@cyclonedx/cdxgen 10.2.3 → 10.2.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/cdxgen.js +4 -2
- package/package.json +4 -4
- package/utils.js +10 -1
- package/utils.test.js +49 -1
package/bin/cdxgen.js
CHANGED
|
@@ -348,11 +348,13 @@ const applyAdvancedOptions = (options) => {
|
|
|
348
348
|
"oci",
|
|
349
349
|
"android",
|
|
350
350
|
"apk",
|
|
351
|
-
"aab"
|
|
351
|
+
"aab",
|
|
352
|
+
"go",
|
|
353
|
+
"golang"
|
|
352
354
|
].includes(options.projectType)
|
|
353
355
|
) {
|
|
354
356
|
console.log(
|
|
355
|
-
"PREVIEW: post-build lifecycle SBOM generation is supported only for android and
|
|
357
|
+
"PREVIEW: post-build lifecycle SBOM generation is supported only for android, dotnet, and go projects. Please specify the type using the -t argument."
|
|
356
358
|
);
|
|
357
359
|
process.exit(1);
|
|
358
360
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cyclonedx/cdxgen",
|
|
3
|
-
"version": "10.2.
|
|
3
|
+
"version": "10.2.4",
|
|
4
4
|
"description": "Creates CycloneDX Software Bill of Materials (SBOM) from source or container image",
|
|
5
5
|
"homepage": "http://github.com/cyclonedx/cdxgen",
|
|
6
6
|
"author": "Prabhu Subramanian <prabhu@appthreat.com>",
|
|
@@ -57,8 +57,8 @@
|
|
|
57
57
|
"url": "https://github.com/cyclonedx/cdxgen/issues"
|
|
58
58
|
},
|
|
59
59
|
"dependencies": {
|
|
60
|
-
"@babel/parser": "^7.24.
|
|
61
|
-
"@babel/traverse": "^7.24.
|
|
60
|
+
"@babel/parser": "^7.24.1",
|
|
61
|
+
"@babel/traverse": "^7.24.1",
|
|
62
62
|
"@npmcli/arborist": "7.4.0",
|
|
63
63
|
"ajv": "^8.12.0",
|
|
64
64
|
"ajv-formats": "^2.1.1",
|
|
@@ -84,7 +84,7 @@
|
|
|
84
84
|
"yargs": "^17.7.2"
|
|
85
85
|
},
|
|
86
86
|
"optionalDependencies": {
|
|
87
|
-
"@appthreat/atom": "2.0.
|
|
87
|
+
"@appthreat/atom": "2.0.9",
|
|
88
88
|
"@appthreat/cdx-proto": "^0.0.4",
|
|
89
89
|
"@cyclonedx/cdxgen-plugins-bin": "^1.5.8",
|
|
90
90
|
"@cyclonedx/cdxgen-plugins-bin-arm64": "^1.5.8",
|
package/utils.js
CHANGED
|
@@ -6746,7 +6746,16 @@ function purlFromUrlString(type, repoUrl, version) {
|
|
|
6746
6746
|
const pathnameLastElement = pathnameParts.pop();
|
|
6747
6747
|
name = pathnameLastElement.replace(".git", "");
|
|
6748
6748
|
const urlpath = pathnameParts.join("/");
|
|
6749
|
-
namespace = hostname + "
|
|
6749
|
+
namespace = hostname + "/" + urlpath;
|
|
6750
|
+
} else if (repoUrl && repoUrl.startsWith("ssh://git@bitbucket")) {
|
|
6751
|
+
repoUrl = repoUrl.replace("ssh://git@", "");
|
|
6752
|
+
const parts = repoUrl.split(":");
|
|
6753
|
+
const hostname = parts[0];
|
|
6754
|
+
const pathnameParts = parts[1].split("/").slice(1);
|
|
6755
|
+
const pathnameLastElement = pathnameParts.pop();
|
|
6756
|
+
name = pathnameLastElement.replace(".git", "");
|
|
6757
|
+
const urlpath = pathnameParts.join("/");
|
|
6758
|
+
namespace = hostname + "/" + urlpath;
|
|
6750
6759
|
} else if (repoUrl && repoUrl.startsWith("/")) {
|
|
6751
6760
|
const parts = repoUrl.split("/");
|
|
6752
6761
|
name = parts[parts.length - 1];
|
package/utils.test.js
CHANGED
|
@@ -3257,7 +3257,7 @@ test("parse swift deps files", () => {
|
|
|
3257
3257
|
repository: { url: "https://github.com/apple/swift-argument-parser" }
|
|
3258
3258
|
});
|
|
3259
3259
|
pkgList = parseSwiftResolved("./test/data/Package2.resolved");
|
|
3260
|
-
expect(pkgList.length).toEqual(
|
|
3260
|
+
expect(pkgList.length).toEqual(7);
|
|
3261
3261
|
expect(pkgList[0]).toEqual({
|
|
3262
3262
|
name: "swift-argument-parser",
|
|
3263
3263
|
group: "github.com/apple",
|
|
@@ -3280,6 +3280,54 @@ test("parse swift deps files", () => {
|
|
|
3280
3280
|
"bom-ref": "pkg:swift/github.com/apple/swift-argument-parser@1.2.2",
|
|
3281
3281
|
repository: { url: "https://github.com/apple/swift-argument-parser.git" }
|
|
3282
3282
|
});
|
|
3283
|
+
expect(pkgList[4]).toEqual({
|
|
3284
|
+
name: "swift-http-server",
|
|
3285
|
+
group: "github.com/swift",
|
|
3286
|
+
version: "0.7.4",
|
|
3287
|
+
purl: "pkg:swift/github.com/swift/swift-http-server@0.7.4",
|
|
3288
|
+
properties: [{ name: "SrcFile", value: "./test/data/Package2.resolved" }],
|
|
3289
|
+
evidence: {
|
|
3290
|
+
identity: {
|
|
3291
|
+
field: "purl",
|
|
3292
|
+
confidence: 1,
|
|
3293
|
+
methods: [
|
|
3294
|
+
{
|
|
3295
|
+
technique: "manifest-analysis",
|
|
3296
|
+
confidence: 1,
|
|
3297
|
+
value: "./test/data/Package2.resolved"
|
|
3298
|
+
}
|
|
3299
|
+
]
|
|
3300
|
+
}
|
|
3301
|
+
},
|
|
3302
|
+
"bom-ref": "pkg:swift/github.com/swift/swift-http-server@0.7.4",
|
|
3303
|
+
repository: {
|
|
3304
|
+
url: "git@github.com:swift/swift-http-server.git"
|
|
3305
|
+
}
|
|
3306
|
+
});
|
|
3307
|
+
expect(pkgList[5]).toEqual({
|
|
3308
|
+
name: "swift-http-server",
|
|
3309
|
+
group: "bitbucket.org/swift",
|
|
3310
|
+
version: "0.7.4",
|
|
3311
|
+
purl: "pkg:swift/bitbucket.org/swift/swift-http-server@0.7.4",
|
|
3312
|
+
properties: [{ name: "SrcFile", value: "./test/data/Package2.resolved" }],
|
|
3313
|
+
evidence: {
|
|
3314
|
+
identity: {
|
|
3315
|
+
field: "purl",
|
|
3316
|
+
confidence: 1,
|
|
3317
|
+
methods: [
|
|
3318
|
+
{
|
|
3319
|
+
technique: "manifest-analysis",
|
|
3320
|
+
confidence: 1,
|
|
3321
|
+
value: "./test/data/Package2.resolved"
|
|
3322
|
+
}
|
|
3323
|
+
]
|
|
3324
|
+
}
|
|
3325
|
+
},
|
|
3326
|
+
"bom-ref": "pkg:swift/bitbucket.org/swift/swift-http-server@0.7.4",
|
|
3327
|
+
repository: {
|
|
3328
|
+
url: "ssh://git@bitbucket.org:7999/swift/swift-http-server.git"
|
|
3329
|
+
}
|
|
3330
|
+
});
|
|
3283
3331
|
});
|
|
3284
3332
|
|
|
3285
3333
|
test("pypi version solver tests", () => {
|