1.0",
|
213
|
+
"LPPL-1.1",
|
214
|
+
"LPPL-1.2",
|
215
|
+
"LPPL-1.3a",
|
216
|
+
"LPPL-1.3c",
|
217
|
+
"Latex2e",
|
218
|
+
"Leptonica",
|
219
|
+
"LiLiQ-P-1.1",
|
220
|
+
"LiLiQ-R-1.1",
|
221
|
+
"LiLiQ-Rplus-1.1",
|
222
|
+
"Libpng",
|
223
|
+
"Linux-OpenIB",
|
224
|
+
"MIT",
|
225
|
+
"MIT-0",
|
226
|
+
"MIT-CMU",
|
227
|
+
"MIT-advertising",
|
228
|
+
"MIT-enna",
|
229
|
+
"MIT-feh",
|
230
|
+
"MITNFA",
|
231
|
+
"MPL-1.0",
|
232
|
+
"MPL-1.1",
|
233
|
+
"MPL-2.0",
|
234
|
+
"MPL-2.0-no-copyleft-exception",
|
235
|
+
"MS-PL",
|
236
|
+
"MS-RL",
|
237
|
+
"MTLL",
|
238
|
+
"MakeIndex",
|
239
|
+
"MirOS",
|
240
|
+
"Motosoto",
|
241
|
+
"Multics",
|
242
|
+
"Mup",
|
243
|
+
"NASA-1.3",
|
244
|
+
"NBPL-1.0",
|
245
|
+
"NCSA",
|
246
|
+
"NGPL",
|
247
|
+
"NLOD-1.0",
|
248
|
+
"NLPL",
|
249
|
+
"NOSL",
|
250
|
+
"NPL-1.0",
|
251
|
+
"NPL-1.1",
|
252
|
+
"NPOSL-3.0",
|
253
|
+
"NRL",
|
254
|
+
"NTP",
|
255
|
+
"Naumen",
|
256
|
+
"Net-SNMP",
|
257
|
+
"NetCDF",
|
258
|
+
"Newsletr",
|
259
|
+
"Nokia",
|
260
|
+
"Noweb",
|
261
|
+
"Nunit",
|
262
|
+
"OCCT-PL",
|
263
|
+
"OCLC-2.0",
|
264
|
+
"ODC-By-1.0",
|
265
|
+
"ODbL-1.0",
|
266
|
+
"OFL-1.0",
|
267
|
+
"OFL-1.1",
|
268
|
+
"OGL-UK-1.0",
|
269
|
+
"OGL-UK-2.0",
|
270
|
+
"OGL-UK-3.0",
|
271
|
+
"OGTSL",
|
272
|
+
"OLDAP-1.1",
|
273
|
+
"OLDAP-1.2",
|
274
|
+
"OLDAP-1.3",
|
275
|
+
"OLDAP-1.4",
|
276
|
+
"OLDAP-2.0",
|
277
|
+
"OLDAP-2.0.1",
|
278
|
+
"OLDAP-2.1",
|
279
|
+
"OLDAP-2.2",
|
280
|
+
"OLDAP-2.2.1",
|
281
|
+
"OLDAP-2.2.2",
|
282
|
+
"OLDAP-2.3",
|
283
|
+
"OLDAP-2.4",
|
284
|
+
"OLDAP-2.5",
|
285
|
+
"OLDAP-2.6",
|
286
|
+
"OLDAP-2.7",
|
287
|
+
"OLDAP-2.8",
|
288
|
+
"OML",
|
289
|
+
"OPL-1.0",
|
290
|
+
"OSET-PL-2.1",
|
291
|
+
"OSL-1.0",
|
292
|
+
"OSL-1.1",
|
293
|
+
"OSL-2.0",
|
294
|
+
"OSL-2.1",
|
295
|
+
"OSL-3.0",
|
296
|
+
"OpenSSL",
|
297
|
+
"PDDL-1.0",
|
298
|
+
"PHP-3.0",
|
299
|
+
"PHP-3.01",
|
300
|
+
"Parity-6.0.0",
|
301
|
+
"Plexus",
|
302
|
+
"PostgreSQL",
|
303
|
+
"Python-2.0",
|
304
|
+
"QPL-1.0",
|
305
|
+
"Qhull",
|
306
|
+
"RHeCos-1.1",
|
307
|
+
"RPL-1.1",
|
308
|
+
"RPL-1.5",
|
309
|
+
"RPSL-1.0",
|
310
|
+
"RSA-MD",
|
311
|
+
"RSCPL",
|
312
|
+
"Rdisc",
|
313
|
+
"Ruby",
|
314
|
+
"SAX-PD",
|
315
|
+
"SCEA",
|
316
|
+
"SGI-B-1.0",
|
317
|
+
"SGI-B-1.1",
|
318
|
+
"SGI-B-2.0",
|
319
|
+
"SHL-0.5",
|
320
|
+
"SHL-0.51",
|
321
|
+
"SISSL",
|
322
|
+
"SISSL-1.2",
|
323
|
+
"SMLNJ",
|
324
|
+
"SMPPL",
|
325
|
+
"SNIA",
|
326
|
+
"SPL-1.0",
|
327
|
+
"SSPL-1.0",
|
328
|
+
"SWL",
|
329
|
+
"Saxpath",
|
330
|
+
"Sendmail",
|
331
|
+
"Sendmail-8.23",
|
332
|
+
"SimPL-2.0",
|
333
|
+
"Sleepycat",
|
334
|
+
"Spencer-86",
|
335
|
+
"Spencer-94",
|
336
|
+
"Spencer-99",
|
337
|
+
"StandardML-NJ",
|
338
|
+
"SugarCRM-1.1.3",
|
339
|
+
"TAPR-OHL-1.0",
|
340
|
+
"TCL",
|
341
|
+
"TCP-wrappers",
|
342
|
+
"TMate",
|
343
|
+
"TORQUE-1.1",
|
344
|
+
"TOSL",
|
345
|
+
"TU-Berlin-1.0",
|
346
|
+
"TU-Berlin-2.0",
|
347
|
+
"UPL-1.0",
|
348
|
+
"Unicode-DFS-2015",
|
349
|
+
"Unicode-DFS-2016",
|
350
|
+
"Unicode-TOU",
|
351
|
+
"Unlicense",
|
352
|
+
"VOSTROM",
|
353
|
+
"VSL-1.0",
|
354
|
+
"Vim",
|
355
|
+
"W3C",
|
356
|
+
"W3C-19980720",
|
357
|
+
"W3C-20150513",
|
358
|
+
"WTFPL",
|
359
|
+
"Watcom-1.0",
|
360
|
+
"Wsuipa",
|
361
|
+
"X11",
|
362
|
+
"XFree86-1.1",
|
363
|
+
"XSkat",
|
364
|
+
"Xerox",
|
365
|
+
"Xnet",
|
366
|
+
"YPL-1.0",
|
367
|
+
"YPL-1.1",
|
368
|
+
"ZPL-1.1",
|
369
|
+
"ZPL-2.0",
|
370
|
+
"ZPL-2.1",
|
371
|
+
"Zed",
|
372
|
+
"Zend-2.0",
|
373
|
+
"Zimbra-1.3",
|
374
|
+
"Zimbra-1.4",
|
375
|
+
"Zlib",
|
376
|
+
"blessing",
|
377
|
+
"bzip2-1.0.5",
|
378
|
+
"bzip2-1.0.6",
|
379
|
+
"copyleft-next-0.3.0",
|
380
|
+
"copyleft-next-0.3.1",
|
381
|
+
"curl",
|
382
|
+
"diffmark",
|
383
|
+
"dvipdfm",
|
384
|
+
"eCos-2.0",
|
385
|
+
"eGenix",
|
386
|
+
"gSOAP-1.3b",
|
387
|
+
"gnuplot",
|
388
|
+
"iMatix",
|
389
|
+
"libpng-2.0",
|
390
|
+
"libtiff",
|
391
|
+
"mpich2",
|
392
|
+
"psfrag",
|
393
|
+
"psutils",
|
394
|
+
"wxWindows",
|
395
|
+
"xinetd",
|
396
|
+
"xpp",
|
397
|
+
"zlib-acknowledgement",
|
398
|
+
"Libtool-exception",
|
399
|
+
"Linux-syscall-note",
|
400
|
+
"Autoconf-exception-3.0",
|
401
|
+
"OCCT-exception-1.0",
|
402
|
+
"openvpn-openssl-exception",
|
403
|
+
"gnu-javamail-exception",
|
404
|
+
"OpenJDK-assembly-exception-1.0",
|
405
|
+
"Bison-exception-2.2",
|
406
|
+
"i2p-gpl-java-exception",
|
407
|
+
"Universal-FOSS-exception-1.0",
|
408
|
+
"Qt-LGPL-exception-1.1",
|
409
|
+
"389-exception",
|
410
|
+
"Classpath-exception-2.0",
|
411
|
+
"Fawkes-Runtime-exception",
|
412
|
+
"PS-or-PDF-font-exception-20170817",
|
413
|
+
"Qt-GPL-exception-1.0",
|
414
|
+
"LZMA-exception",
|
415
|
+
"freertos-exception-2.0",
|
416
|
+
"Qwt-exception-1.0",
|
417
|
+
"CLISP-exception-2.0",
|
418
|
+
"FLTK-exception",
|
419
|
+
"Bootloader-exception",
|
420
|
+
"Nokia-Qt-exception-1.1",
|
421
|
+
"LLVM-exception",
|
422
|
+
"WxWindows-exception-3.1",
|
423
|
+
"DigiRule-FOSS-exception",
|
424
|
+
"Swift-exception",
|
425
|
+
"GCC-exception-3.1",
|
426
|
+
"eCos-exception-2.0",
|
427
|
+
"Autoconf-exception-2.0",
|
428
|
+
"GPL-CC-1.0",
|
429
|
+
"Font-exception-2.0",
|
430
|
+
"u-boot-exception-2.0",
|
431
|
+
"GCC-exception-2.0",
|
432
|
+
"mif-exception",
|
433
|
+
"OCaml-LGPL-linking-exception"
|
434
|
+
]
|
metadata
ADDED
@@ -0,0 +1,134 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: cyclonedx-ruby
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Joseph Kobti
|
8
|
+
- Steve Springett
|
9
|
+
autorequire:
|
10
|
+
bindir: bin
|
11
|
+
cert_chain: []
|
12
|
+
date: 2019-07-12 00:00:00.000000000 Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: json
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
17
|
+
requirements:
|
18
|
+
- - "~>"
|
19
|
+
- !ruby/object:Gem::Version
|
20
|
+
version: '2.2'
|
21
|
+
type: :runtime
|
22
|
+
prerelease: false
|
23
|
+
version_requirements: !ruby/object:Gem::Requirement
|
24
|
+
requirements:
|
25
|
+
- - "~>"
|
26
|
+
- !ruby/object:Gem::Version
|
27
|
+
version: '2.2'
|
28
|
+
- !ruby/object:Gem::Dependency
|
29
|
+
name: nokogiri
|
30
|
+
requirement: !ruby/object:Gem::Requirement
|
31
|
+
requirements:
|
32
|
+
- - "~>"
|
33
|
+
- !ruby/object:Gem::Version
|
34
|
+
version: '1.8'
|
35
|
+
type: :runtime
|
36
|
+
prerelease: false
|
37
|
+
version_requirements: !ruby/object:Gem::Requirement
|
38
|
+
requirements:
|
39
|
+
- - "~>"
|
40
|
+
- !ruby/object:Gem::Version
|
41
|
+
version: '1.8'
|
42
|
+
- !ruby/object:Gem::Dependency
|
43
|
+
name: ostruct
|
44
|
+
requirement: !ruby/object:Gem::Requirement
|
45
|
+
requirements:
|
46
|
+
- - "~>"
|
47
|
+
- !ruby/object:Gem::Version
|
48
|
+
version: '0.1'
|
49
|
+
type: :runtime
|
50
|
+
prerelease: false
|
51
|
+
version_requirements: !ruby/object:Gem::Requirement
|
52
|
+
requirements:
|
53
|
+
- - "~>"
|
54
|
+
- !ruby/object:Gem::Version
|
55
|
+
version: '0.1'
|
56
|
+
- !ruby/object:Gem::Dependency
|
57
|
+
name: rest-client
|
58
|
+
requirement: !ruby/object:Gem::Requirement
|
59
|
+
requirements:
|
60
|
+
- - "~>"
|
61
|
+
- !ruby/object:Gem::Version
|
62
|
+
version: '2.0'
|
63
|
+
type: :runtime
|
64
|
+
prerelease: false
|
65
|
+
version_requirements: !ruby/object:Gem::Requirement
|
66
|
+
requirements:
|
67
|
+
- - "~>"
|
68
|
+
- !ruby/object:Gem::Version
|
69
|
+
version: '2.0'
|
70
|
+
- !ruby/object:Gem::Dependency
|
71
|
+
name: rake
|
72
|
+
requirement: !ruby/object:Gem::Requirement
|
73
|
+
requirements:
|
74
|
+
- - "~>"
|
75
|
+
- !ruby/object:Gem::Version
|
76
|
+
version: '12'
|
77
|
+
type: :development
|
78
|
+
prerelease: false
|
79
|
+
version_requirements: !ruby/object:Gem::Requirement
|
80
|
+
requirements:
|
81
|
+
- - "~>"
|
82
|
+
- !ruby/object:Gem::Version
|
83
|
+
version: '12'
|
84
|
+
- !ruby/object:Gem::Dependency
|
85
|
+
name: rspec
|
86
|
+
requirement: !ruby/object:Gem::Requirement
|
87
|
+
requirements:
|
88
|
+
- - "~>"
|
89
|
+
- !ruby/object:Gem::Version
|
90
|
+
version: '3.7'
|
91
|
+
type: :development
|
92
|
+
prerelease: false
|
93
|
+
version_requirements: !ruby/object:Gem::Requirement
|
94
|
+
requirements:
|
95
|
+
- - "~>"
|
96
|
+
- !ruby/object:Gem::Version
|
97
|
+
version: '3.7'
|
98
|
+
description: CycloneDX is a lightweight software bill-of-material (SBOM) specification
|
99
|
+
designed for use in application security contexts and supply chain component analysis.
|
100
|
+
This Gem generates CycloneDX BOMs from Ruby projects.
|
101
|
+
email: josephkobti@outlook.com
|
102
|
+
executables:
|
103
|
+
- cyclonedx-ruby
|
104
|
+
extensions: []
|
105
|
+
extra_rdoc_files: []
|
106
|
+
files:
|
107
|
+
- bin/cyclonedx-ruby
|
108
|
+
- lib/bom_builder.rb
|
109
|
+
- lib/bom_helpers.rb
|
110
|
+
- lib/licenses.json
|
111
|
+
homepage: https://github.com/CycloneDX/cyclonedx-ruby-gem
|
112
|
+
licenses:
|
113
|
+
- Apache-2.0
|
114
|
+
metadata: {}
|
115
|
+
post_install_message:
|
116
|
+
rdoc_options: []
|
117
|
+
require_paths:
|
118
|
+
- lib
|
119
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
120
|
+
requirements:
|
121
|
+
- - ">="
|
122
|
+
- !ruby/object:Gem::Version
|
123
|
+
version: '0'
|
124
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
125
|
+
requirements:
|
126
|
+
- - ">="
|
127
|
+
- !ruby/object:Gem::Version
|
128
|
+
version: '0'
|
129
|
+
requirements: []
|
130
|
+
rubygems_version: 3.0.3
|
131
|
+
signing_key:
|
132
|
+
specification_version: 4
|
133
|
+
summary: CycloneDX software bill-of-material (SBoM) generation utility
|
134
|
+
test_files: []
|