@cyclonedx/cdxgen 10.3.5 → 10.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (45) hide show
  1. package/README.md +2 -4
  2. package/analyzer.js +18 -18
  3. package/bin/cdxgen.js +78 -77
  4. package/bin/evinse.js +26 -26
  5. package/bin/repl.js +56 -62
  6. package/bin/verify.js +9 -9
  7. package/binary.js +55 -54
  8. package/cbomutils.js +6 -6
  9. package/db.js +17 -17
  10. package/display.js +30 -30
  11. package/display.test.js +2 -2
  12. package/docker.js +92 -89
  13. package/docker.test.js +30 -30
  14. package/envcontext.js +15 -15
  15. package/envcontext.test.js +1 -1
  16. package/evinser.js +94 -93
  17. package/evinser.test.js +24 -24
  18. package/index.js +522 -482
  19. package/package.json +8 -16
  20. package/piptree.js +6 -6
  21. package/postgen.js +2 -2
  22. package/postgen.test.js +5 -5
  23. package/protobom.js +37 -7
  24. package/protobom.test.js +6 -6
  25. package/server.js +16 -16
  26. package/types/analyzer.d.ts +7 -4
  27. package/types/binary.d.ts +12 -8
  28. package/types/cbomutils.d.ts +1 -1
  29. package/types/db.d.ts +23 -11
  30. package/types/display.d.ts +1 -1
  31. package/types/docker.d.ts +52 -32
  32. package/types/envcontext.d.ts +40 -40
  33. package/types/evinser.d.ts +3436 -717
  34. package/types/index.d.ts +66 -40
  35. package/types/jest.config.d.ts +2 -2
  36. package/types/piptree.d.ts +6 -2
  37. package/types/postgen.d.ts +1 -1
  38. package/types/protobom.d.ts +7 -3
  39. package/types/protobom.d.ts.map +1 -1
  40. package/types/server.d.ts +1 -1
  41. package/types/utils.d.ts +496 -302
  42. package/types/validator.d.ts +1 -1
  43. package/utils.js +742 -675
  44. package/utils.test.js +716 -674
  45. package/validator.js +20 -17
package/index.js CHANGED
@@ -1,11 +1,8 @@
1
- import { platform as _platform, homedir, tmpdir } from "node:os";
2
- import process from "node:process";
3
1
  import { Buffer } from "node:buffer";
4
- import { basename, dirname, join, resolve, sep } from "node:path";
5
- import { parse } from "ssri";
2
+ import { spawnSync } from "node:child_process";
6
3
  import {
7
- accessSync,
8
4
  constants,
5
+ accessSync,
9
6
  existsSync,
10
7
  lstatSync,
11
8
  mkdirSync,
@@ -14,11 +11,23 @@ import {
14
11
  rmSync,
15
12
  statSync,
16
13
  unlinkSync,
17
- writeFileSync
14
+ writeFileSync,
18
15
  } from "node:fs";
16
+ import { platform as _platform, homedir, tmpdir } from "node:os";
17
+ import { basename, dirname, join, resolve, sep } from "node:path";
18
+ import process from "node:process";
19
+ import { URL, fileURLToPath } from "node:url";
19
20
  import got from "got";
20
- import { v4 as uuidv4 } from "uuid";
21
21
  import { PackageURL } from "packageurl-js";
22
+ import { parse } from "ssri";
23
+ import { v4 as uuidv4 } from "uuid";
24
+ import {
25
+ collectEnvInfo,
26
+ getBranch,
27
+ getOriginUrl,
28
+ gitTreeHashes,
29
+ listFiles,
30
+ } from "./envcontext.js";
22
31
  import {
23
32
  CLJ_CMD,
24
33
  DEBUG_MODE,
@@ -53,6 +62,7 @@ import {
53
62
  getPyMetadata,
54
63
  getPyModules,
55
64
  getSwiftPackageMetadata,
65
+ getTimestamp,
56
66
  includeMavenTestScope,
57
67
  parseBazelActionGraph,
58
68
  parseBazelSkyframe,
@@ -114,17 +124,8 @@ import {
114
124
  parseSwiftJsonTree,
115
125
  parseSwiftResolved,
116
126
  parseYarnLock,
117
- readZipEntry
127
+ readZipEntry,
118
128
  } from "./utils.js";
119
- import {
120
- collectEnvInfo,
121
- gitTreeHashes,
122
- getBranch,
123
- getOriginUrl,
124
- listFiles
125
- } from "./envcontext.js";
126
- import { spawnSync } from "node:child_process";
127
- import { URL, fileURLToPath } from "node:url";
128
129
  let url = import.meta.url;
129
130
  if (!url.startsWith("file://")) {
130
131
  url = new URL(`file://${import.meta.url}`).toString();
@@ -132,26 +133,26 @@ if (!url.startsWith("file://")) {
132
133
  const dirName = import.meta ? dirname(fileURLToPath(url)) : __dirname;
133
134
 
134
135
  const selfPJson = JSON.parse(
135
- readFileSync(join(dirName, "package.json"), "utf-8")
136
+ readFileSync(join(dirName, "package.json"), "utf-8"),
136
137
  );
137
138
  const _version = selfPJson.version;
138
- import { findJSImportsExports } from "./analyzer.js";
139
139
  import { gte, lte } from "semver";
140
- import {
141
- addSkippedSrcFiles,
142
- exportArchive,
143
- exportImage,
144
- getPkgPathList,
145
- parseImageName
146
- } from "./docker.js";
140
+ import { findJSImportsExports } from "./analyzer.js";
147
141
  import {
148
142
  executeOsQuery,
143
+ getBinaryBom,
149
144
  getCargoAuditableInfo,
150
145
  getDotnetSlices,
151
146
  getOSPackages,
152
- getBinaryBom
153
147
  } from "./binary.js";
154
148
  import { collectOSCryptoLibs } from "./cbomutils.js";
149
+ import {
150
+ addSkippedSrcFiles,
151
+ exportArchive,
152
+ exportImage,
153
+ getPkgPathList,
154
+ parseImageName,
155
+ } from "./docker.js";
155
156
 
156
157
  const isWin = _platform() === "win32";
157
158
 
@@ -159,22 +160,22 @@ let osQueries = {};
159
160
  switch (_platform()) {
160
161
  case "win32":
161
162
  osQueries = JSON.parse(
162
- readFileSync(join(dirName, "data", "queries-win.json"), "utf-8")
163
+ readFileSync(join(dirName, "data", "queries-win.json"), "utf-8"),
163
164
  );
164
165
  break;
165
166
  case "darwin":
166
167
  osQueries = JSON.parse(
167
- readFileSync(join(dirName, "data", "queries-darwin.json"), "utf-8")
168
+ readFileSync(join(dirName, "data", "queries-darwin.json"), "utf-8"),
168
169
  );
169
170
  break;
170
171
  default:
171
172
  osQueries = JSON.parse(
172
- readFileSync(join(dirName, "data", "queries.json"), "utf-8")
173
+ readFileSync(join(dirName, "data", "queries.json"), "utf-8"),
173
174
  );
174
175
  break;
175
176
  }
176
177
  const cosDbQueries = JSON.parse(
177
- readFileSync(join(dirName, "data", "cosdb-queries.json"), "utf-8")
178
+ readFileSync(join(dirName, "data", "cosdb-queries.json"), "utf-8"),
178
179
  );
179
180
 
180
181
  import { table } from "table";
@@ -188,7 +189,7 @@ if (process.env.GRADLE_USER_HOME) {
188
189
  process.env.GRADLE_USER_HOME,
189
190
  "caches",
190
191
  "modules-2",
191
- "files-2.1"
192
+ "files-2.1",
192
193
  );
193
194
  }
194
195
 
@@ -210,7 +211,7 @@ const HASH_PATTERN =
210
211
  const createDefaultParentComponent = (
211
212
  path,
212
213
  type = "application",
213
- options = {}
214
+ options = {},
214
215
  ) => {
215
216
  // Expands any relative path such as dot
216
217
  path = resolve(path);
@@ -225,7 +226,7 @@ const createDefaultParentComponent = (
225
226
  group: options.projectGroup || "",
226
227
  name: options.projectName || dirNameStr,
227
228
  version: "" + options.projectVersion || "latest",
228
- type: "application"
229
+ type: "application",
229
230
  };
230
231
  const ppurl = new PackageURL(
231
232
  type,
@@ -233,7 +234,7 @@ const createDefaultParentComponent = (
233
234
  parentComponent.name,
234
235
  parentComponent.version,
235
236
  null,
236
- null
237
+ null,
237
238
  ).toString();
238
239
  parentComponent["bom-ref"] = decodeURIComponent(ppurl);
239
240
  parentComponent["purl"] = ppurl;
@@ -249,7 +250,7 @@ const determineParentComponent = (options) => {
249
250
  group: options.projectGroup || "",
250
251
  name: options.projectName,
251
252
  version: "" + options.projectVersion || "",
252
- type: "application"
253
+ type: "application",
253
254
  };
254
255
  const ppurl = new PackageURL(
255
256
  parentComponent.type,
@@ -257,7 +258,7 @@ const determineParentComponent = (options) => {
257
258
  parentComponent.name,
258
259
  parentComponent.version,
259
260
  null,
260
- null
261
+ null,
261
262
  ).toString();
262
263
  parentComponent["bom-ref"] = decodeURIComponent(ppurl);
263
264
  parentComponent["purl"] = ppurl;
@@ -265,30 +266,45 @@ const determineParentComponent = (options) => {
265
266
  return parentComponent;
266
267
  };
267
268
 
268
- const addToolsSection = (options) => {
269
+ const addToolsSection = (options, context = {}) => {
269
270
  if (options.specVersion === 1.4) {
270
271
  return [
271
272
  {
272
273
  vendor: "cyclonedx",
273
274
  name: "cdxgen",
274
- version: _version
275
- }
275
+ version: _version,
276
+ },
276
277
  ];
277
278
  }
278
- return {
279
- components: [
280
- {
281
- group: "@cyclonedx",
282
- name: "cdxgen",
283
- version: _version,
284
- purl: `pkg:npm/%40cyclonedx/cdxgen@${_version}`,
285
- type: "application",
286
- "bom-ref": `pkg:npm/@cyclonedx/cdxgen@${_version}`,
287
- author: "OWASP Foundation",
288
- publisher: "OWASP Foundation"
279
+ let components = [];
280
+ const tools = options.tools || context.tools || [];
281
+ // tools can be an object or array
282
+ if (Array.isArray(tools) && tools.length) {
283
+ // cyclonedx-maven-plugin has the legacy tools metadata which needs to be patched
284
+ for (const tool of tools) {
285
+ if (!tool.type) {
286
+ tool.type = "application";
287
+ if (tool.vendor) {
288
+ tool.publisher = tool.vendor;
289
+ delete tool.vendor;
290
+ }
289
291
  }
290
- ]
291
- };
292
+ }
293
+ components = components.concat(tools);
294
+ } else if (tools && Object.keys(tools).length && tools.components) {
295
+ components = components.concat(tools.components);
296
+ }
297
+ components.push({
298
+ group: "@cyclonedx",
299
+ name: "cdxgen",
300
+ version: _version,
301
+ purl: `pkg:npm/%40cyclonedx/cdxgen@${_version}`,
302
+ type: "application",
303
+ "bom-ref": `pkg:npm/@cyclonedx/cdxgen@${_version}`,
304
+ author: "OWASP Foundation",
305
+ publisher: "OWASP Foundation",
306
+ });
307
+ return { components };
292
308
  };
293
309
 
294
310
  const componentToSimpleFullName = (comp) => {
@@ -378,18 +394,18 @@ const addFormulationSection = (options) => {
378
394
  name: "git-parent",
379
395
  description: "Artifact Dependency Graph (ADG) parent.",
380
396
  "bom-ref": parentOmniborId,
381
- omniborId: [parentOmniborId]
397
+ omniborId: [parentOmniborId],
382
398
  });
383
399
  components.push({
384
400
  type: "file",
385
401
  name: "git-tree",
386
402
  description: "Artifact Dependency Graph (ADG) tree.",
387
403
  "bom-ref": treeOmniborId,
388
- omniborId: [treeOmniborId]
404
+ omniborId: [treeOmniborId],
389
405
  });
390
406
  provides.push({
391
407
  ref: parentOmniborId,
392
- provides: [treeOmniborId]
408
+ provides: [treeOmniborId],
393
409
  });
394
410
  }
395
411
  if (gitBranch && originUrl && gitFiles) {
@@ -400,20 +416,20 @@ const addFormulationSection = (options) => {
400
416
  type: "file",
401
417
  name: f.name,
402
418
  version: f.hash,
403
- omniborId: [f.ref]
419
+ omniborId: [f.ref],
404
420
  }
405
421
  : {
406
422
  type: "file",
407
423
  name: f.name,
408
- version: f.hash
409
- }
424
+ version: f.hash,
425
+ },
410
426
  );
411
427
  components = components.concat(gitFileComponents);
412
428
  // Complete the Artifact Dependency Graph
413
429
  if (options.specVersion >= 1.6 && treeOmniborId) {
414
430
  provides.push({
415
431
  ref: treeOmniborId,
416
- provides: gitFiles.map((f) => f.ref)
432
+ provides: gitFiles.map((f) => f.ref),
417
433
  });
418
434
  }
419
435
  // Collect build environment details
@@ -442,7 +458,7 @@ const addFormulationSection = (options) => {
442
458
  ) {
443
459
  environmentVars.push({
444
460
  name: aevar,
445
- value: process.env[aevar]
461
+ value: process.env[aevar],
446
462
  });
447
463
  }
448
464
  }
@@ -456,11 +472,11 @@ const addFormulationSection = (options) => {
456
472
  inputs: [
457
473
  {
458
474
  source: { ref: originUrl },
459
- environmentVars
460
- }
475
+ environmentVars,
476
+ },
461
477
  ],
462
- taskTypes: ["build", "clone"]
463
- }
478
+ taskTypes: ["build", "clone"],
479
+ },
464
480
  ];
465
481
  formulation.push(aformulation);
466
482
  }
@@ -471,18 +487,18 @@ const addFormulationSection = (options) => {
471
487
  * Function to create metadata block
472
488
  *
473
489
  */
474
- function addMetadata(parentComponent = {}, options = {}) {
490
+ function addMetadata(parentComponent = {}, options = {}, context = {}) {
475
491
  // DO NOT fork this project to just change the vendor or author's name
476
492
  // Try to contribute to this project by sending PR or filing issues
477
- const tools = addToolsSection(options);
493
+ const tools = addToolsSection(options, context);
478
494
  const authors = addAuthorsSection(options);
479
495
  const lifecycles =
480
496
  options.specVersion >= 1.5 ? addLifecyclesSection(options) : undefined;
481
497
  const metadata = {
482
- timestamp: new Date().toISOString(),
498
+ timestamp: getTimestamp(),
483
499
  tools,
484
500
  authors,
485
- supplier: undefined
501
+ supplier: undefined,
486
502
  };
487
503
  if (lifecycles) {
488
504
  metadata.lifecycles = lifecycles;
@@ -519,7 +535,7 @@ function addMetadata(parentComponent = {}, options = {}) {
519
535
  ) {
520
536
  if (!comp["bom-ref"]) {
521
537
  comp["bom-ref"] = `pkg:${comp.type}/${decodeURIComponent(
522
- fullName
538
+ fullName,
523
539
  )}`;
524
540
  }
525
541
  if (!addedSubComponents[comp["bom-ref"]]) {
@@ -541,7 +557,7 @@ function addMetadata(parentComponent = {}, options = {}) {
541
557
  if (inspectData.Id) {
542
558
  mproperties.push({
543
559
  name: "oci:image:Id",
544
- value: inspectData.Id
560
+ value: inspectData.Id,
545
561
  });
546
562
  }
547
563
  if (
@@ -551,7 +567,7 @@ function addMetadata(parentComponent = {}, options = {}) {
551
567
  ) {
552
568
  mproperties.push({
553
569
  name: "oci:image:RepoTag",
554
- value: inspectData.RepoTags[0]
570
+ value: inspectData.RepoTags[0],
555
571
  });
556
572
  }
557
573
  if (
@@ -561,25 +577,25 @@ function addMetadata(parentComponent = {}, options = {}) {
561
577
  ) {
562
578
  mproperties.push({
563
579
  name: "oci:image:RepoDigest",
564
- value: inspectData.RepoDigests[0]
580
+ value: inspectData.RepoDigests[0],
565
581
  });
566
582
  }
567
583
  if (inspectData.Created) {
568
584
  mproperties.push({
569
585
  name: "oci:image:Created",
570
- value: inspectData.Created
586
+ value: inspectData.Created,
571
587
  });
572
588
  }
573
589
  if (inspectData.Architecture) {
574
590
  mproperties.push({
575
591
  name: "oci:image:Architecture",
576
- value: inspectData.Architecture
592
+ value: inspectData.Architecture,
577
593
  });
578
594
  }
579
595
  if (inspectData.Os) {
580
596
  mproperties.push({
581
597
  name: "oci:image:Os",
582
- value: inspectData.Os
598
+ value: inspectData.Os,
583
599
  });
584
600
  }
585
601
  }
@@ -589,7 +605,7 @@ function addMetadata(parentComponent = {}, options = {}) {
589
605
  if (manifest.Config) {
590
606
  mproperties.push({
591
607
  name: "oci:image:manifest:Config",
592
- value: manifest.Config
608
+ value: manifest.Config,
593
609
  });
594
610
  }
595
611
  if (
@@ -599,7 +615,7 @@ function addMetadata(parentComponent = {}, options = {}) {
599
615
  ) {
600
616
  mproperties.push({
601
617
  name: "oci:image:manifest:Layers",
602
- value: manifest.Layers.join("\\n")
618
+ value: manifest.Layers.join("\\n"),
603
619
  });
604
620
  }
605
621
  }
@@ -608,19 +624,19 @@ function addMetadata(parentComponent = {}, options = {}) {
608
624
  if (lastLayerConfig.id) {
609
625
  mproperties.push({
610
626
  name: "oci:image:lastLayer:Id",
611
- value: lastLayerConfig.id
627
+ value: lastLayerConfig.id,
612
628
  });
613
629
  }
614
630
  if (lastLayerConfig.parent) {
615
631
  mproperties.push({
616
632
  name: "oci:image:lastLayer:ParentId",
617
- value: lastLayerConfig.parent
633
+ value: lastLayerConfig.parent,
618
634
  });
619
635
  }
620
636
  if (lastLayerConfig.created) {
621
637
  mproperties.push({
622
638
  name: "oci:image:lastLayer:Created",
623
- value: lastLayerConfig.created
639
+ value: lastLayerConfig.created,
624
640
  });
625
641
  }
626
642
  if (lastLayerConfig.config) {
@@ -628,14 +644,14 @@ function addMetadata(parentComponent = {}, options = {}) {
628
644
  if (env && Array.isArray(env) && env.length) {
629
645
  mproperties.push({
630
646
  name: "oci:image:lastLayer:Env",
631
- value: env.join("\\n")
647
+ value: env.join("\\n"),
632
648
  });
633
649
  }
634
650
  const ccmd = lastLayerConfig.config.Cmd;
635
651
  if (ccmd && Array.isArray(ccmd) && ccmd.length) {
636
652
  mproperties.push({
637
653
  name: "oci:image:lastLayer:Cmd",
638
- value: ccmd.join(" ")
654
+ value: ccmd.join(" "),
639
655
  });
640
656
  }
641
657
  }
@@ -644,7 +660,7 @@ function addMetadata(parentComponent = {}, options = {}) {
644
660
  if (options.allOSComponentTypes && options.allOSComponentTypes.length) {
645
661
  mproperties.push({
646
662
  name: "oci:image:componentTypes",
647
- value: options.allOSComponentTypes.join("\\n")
663
+ value: options.allOSComponentTypes.join("\\n"),
648
664
  });
649
665
  }
650
666
 
@@ -662,7 +678,7 @@ function addMetadata(parentComponent = {}, options = {}) {
662
678
  * @returns {Array}
663
679
  */
664
680
  function addExternalReferences(opkg) {
665
- const externalReferences = [];
681
+ let externalReferences = [];
666
682
  let pkgList = [];
667
683
  if (Array.isArray(opkg)) {
668
684
  pkgList = opkg;
@@ -671,24 +687,24 @@ function addExternalReferences(opkg) {
671
687
  }
672
688
  for (const pkg of pkgList) {
673
689
  if (pkg.externalReferences) {
674
- externalReferences.concat(pkg.externalReferences);
690
+ externalReferences = externalReferences.concat(pkg.externalReferences);
675
691
  } else {
676
692
  if (pkg.homepage && pkg.homepage.url) {
677
693
  externalReferences.push({
678
694
  type: pkg.homepage.url.includes("git") ? "vcs" : "website",
679
- url: pkg.homepage.url
695
+ url: pkg.homepage.url,
680
696
  });
681
697
  }
682
698
  if (pkg.bugs && pkg.bugs.url) {
683
699
  externalReferences.push({
684
700
  type: "issue-tracker",
685
- url: pkg.bugs.url
701
+ url: pkg.bugs.url,
686
702
  });
687
703
  }
688
704
  if (pkg.repository && pkg.repository.url) {
689
705
  externalReferences.push({
690
706
  type: "vcs",
691
- url: pkg.repository.url
707
+ url: pkg.repository.url,
692
708
  });
693
709
  }
694
710
  }
@@ -728,7 +744,7 @@ function addComponent(
728
744
  pkg,
729
745
  ptype,
730
746
  compMap,
731
- isRootPkg = false
747
+ isRootPkg = false,
732
748
  ) {
733
749
  if (!pkg || pkg.extraneous) {
734
750
  return;
@@ -758,7 +774,7 @@ function addComponent(
758
774
  encodeForPurl(name),
759
775
  version,
760
776
  pkg.qualifiers,
761
- encodeForPurl(pkg.subpath)
777
+ encodeForPurl(pkg.subpath),
762
778
  );
763
779
  // There is no purl for cryptographic-asset
764
780
  if (ptype == "cryptographic-asset") {
@@ -792,7 +808,7 @@ function addComponent(
792
808
  hashes: [],
793
809
  licenses,
794
810
  purl: purlString,
795
- externalReferences: addExternalReferences(pkg)
811
+ externalReferences: addExternalReferences(pkg),
796
812
  };
797
813
 
798
814
  component["type"] = determinePackageType(pkg);
@@ -869,7 +885,7 @@ function determinePackageType(pkg) {
869
885
  "file",
870
886
  "machine-learning-model",
871
887
  "data",
872
- "cryptographic-asset"
888
+ "cryptographic-asset",
873
889
  ].includes(pkg.type)
874
890
  ) {
875
891
  return pkg.type;
@@ -993,7 +1009,7 @@ const buildBomNSData = (options, pkgInfo, ptype, context) => {
993
1009
  bomJsonFiles: undefined,
994
1010
  nsMapping: undefined,
995
1011
  dependencies: undefined,
996
- parentComponent: undefined
1012
+ parentComponent: undefined,
997
1013
  };
998
1014
  const serialNum = "urn:uuid:" + uuidv4();
999
1015
  let allImports = {};
@@ -1004,7 +1020,7 @@ const buildBomNSData = (options, pkgInfo, ptype, context) => {
1004
1020
  const dependencies = context.dependencies || [];
1005
1021
  const parentComponent =
1006
1022
  determineParentComponent(options) || context.parentComponent;
1007
- const metadata = addMetadata(parentComponent, options);
1023
+ const metadata = addMetadata(parentComponent, options, context);
1008
1024
  const components = listComponents(options, allImports, pkgInfo, ptype);
1009
1025
  if (components && (components.length || parentComponent)) {
1010
1026
  // CycloneDX 1.5 Json Template
@@ -1015,7 +1031,7 @@ const buildBomNSData = (options, pkgInfo, ptype, context) => {
1015
1031
  version: 1,
1016
1032
  metadata: metadata,
1017
1033
  components,
1018
- dependencies
1034
+ dependencies,
1019
1035
  };
1020
1036
  const formulationData = addFormulationSection(options);
1021
1037
  const formulation =
@@ -1025,18 +1041,6 @@ const buildBomNSData = (options, pkgInfo, ptype, context) => {
1025
1041
  if (formulation) {
1026
1042
  jsonTpl.formulation = formulation;
1027
1043
  }
1028
- if (
1029
- options.specVersion >= 1.6 &&
1030
- options.includeFormulation &&
1031
- formulationData.provides.length
1032
- ) {
1033
- const newDependencies = dependencies.concat(formulationData.provides);
1034
- jsonTpl.dependencies = mergeDependencies(
1035
- dependencies,
1036
- newDependencies,
1037
- metadata.component
1038
- );
1039
- }
1040
1044
  bomNSData.bomJson = jsonTpl;
1041
1045
  bomNSData.nsMapping = nsMapping;
1042
1046
  bomNSData.dependencies = dependencies;
@@ -1063,14 +1067,14 @@ export async function createJarBom(path, options) {
1063
1067
  getGradleCommand(path, null),
1064
1068
  path,
1065
1069
  false,
1066
- true
1070
+ true,
1067
1071
  );
1068
1072
  } else if (options.useMavenCache) {
1069
1073
  nsMapping = await collectMvnDependencies(
1070
1074
  getMavenCommand(path, null),
1071
1075
  null,
1072
1076
  false,
1073
- true
1077
+ true,
1074
1078
  );
1075
1079
  }
1076
1080
  if (path.endsWith(".jar")) {
@@ -1079,14 +1083,14 @@ export async function createJarBom(path, options) {
1079
1083
  jarFiles = getAllFiles(
1080
1084
  path,
1081
1085
  (options.multiProject ? "**/" : "") + "*.[jw]ar",
1082
- options
1086
+ options,
1083
1087
  );
1084
1088
  }
1085
1089
  // Jenkins plugins
1086
1090
  const hpiFiles = getAllFiles(
1087
1091
  path,
1088
1092
  (options.multiProject ? "**/" : "") + "*.hpi",
1089
- options
1093
+ options,
1090
1094
  );
1091
1095
  if (hpiFiles.length) {
1092
1096
  jarFiles = jarFiles.concat(hpiFiles);
@@ -1111,7 +1115,7 @@ export async function createJarBom(path, options) {
1111
1115
  pkgList = pkgList.concat(convertJarNSToPackages(nsMapping));
1112
1116
  return buildBomNSData(options, pkgList, "maven", {
1113
1117
  src: path,
1114
- parentComponent
1118
+ parentComponent,
1115
1119
  });
1116
1120
  }
1117
1121
 
@@ -1137,12 +1141,12 @@ export function createBinaryBom(path, options) {
1137
1141
  getBinaryBom(path, binaryBomFile, options.deep);
1138
1142
  if (existsSync(binaryBomFile)) {
1139
1143
  const binaryBom = JSON.parse(
1140
- readFileSync(binaryBomFile, { encoding: "utf-8" })
1144
+ readFileSync(binaryBomFile, { encoding: "utf-8" }),
1141
1145
  );
1142
1146
  return {
1143
1147
  bomJson: binaryBom,
1144
1148
  dependencies: binaryBom.dependencies,
1145
- parentComponent: binaryBom.parentComponent
1149
+ parentComponent: binaryBom.parentComponent,
1146
1150
  };
1147
1151
  }
1148
1152
  return undefined;
@@ -1161,6 +1165,9 @@ export async function createJavaBom(path, options) {
1161
1165
  // cyclone-dx-maven plugin creates a component for the app under metadata
1162
1166
  // This is subsequently referred to in the dependencies list
1163
1167
  let parentComponent = {};
1168
+ // Support for tracking all the tools that created the BOM
1169
+ // For java, this would correctly include the cyclonedx maven plugin.
1170
+ let tools = undefined;
1164
1171
  // war/ear mode
1165
1172
  if (path.endsWith(".war") || path.endsWith(".jar")) {
1166
1173
  // Check if the file exists
@@ -1187,14 +1194,14 @@ export async function createJavaBom(path, options) {
1187
1194
  filename: path,
1188
1195
  nsMapping: jarNSMapping,
1189
1196
  dependencies,
1190
- parentComponent
1197
+ parentComponent,
1191
1198
  });
1192
1199
  } else {
1193
1200
  // maven - pom.xml
1194
1201
  const pomFiles = getAllFiles(
1195
1202
  path,
1196
1203
  (options.multiProject ? "**/" : "") + "pom.xml",
1197
- options
1204
+ options,
1198
1205
  );
1199
1206
  let bomJsonFiles = [];
1200
1207
  if (
@@ -1219,12 +1226,17 @@ export async function createJavaBom(path, options) {
1219
1226
  const addArgs = process.env.MVN_ARGS.split(" ");
1220
1227
  mvnArgs = mvnArgs.concat(addArgs);
1221
1228
  }
1229
+ // specVersion 1.4 doesn't support externalReferences.type=disribution-intake
1230
+ // so we need to run the plugin with the correct version
1231
+ if (options.specVersion === 1.4) {
1232
+ mvnArgs = mvnArgs.concat("-DschemaVersion=1.4");
1233
+ }
1222
1234
  for (const f of pomFiles) {
1223
1235
  const basePath = dirname(f);
1224
1236
  const settingsXml = join(basePath, "settings.xml");
1225
1237
  if (existsSync(settingsXml)) {
1226
1238
  console.log(
1227
- `maven settings.xml found in ${basePath}. Please set the MVN_ARGS environment variable based on the full mvn build command used for this project.\nExample: MVN_ARGS='--settings ${settingsXml}'`
1239
+ `maven settings.xml found in ${basePath}. Please set the MVN_ARGS environment variable based on the full mvn build command used for this project.\nExample: MVN_ARGS='--settings ${settingsXml}'`,
1228
1240
  );
1229
1241
  }
1230
1242
  const mavenCmd = getMavenCommand(basePath, path);
@@ -1234,7 +1246,7 @@ export async function createJavaBom(path, options) {
1234
1246
  mavenCmd,
1235
1247
  basePath,
1236
1248
  true,
1237
- false
1249
+ false,
1238
1250
  );
1239
1251
  if (tmpjarNSMapping && Object.keys(tmpjarNSMapping).length) {
1240
1252
  jarNSMapping = { ...jarNSMapping, ...tmpjarNSMapping };
@@ -1242,14 +1254,14 @@ export async function createJavaBom(path, options) {
1242
1254
  }
1243
1255
  console.log(
1244
1256
  `Executing '${mavenCmd} ${mvnArgs.join(" ")}' in`,
1245
- basePath
1257
+ basePath,
1246
1258
  );
1247
1259
  let result = spawnSync(mavenCmd, mvnArgs, {
1248
1260
  cwd: basePath,
1249
1261
  shell: true,
1250
1262
  encoding: "utf-8",
1251
1263
  timeout: TIMEOUT_MS,
1252
- maxBuffer: MAX_BUFFER
1264
+ maxBuffer: MAX_BUFFER,
1253
1265
  });
1254
1266
  // Check if the cyclonedx plugin created the required bom.json file
1255
1267
  // Sometimes the plugin fails silently for complex maven projects
@@ -1268,14 +1280,14 @@ export async function createJavaBom(path, options) {
1268
1280
  mvnTreeArgs = mvnTreeArgs.concat(addArgs);
1269
1281
  }
1270
1282
  console.log(
1271
- `Fallback to executing ${mavenCmd} ${mvnTreeArgs.join(" ")}`
1283
+ `Fallback to executing ${mavenCmd} ${mvnTreeArgs.join(" ")}`,
1272
1284
  );
1273
1285
  result = spawnSync(mavenCmd, mvnTreeArgs, {
1274
1286
  cwd: basePath,
1275
1287
  shell: true,
1276
1288
  encoding: "utf-8",
1277
1289
  timeout: TIMEOUT_MS,
1278
- maxBuffer: MAX_BUFFER
1290
+ maxBuffer: MAX_BUFFER,
1279
1291
  });
1280
1292
  if (result.status !== 0 || result.error) {
1281
1293
  // Our approach to recursively invoking the maven plugin for each sub-module is bound to result in failures
@@ -1283,7 +1295,7 @@ export async function createJavaBom(path, options) {
1283
1295
  if (pomFiles.length === 1 || DEBUG_MODE) {
1284
1296
  console.error(result.stdout, result.stderr);
1285
1297
  console.log(
1286
- "Resolve the above maven error. This could be due to the following:\n"
1298
+ "Resolve the above maven error. This could be due to the following:\n",
1287
1299
  );
1288
1300
  if (
1289
1301
  result.stdout &&
@@ -1291,7 +1303,7 @@ export async function createJavaBom(path, options) {
1291
1303
  result.stdout.includes("points at wrong local POM"))
1292
1304
  ) {
1293
1305
  console.log(
1294
- "1. Check if the pom.xml contains valid settings such `parent.relativePath` to make mvn command work from within the sub-directory."
1306
+ "1. Check if the pom.xml contains valid settings such `parent.relativePath` to make mvn command work from within the sub-directory.",
1295
1307
  );
1296
1308
  } else if (
1297
1309
  result.stdout &&
@@ -1299,33 +1311,33 @@ export async function createJavaBom(path, options) {
1299
1311
  result.stdout.includes("no dependency information available"))
1300
1312
  ) {
1301
1313
  console.log(
1302
- "1. Try building the project with 'mvn package -Dmaven.test.skip=true' using the correct version of Java and maven before invoking cdxgen."
1314
+ "1. Try building the project with 'mvn package -Dmaven.test.skip=true' using the correct version of Java and maven before invoking cdxgen.",
1303
1315
  );
1304
1316
  } else if (
1305
1317
  result.stdout &&
1306
1318
  result.stdout.includes(
1307
- "Could not resolve target platform specification"
1319
+ "Could not resolve target platform specification",
1308
1320
  )
1309
1321
  ) {
1310
1322
  console.log(
1311
- "1. Some projects can be built only from the root directory. Invoke cdxgen with --no-recurse option"
1323
+ "1. Some projects can be built only from the root directory. Invoke cdxgen with --no-recurse option",
1312
1324
  );
1313
1325
  } else {
1314
1326
  console.log(
1315
- "1. Java version requirement: cdxgen container image bundles Java 21 with maven 3.9 which might be incompatible."
1327
+ "1. Java version requirement: cdxgen container image bundles Java 21 with maven 3.9 which might be incompatible.",
1316
1328
  );
1317
1329
  }
1318
1330
  console.log(
1319
- "2. Private dependencies cannot be downloaded: Check if any additional arguments must be passed to maven and set them via MVN_ARGS environment variable."
1331
+ "2. Private dependencies cannot be downloaded: Check if any additional arguments must be passed to maven and set them via MVN_ARGS environment variable.",
1320
1332
  );
1321
1333
  console.log(
1322
- "3. Check if all required environment variables including any maven profile arguments are passed correctly to this tool."
1334
+ "3. Check if all required environment variables including any maven profile arguments are passed correctly to this tool.",
1323
1335
  );
1324
1336
  }
1325
1337
  // Do not fall back to methods that can produce incomplete results when failOnError is set
1326
1338
  options.failOnError && process.exit(1);
1327
1339
  console.log(
1328
- "\nFalling back to manual pom.xml parsing. The result would be incomplete!"
1340
+ "\nFalling back to manual pom.xml parsing. The result would be incomplete!",
1329
1341
  );
1330
1342
  const dlist = parsePom(f);
1331
1343
  if (dlist && dlist.length) {
@@ -1334,7 +1346,7 @@ export async function createJavaBom(path, options) {
1334
1346
  } else {
1335
1347
  if (existsSync(tempMvnTree)) {
1336
1348
  const mvnTreeString = readFileSync(tempMvnTree, {
1337
- encoding: "utf-8"
1349
+ encoding: "utf-8",
1338
1350
  });
1339
1351
  const parsedList = parseMavenTree(mvnTreeString);
1340
1352
  const dlist = parsedList.pkgList;
@@ -1359,10 +1371,18 @@ export async function createJavaBom(path, options) {
1359
1371
  }
1360
1372
  bomJsonObj = JSON.parse(
1361
1373
  readFileSync(abjson, {
1362
- encoding: "utf-8"
1363
- })
1374
+ encoding: "utf-8",
1375
+ }),
1364
1376
  );
1365
1377
  if (bomJsonObj) {
1378
+ if (
1379
+ !tools &&
1380
+ bomJsonObj.metadata &&
1381
+ bomJsonObj.metadata.tools &&
1382
+ Array.isArray(bomJsonObj.metadata.tools)
1383
+ ) {
1384
+ tools = bomJsonObj.metadata.tools;
1385
+ }
1366
1386
  if (
1367
1387
  bomJsonObj.metadata &&
1368
1388
  bomJsonObj.metadata.component &&
@@ -1379,7 +1399,7 @@ export async function createJavaBom(path, options) {
1379
1399
  dependencies = mergeDependencies(
1380
1400
  dependencies,
1381
1401
  bomJsonObj.dependencies,
1382
- parentComponent
1402
+ parentComponent,
1383
1403
  );
1384
1404
  }
1385
1405
  }
@@ -1398,7 +1418,8 @@ export async function createJavaBom(path, options) {
1398
1418
  filename: pomFiles.join(", "),
1399
1419
  nsMapping: jarNSMapping,
1400
1420
  dependencies,
1401
- parentComponent
1421
+ parentComponent,
1422
+ tools,
1402
1423
  });
1403
1424
  } else if (bomJsonFiles.length) {
1404
1425
  const bomNSData = {};
@@ -1413,7 +1434,7 @@ export async function createJavaBom(path, options) {
1413
1434
  const gradleFiles = getAllFiles(
1414
1435
  path,
1415
1436
  (options.multiProject ? "**/" : "") + "build.gradle*",
1416
- options
1437
+ options,
1417
1438
  );
1418
1439
  const allProjects = [];
1419
1440
  const allProjectsAddedPurls = [];
@@ -1431,7 +1452,7 @@ export async function createJavaBom(path, options) {
1431
1452
  parentComponent = {
1432
1453
  name: rootProject,
1433
1454
  type: "application",
1434
- ...retMap.metadata
1455
+ ...retMap.metadata,
1435
1456
  };
1436
1457
  const parentPurl = new PackageURL(
1437
1458
  "maven",
@@ -1439,7 +1460,7 @@ export async function createJavaBom(path, options) {
1439
1460
  parentComponent.name,
1440
1461
  parentComponent.version,
1441
1462
  { type: "jar" },
1442
- null
1463
+ null,
1443
1464
  ).toString();
1444
1465
  parentComponent["purl"] = parentPurl;
1445
1466
  parentComponent["bom-ref"] = decodeURIComponent(parentPurl);
@@ -1455,7 +1476,7 @@ export async function createJavaBom(path, options) {
1455
1476
  name: rspName,
1456
1477
  type: "application",
1457
1478
  qualifiers: { type: "jar" },
1458
- ...retMap.metadata
1479
+ ...retMap.metadata,
1459
1480
  };
1460
1481
  const rootSubProjectPurl = new PackageURL(
1461
1482
  "maven",
@@ -1467,7 +1488,7 @@ export async function createJavaBom(path, options) {
1467
1488
  ? retMap.metadata.version
1468
1489
  : parentComponent.version,
1469
1490
  rootSubProjectObj.qualifiers,
1470
- null
1491
+ null,
1471
1492
  ).toString();
1472
1493
  rootSubProjectObj["purl"] = rootSubProjectPurl;
1473
1494
  rootSubProjectObj["bom-ref"] =
@@ -1487,7 +1508,7 @@ export async function createJavaBom(path, options) {
1487
1508
  });
1488
1509
  dependencies.push({
1489
1510
  ref: parentComponent["bom-ref"],
1490
- dependsOn: rootDependsOn
1511
+ dependsOn: rootDependsOn,
1491
1512
  });
1492
1513
  }
1493
1514
  }
@@ -1508,7 +1529,7 @@ export async function createJavaBom(path, options) {
1508
1529
  let gradleDepArgs = [
1509
1530
  sp.purl === parentComponent.purl
1510
1531
  ? depTaskWithArgs[0]
1511
- : `:${sp.name}:${depTaskWithArgs[0]}`
1532
+ : `:${sp.name}:${depTaskWithArgs[0]}`,
1512
1533
  ];
1513
1534
  gradleDepArgs = gradleDepArgs
1514
1535
  .concat(depTaskWithArgs.slice(1))
@@ -1528,13 +1549,13 @@ export async function createJavaBom(path, options) {
1528
1549
  gradleCmd,
1529
1550
  gradleDepArgs.join(" "),
1530
1551
  "in",
1531
- path
1552
+ path,
1532
1553
  );
1533
1554
  const sresult = spawnSync(gradleCmd, gradleDepArgs, {
1534
1555
  cwd: path,
1535
1556
  encoding: "utf-8",
1536
1557
  timeout: TIMEOUT_MS,
1537
- maxBuffer: MAX_BUFFER
1558
+ maxBuffer: MAX_BUFFER,
1538
1559
  });
1539
1560
  if (sresult.status !== 0 || sresult.error) {
1540
1561
  if (options.failOnError || DEBUG_MODE) {
@@ -1551,14 +1572,14 @@ export async function createJavaBom(path, options) {
1551
1572
  sp.name,
1552
1573
  sp.version && sp.version.length && sp.version !== "latest"
1553
1574
  ? sp.version
1554
- : parentComponent.version
1575
+ : parentComponent.version,
1555
1576
  );
1556
1577
  const dlist = parsedList.pkgList;
1557
1578
  if (parsedList.dependenciesList && parsedList.dependenciesList) {
1558
1579
  dependencies = mergeDependencies(
1559
1580
  dependencies,
1560
1581
  parsedList.dependenciesList,
1561
- parentComponent
1582
+ parentComponent,
1562
1583
  );
1563
1584
  }
1564
1585
  if (dlist && dlist.length) {
@@ -1567,7 +1588,7 @@ export async function createJavaBom(path, options) {
1567
1588
  "Found",
1568
1589
  dlist.length,
1569
1590
  "packages in gradle project",
1570
- sp.name
1591
+ sp.name,
1571
1592
  );
1572
1593
  }
1573
1594
  pkgList = pkgList.concat(dlist);
@@ -1578,18 +1599,18 @@ export async function createJavaBom(path, options) {
1578
1599
  if (parentComponent.components && parentComponent.components.length) {
1579
1600
  for (const subProj of parentComponent.components) {
1580
1601
  pkgList = pkgList.filter(
1581
- (pkg) => pkg["bom-ref"] !== subProj["bom-ref"]
1602
+ (pkg) => pkg["bom-ref"] !== subProj["bom-ref"],
1582
1603
  );
1583
1604
  }
1584
1605
  }
1585
1606
  console.log(
1586
1607
  "Obtained",
1587
1608
  pkgList.length,
1588
- "from this gradle project. De-duping this list ..."
1609
+ "from this gradle project. De-duping this list ...",
1589
1610
  );
1590
1611
  } else {
1591
1612
  console.log(
1592
- "No packages found. Set the environment variable 'CDXGEN_DEBUG_MODE=debug' to troubleshoot any gradle related errors."
1613
+ "No packages found. Set the environment variable 'CDXGEN_DEBUG_MODE=debug' to troubleshoot any gradle related errors.",
1593
1614
  );
1594
1615
  options.failOnError && process.exit(1);
1595
1616
  }
@@ -1606,7 +1627,7 @@ export async function createJavaBom(path, options) {
1606
1627
  filename: gradleFiles.join(", "),
1607
1628
  nsMapping: jarNSMapping,
1608
1629
  dependencies,
1609
- parentComponent
1630
+ parentComponent,
1610
1631
  });
1611
1632
  }
1612
1633
 
@@ -1632,21 +1653,21 @@ export async function createJavaBom(path, options) {
1632
1653
  "build",
1633
1654
  bazelTarget,
1634
1655
  "in",
1635
- basePath
1656
+ basePath,
1636
1657
  );
1637
1658
  let result = spawnSync(BAZEL_CMD, ["build", bazelTarget], {
1638
1659
  cwd: basePath,
1639
1660
  shell: true,
1640
1661
  encoding: "utf-8",
1641
1662
  timeout: TIMEOUT_MS,
1642
- maxBuffer: MAX_BUFFER
1663
+ maxBuffer: MAX_BUFFER,
1643
1664
  });
1644
1665
  if (result.status !== 0 || result.error) {
1645
1666
  if (result.stderr) {
1646
1667
  console.error(result.stdout, result.stderr);
1647
1668
  }
1648
1669
  console.log(
1649
- "1. Check if bazel is installed and available in PATH.\n2. Try building your app with bazel prior to invoking cdxgen"
1670
+ "1. Check if bazel is installed and available in PATH.\n2. Try building your app with bazel prior to invoking cdxgen",
1650
1671
  );
1651
1672
  options.failOnError && process.exit(1);
1652
1673
  } else {
@@ -1665,13 +1686,13 @@ export async function createJavaBom(path, options) {
1665
1686
  "Executing",
1666
1687
  BAZEL_CMD,
1667
1688
  `${query.join(" ")} in`,
1668
- basePath
1689
+ basePath,
1669
1690
  );
1670
1691
  result = spawnSync(BAZEL_CMD, query, {
1671
1692
  cwd: basePath,
1672
1693
  encoding: "utf-8",
1673
1694
  timeout: TIMEOUT_MS,
1674
- maxBuffer: MAX_BUFFER
1695
+ maxBuffer: MAX_BUFFER,
1675
1696
  });
1676
1697
  if (result.status !== 0 || result.error) {
1677
1698
  console.error(result.stdout, result.stderr);
@@ -1685,10 +1706,10 @@ export async function createJavaBom(path, options) {
1685
1706
  pkgList = pkgList.concat(dlist);
1686
1707
  } else {
1687
1708
  console.log(
1688
- "No packages were detected.\n1. Build your project using bazel build command before running cdxgen\n2. Try running the bazel aquery command manually to see if skyframe state can be retrieved."
1709
+ "No packages were detected.\n1. Build your project using bazel build command before running cdxgen\n2. Try running the bazel aquery command manually to see if skyframe state can be retrieved.",
1689
1710
  );
1690
1711
  console.log(
1691
- "If your project requires a different query, please file a bug at cyclonedx/cdxgen repo!"
1712
+ "If your project requires a different query, please file a bug at cyclonedx/cdxgen repo!",
1692
1713
  );
1693
1714
  options.failOnError && process.exit(1);
1694
1715
  }
@@ -1703,7 +1724,7 @@ export async function createJavaBom(path, options) {
1703
1724
  filename: "BUILD",
1704
1725
  nsMapping: {},
1705
1726
  dependencies,
1706
- parentComponent
1727
+ parentComponent,
1707
1728
  });
1708
1729
  }
1709
1730
  }
@@ -1720,7 +1741,7 @@ export async function createJavaBom(path, options) {
1720
1741
  path,
1721
1742
  (options.multiProject ? "**/" : "") +
1722
1743
  "project/{build.properties,*.sbt,*.scala}",
1723
- options
1744
+ options,
1724
1745
  );
1725
1746
 
1726
1747
  let sbtProjects = [];
@@ -1736,7 +1757,7 @@ export async function createJavaBom(path, options) {
1736
1757
  sbtProjectFiles = getAllFiles(
1737
1758
  path,
1738
1759
  (options.multiProject ? "**/" : "") + "*.sbt",
1739
- options
1760
+ options,
1740
1761
  );
1741
1762
  for (const i in sbtProjectFiles) {
1742
1763
  const baseDir = dirname(sbtProjectFiles[i]);
@@ -1745,12 +1766,12 @@ export async function createJavaBom(path, options) {
1745
1766
  }
1746
1767
  // eliminate duplicates and ignore project directories
1747
1768
  sbtProjects = [...new Set(sbtProjects)].filter(
1748
- (p) => !p.endsWith(sep + "project") && !p.includes("target" + sep)
1769
+ (p) => !p.endsWith(sep + "project") && !p.includes("target" + sep),
1749
1770
  );
1750
1771
  const sbtLockFiles = getAllFiles(
1751
1772
  path,
1752
1773
  (options.multiProject ? "**/" : "") + "build.sbt.lock",
1753
- options
1774
+ options,
1754
1775
  );
1755
1776
 
1756
1777
  if (sbtProjects && sbtProjects.length) {
@@ -1813,17 +1834,17 @@ export async function createJavaBom(path, options) {
1813
1834
  if (standalonePluginFile) {
1814
1835
  sbtArgs = [
1815
1836
  `-addPluginSbtFile=${tempSbtPlugins}`,
1816
- `"dependencyList::toFile ${dlFile} --force"`
1837
+ `"dependencyList::toFile ${dlFile} --force"`,
1817
1838
  ];
1818
1839
  } else {
1819
1840
  // write to the existing plugins file
1820
1841
  if (useSlashSyntax) {
1821
1842
  sbtArgs = [
1822
- `'set ThisBuild / asciiGraphWidth := 400' "dependencyTree / toFile ${dlFile} --force"`
1843
+ `'set ThisBuild / asciiGraphWidth := 400' "dependencyTree / toFile ${dlFile} --force"`,
1823
1844
  ];
1824
1845
  } else {
1825
1846
  sbtArgs = [
1826
- `'set asciiGraphWidth in ThisBuild := 400' "dependencyTree::toFile ${dlFile} --force"`
1847
+ `'set asciiGraphWidth in ThisBuild := 400' "dependencyTree::toFile ${dlFile} --force"`,
1827
1848
  ];
1828
1849
  }
1829
1850
  pluginFile = addPlugin(basePath, sbtPluginDefinition);
@@ -1835,7 +1856,7 @@ export async function createJavaBom(path, options) {
1835
1856
  "in",
1836
1857
  basePath,
1837
1858
  "using plugins",
1838
- tempSbtgDir
1859
+ tempSbtgDir,
1839
1860
  );
1840
1861
  // Note that the command has to be invoked with `shell: true` to properly execut sbt
1841
1862
  const result = spawnSync(SBT_CMD, sbtArgs, {
@@ -1843,18 +1864,18 @@ export async function createJavaBom(path, options) {
1843
1864
  shell: true,
1844
1865
  encoding: "utf-8",
1845
1866
  timeout: TIMEOUT_MS,
1846
- maxBuffer: MAX_BUFFER
1867
+ maxBuffer: MAX_BUFFER,
1847
1868
  });
1848
1869
  if (result.status !== 0 || result.error) {
1849
1870
  console.error(result.stdout, result.stderr);
1850
1871
  console.log(
1851
- `1. Check if scala and sbt is installed and available in PATH. Only scala 2.10 + sbt 0.13.6+ and 2.12 + sbt 1.0+ is supported for now.`
1872
+ `1. Check if scala and sbt is installed and available in PATH. Only scala 2.10 + sbt 0.13.6+ and 2.12 + sbt 1.0+ is supported for now.`,
1852
1873
  );
1853
1874
  console.log(
1854
- `2. Check if the plugin net.virtual-void:sbt-dependency-graph 0.10.0-RC1 can be used in the environment`
1875
+ `2. Check if the plugin net.virtual-void:sbt-dependency-graph 0.10.0-RC1 can be used in the environment`,
1855
1876
  );
1856
1877
  console.log(
1857
- "3. Consider creating a lockfile using sbt-dependency-lock plugin. See https://github.com/stringbean/sbt-dependency-lock"
1878
+ "3. Consider creating a lockfile using sbt-dependency-lock plugin. See https://github.com/stringbean/sbt-dependency-lock",
1858
1879
  );
1859
1880
  options.failOnError && process.exit(1);
1860
1881
  }
@@ -1875,7 +1896,7 @@ export async function createJavaBom(path, options) {
1875
1896
  dependencies = mergeDependencies(
1876
1897
  dependencies,
1877
1898
  retMap.dependenciesList,
1878
- parentComponent
1899
+ parentComponent,
1879
1900
  );
1880
1901
  }
1881
1902
  } else {
@@ -1906,7 +1927,7 @@ export async function createJavaBom(path, options) {
1906
1927
  filename: sbtProjects.join(", "),
1907
1928
  nsMapping: jarNSMapping,
1908
1929
  dependencies,
1909
- parentComponent
1930
+ parentComponent,
1910
1931
  });
1911
1932
  }
1912
1933
  }
@@ -1940,7 +1961,7 @@ export async function createNodejsBom(path, options) {
1940
1961
  allImports: {},
1941
1962
  src: path,
1942
1963
  filename: "package.json",
1943
- parentComponent
1964
+ parentComponent,
1944
1965
  });
1945
1966
  }
1946
1967
  }
@@ -1952,7 +1973,7 @@ export async function createNodejsBom(path, options) {
1952
1973
  ) {
1953
1974
  if (DEBUG_MODE) {
1954
1975
  console.log(
1955
- `Performing babel-based package usage analysis with source code at ${path}`
1976
+ `Performing babel-based package usage analysis with source code at ${path}`,
1956
1977
  );
1957
1978
  }
1958
1979
  const retData = await findJSImportsExports(path, options.deep);
@@ -1962,17 +1983,17 @@ export async function createNodejsBom(path, options) {
1962
1983
  const yarnLockFiles = getAllFiles(
1963
1984
  path,
1964
1985
  (options.multiProject ? "**/" : "") + "yarn.lock",
1965
- options
1986
+ options,
1966
1987
  );
1967
1988
  const shrinkwrapFiles = getAllFiles(
1968
1989
  path,
1969
1990
  (options.multiProject ? "**/" : "") + "npm-shrinkwrap.json",
1970
- options
1991
+ options,
1971
1992
  );
1972
1993
  let pkgLockFiles = getAllFiles(
1973
1994
  path,
1974
1995
  (options.multiProject ? "**/" : "") + "package-lock.json",
1975
- options
1996
+ options,
1976
1997
  );
1977
1998
  if (shrinkwrapFiles.length) {
1978
1999
  pkgLockFiles = pkgLockFiles.concat(shrinkwrapFiles);
@@ -1980,17 +2001,17 @@ export async function createNodejsBom(path, options) {
1980
2001
  const pnpmLockFiles = getAllFiles(
1981
2002
  path,
1982
2003
  (options.multiProject ? "**/" : "") + "pnpm-lock.yaml",
1983
- options
2004
+ options,
1984
2005
  );
1985
2006
  const minJsFiles = getAllFiles(
1986
2007
  path,
1987
2008
  (options.multiProject ? "**/" : "") + "*min.js",
1988
- options
2009
+ options,
1989
2010
  );
1990
2011
  const bowerFiles = getAllFiles(
1991
2012
  path,
1992
2013
  (options.multiProject ? "**/" : "") + "bower.json",
1993
- options
2014
+ options,
1994
2015
  );
1995
2016
  // Parse min js files
1996
2017
  if (minJsFiles && minJsFiles.length) {
@@ -2029,7 +2050,7 @@ export async function createNodejsBom(path, options) {
2029
2050
  options.projectName || parentComponent.name,
2030
2051
  options.projectVersion || parentComponent.version,
2031
2052
  null,
2032
- null
2053
+ null,
2033
2054
  ).toString();
2034
2055
  parentComponent["bom-ref"] = decodeURIComponent(ppurl);
2035
2056
  parentComponent["purl"] = ppurl;
@@ -2041,7 +2062,7 @@ export async function createNodejsBom(path, options) {
2041
2062
  parentComponent = {
2042
2063
  group: "",
2043
2064
  name: dirName,
2044
- type: "application"
2065
+ type: "application",
2045
2066
  };
2046
2067
  ppurl = new PackageURL(
2047
2068
  "npm",
@@ -2049,7 +2070,7 @@ export async function createNodejsBom(path, options) {
2049
2070
  options.projectName || parentComponent.name,
2050
2071
  options.projectVersion || parentComponent.version,
2051
2072
  null,
2052
- null
2073
+ null,
2053
2074
  ).toString();
2054
2075
  parentComponent["bom-ref"] = decodeURIComponent(ppurl);
2055
2076
  parentComponent["purl"] = ppurl;
@@ -2064,7 +2085,7 @@ export async function createNodejsBom(path, options) {
2064
2085
  dependencies = mergeDependencies(
2065
2086
  dependencies,
2066
2087
  parsedList.dependenciesList,
2067
- parentComponent
2088
+ parentComponent,
2068
2089
  );
2069
2090
  }
2070
2091
  }
@@ -2092,7 +2113,7 @@ export async function createNodejsBom(path, options) {
2092
2113
  dependencies = mergeDependencies(
2093
2114
  dependencies,
2094
2115
  parsedList.dependenciesList,
2095
- parentComponent
2116
+ parentComponent,
2096
2117
  );
2097
2118
  }
2098
2119
  }
@@ -2108,8 +2129,8 @@ export async function createNodejsBom(path, options) {
2108
2129
  ["install", "--no-link", "--bypass-policy"],
2109
2130
  {
2110
2131
  cwd: path,
2111
- encoding: "utf-8"
2112
- }
2132
+ encoding: "utf-8",
2133
+ },
2113
2134
  );
2114
2135
  if (result.status == 1 || result.error) {
2115
2136
  console.error(result.stdout, result.stderr);
@@ -2123,7 +2144,7 @@ export async function createNodejsBom(path, options) {
2123
2144
  "build-tasks",
2124
2145
  ".rush",
2125
2146
  "temp",
2126
- "shrinkwrap-deps.json"
2147
+ "shrinkwrap-deps.json",
2127
2148
  );
2128
2149
  const pnpmLock = join(path, "common", "config", "rush", "pnpm-lock.yaml");
2129
2150
  if (existsSync(swFile)) {
@@ -2133,13 +2154,13 @@ export async function createNodejsBom(path, options) {
2133
2154
  pkgList,
2134
2155
  allImports,
2135
2156
  allExports,
2136
- options.deep
2157
+ options.deep,
2137
2158
  );
2138
2159
  }
2139
2160
  return buildBomNSData(options, pkgList, "npm", {
2140
2161
  allImports,
2141
2162
  src: path,
2142
- filename: "shrinkwrap-deps.json"
2163
+ filename: "shrinkwrap-deps.json",
2143
2164
  });
2144
2165
  } else if (existsSync(pnpmLock)) {
2145
2166
  let pkgList = await parsePnpmLock(pnpmLock);
@@ -2148,14 +2169,14 @@ export async function createNodejsBom(path, options) {
2148
2169
  pkgList,
2149
2170
  allImports,
2150
2171
  allExports,
2151
- options.deep
2172
+ options.deep,
2152
2173
  );
2153
2174
  }
2154
2175
  return buildBomNSData(options, pkgList, "npm", {
2155
2176
  allImports,
2156
2177
  allExports,
2157
2178
  src: path,
2158
- filename: "pnpm-lock.yaml"
2179
+ filename: "pnpm-lock.yaml",
2159
2180
  });
2160
2181
  } else {
2161
2182
  console.log(
@@ -2163,7 +2184,7 @@ export async function createNodejsBom(path, options) {
2163
2184
  swFile,
2164
2185
  " nor pnpm lockfile",
2165
2186
  pnpmLock,
2166
- "was found!"
2187
+ "was found!",
2167
2188
  );
2168
2189
  options.failOnError && process.exit(1);
2169
2190
  }
@@ -2188,7 +2209,7 @@ export async function createNodejsBom(path, options) {
2188
2209
  options.projectName || tmpParentComponent.name,
2189
2210
  options.projectVersion || tmpParentComponent.version,
2190
2211
  null,
2191
- null
2212
+ null,
2192
2213
  ).toString();
2193
2214
  tmpParentComponent["bom-ref"] = decodeURIComponent(ppurl);
2194
2215
  tmpParentComponent["purl"] = ppurl;
@@ -2205,7 +2226,7 @@ export async function createNodejsBom(path, options) {
2205
2226
  const tmpParentComponent = {
2206
2227
  group: options.projectGroup || "",
2207
2228
  name: options.projectName || dirName,
2208
- type: "application"
2229
+ type: "application",
2209
2230
  };
2210
2231
  ppurl = new PackageURL(
2211
2232
  "npm",
@@ -2213,7 +2234,7 @@ export async function createNodejsBom(path, options) {
2213
2234
  tmpParentComponent.name,
2214
2235
  options.projectVersion || tmpParentComponent.version,
2215
2236
  null,
2216
- null
2237
+ null,
2217
2238
  ).toString();
2218
2239
  tmpParentComponent["bom-ref"] = decodeURIComponent(ppurl);
2219
2240
  tmpParentComponent["purl"] = ppurl;
@@ -2247,17 +2268,17 @@ export async function createNodejsBom(path, options) {
2247
2268
  options.projectName || parentComponent.name,
2248
2269
  options.projectVersion || parentComponent.version,
2249
2270
  null,
2250
- null
2271
+ null,
2251
2272
  ).toString();
2252
2273
  parsedList.dependenciesList.push({
2253
2274
  ref: decodeURIComponent(ppurl),
2254
- dependsOn: rdeplist
2275
+ dependsOn: rdeplist,
2255
2276
  });
2256
2277
  }
2257
2278
  dependencies = mergeDependencies(
2258
2279
  dependencies,
2259
2280
  parsedList.dependenciesList,
2260
- parentComponent
2281
+ parentComponent,
2261
2282
  );
2262
2283
  }
2263
2284
  }
@@ -2268,7 +2289,7 @@ export async function createNodejsBom(path, options) {
2268
2289
  const pkgJsonFiles = getAllFiles(
2269
2290
  join(path, "node_modules"),
2270
2291
  "**/package.json",
2271
- options
2292
+ options,
2272
2293
  );
2273
2294
  manifestFiles = manifestFiles.concat(pkgJsonFiles);
2274
2295
  for (const pkgjf of pkgJsonFiles) {
@@ -2289,7 +2310,7 @@ export async function createNodejsBom(path, options) {
2289
2310
  options.projectName || parentComponent.name,
2290
2311
  options.projectVersion || parentComponent.version,
2291
2312
  null,
2292
- null
2313
+ null,
2293
2314
  ).toString();
2294
2315
  parentComponent["bom-ref"] = decodeURIComponent(ppurl);
2295
2316
  parentComponent["purl"] = ppurl;
@@ -2308,14 +2329,14 @@ export async function createNodejsBom(path, options) {
2308
2329
  pkgList,
2309
2330
  allImports,
2310
2331
  allExports,
2311
- options.deep
2332
+ options.deep,
2312
2333
  );
2313
2334
  }
2314
2335
  return buildBomNSData(options, pkgList, "npm", {
2315
2336
  src: path,
2316
2337
  filename: manifestFiles.join(", "),
2317
2338
  dependencies,
2318
- parentComponent
2339
+ parentComponent,
2319
2340
  });
2320
2341
  }
2321
2342
 
@@ -2336,12 +2357,12 @@ export async function createPythonBom(path, options) {
2336
2357
  let poetryFiles = getAllFiles(
2337
2358
  path,
2338
2359
  (options.multiProject ? "**/" : "") + "poetry.lock",
2339
- options
2360
+ options,
2340
2361
  );
2341
2362
  const pdmLockFiles = getAllFiles(
2342
2363
  path,
2343
2364
  (options.multiProject ? "**/" : "") + "pdm.lock",
2344
- options
2365
+ options,
2345
2366
  );
2346
2367
  if (pdmLockFiles && pdmLockFiles.length) {
2347
2368
  poetryFiles = poetryFiles.concat(pdmLockFiles);
@@ -2349,30 +2370,30 @@ export async function createPythonBom(path, options) {
2349
2370
  let reqFiles = getAllFiles(
2350
2371
  path,
2351
2372
  (options.multiProject ? "**/" : "") + "*requirements*.txt",
2352
- options
2373
+ options,
2353
2374
  );
2354
2375
  reqFiles = reqFiles.filter(
2355
- (f) => !f.includes(join("mercurial", "helptext", "internals"))
2376
+ (f) => !f.includes(join("mercurial", "helptext", "internals")),
2356
2377
  );
2357
2378
  const reqDirFiles = getAllFiles(
2358
2379
  path,
2359
2380
  (options.multiProject ? "**/" : "") + "requirements/*.txt",
2360
- options
2381
+ options,
2361
2382
  );
2362
2383
  const metadataFiles = getAllFiles(
2363
2384
  path,
2364
2385
  (options.multiProject ? "**/site-packages/**/" : "") + "METADATA",
2365
- options
2386
+ options,
2366
2387
  );
2367
2388
  const whlFiles = getAllFiles(
2368
2389
  path,
2369
2390
  (options.multiProject ? "**/" : "") + "*.whl",
2370
- options
2391
+ options,
2371
2392
  );
2372
2393
  const eggInfoFiles = getAllFiles(
2373
2394
  path,
2374
2395
  (options.multiProject ? "**/" : "") + "*.egg-info",
2375
- options
2396
+ options,
2376
2397
  );
2377
2398
  const setupPy = join(path, "setup.py");
2378
2399
  const pyProjectFile = join(path, "pyproject.toml");
@@ -2390,7 +2411,7 @@ export async function createPythonBom(path, options) {
2390
2411
  parentComponent.name,
2391
2412
  parentComponent.version || "latest",
2392
2413
  null,
2393
- null
2414
+ null,
2394
2415
  ).toString();
2395
2416
  parentComponent["bom-ref"] = decodeURIComponent(ppurl);
2396
2417
  parentComponent["purl"] = ppurl;
@@ -2415,7 +2436,7 @@ export async function createPythonBom(path, options) {
2415
2436
  dependencies = mergeDependencies(
2416
2437
  dependencies,
2417
2438
  retMap.dependenciesList,
2418
- parentComponent
2439
+ parentComponent,
2419
2440
  );
2420
2441
  }
2421
2442
  // Retrieve the tree using virtualenv in deep mode and as a fallback
@@ -2429,7 +2450,7 @@ export async function createPythonBom(path, options) {
2429
2450
  dependencies = mergeDependencies(
2430
2451
  dependencies,
2431
2452
  retMap.dependenciesList,
2432
- parentComponent
2453
+ parentComponent,
2433
2454
  );
2434
2455
  }
2435
2456
  }
@@ -2440,7 +2461,7 @@ export async function createPythonBom(path, options) {
2440
2461
  }
2441
2462
  const pdependencies = {
2442
2463
  ref: parentComponent["bom-ref"],
2443
- dependsOn: parentDependsOn
2464
+ dependsOn: parentDependsOn,
2444
2465
  };
2445
2466
  dependencies.splice(0, 0, pdependencies);
2446
2467
  }
@@ -2448,13 +2469,13 @@ export async function createPythonBom(path, options) {
2448
2469
  src: path,
2449
2470
  filename: poetryFiles.join(", "),
2450
2471
  dependencies,
2451
- parentComponent
2472
+ parentComponent,
2452
2473
  });
2453
2474
  } else if (metadataFiles && metadataFiles.length) {
2454
2475
  // dist-info directories
2455
2476
  for (const mf of metadataFiles) {
2456
2477
  const mData = readFileSync(mf, {
2457
- encoding: "utf-8"
2478
+ encoding: "utf-8",
2458
2479
  });
2459
2480
  const dlist = parseBdistMetadata(mData);
2460
2481
  if (dlist && dlist.length) {
@@ -2502,7 +2523,7 @@ export async function createPythonBom(path, options) {
2502
2523
  if (reqFiles && reqFiles.length) {
2503
2524
  if (options.installDeps && DEBUG_MODE) {
2504
2525
  console.log(
2505
- "cdxgen will now attempt to generate an SBOM for 'build' lifecycle phase for Python. This would take some time ...\nTo speed up this step, invoke cdxgen from within a virtual environment with all the dependencies installed.\nAlternatively, pass the argument '--lifecycle pre-build' to generate a faster but less precise SBOM without installing the dependencies in case of any build issues."
2526
+ "cdxgen will now attempt to generate an SBOM for 'build' lifecycle phase for Python. This would take some time ...\nTo speed up this step, invoke cdxgen from within a virtual environment with all the dependencies installed.\nAlternatively, pass the argument '--lifecycle pre-build' to generate a faster but less precise SBOM without installing the dependencies in case of any build issues.",
2506
2527
  );
2507
2528
  }
2508
2529
  for (const f of reqFiles) {
@@ -2522,7 +2543,7 @@ export async function createPythonBom(path, options) {
2522
2543
  dependencies = mergeDependencies(
2523
2544
  dependencies,
2524
2545
  pkgMap.dependenciesList,
2525
- parentComponent
2546
+ parentComponent,
2526
2547
  );
2527
2548
  }
2528
2549
  }
@@ -2530,7 +2551,7 @@ export async function createPythonBom(path, options) {
2530
2551
  if (!pkgList.length || !frozen) {
2531
2552
  if (DEBUG_MODE) {
2532
2553
  console.log(
2533
- `Manually parsing ${f}. The result would include only direct dependencies.`
2554
+ `Manually parsing ${f}. The result would include only direct dependencies.`,
2534
2555
  );
2535
2556
  }
2536
2557
  reqData = readFileSync(f, { encoding: "utf-8" });
@@ -2583,7 +2604,7 @@ export async function createPythonBom(path, options) {
2583
2604
  apkg.properties = apkg.properties || [];
2584
2605
  apkg.properties.push({
2585
2606
  name: "ImportedModules",
2586
- value: iSymbolsMap[apkg.name]
2607
+ value: iSymbolsMap[apkg.name],
2587
2608
  });
2588
2609
  }
2589
2610
  }
@@ -2606,7 +2627,7 @@ export async function createPythonBom(path, options) {
2606
2627
  dependencies = mergeDependencies(
2607
2628
  dependencies,
2608
2629
  retMap.dependenciesList,
2609
- parentComponent
2630
+ parentComponent,
2610
2631
  );
2611
2632
  }
2612
2633
  if (retMap.allImports) {
@@ -2630,7 +2651,7 @@ export async function createPythonBom(path, options) {
2630
2651
  dependencies = mergeDependencies(
2631
2652
  dependencies,
2632
2653
  pkgMap.dependenciesList,
2633
- parentComponent
2654
+ parentComponent,
2634
2655
  );
2635
2656
  }
2636
2657
  let parentPresent = false;
@@ -2644,8 +2665,8 @@ export async function createPythonBom(path, options) {
2644
2665
  const pdependencies = {
2645
2666
  ref: parentComponent["bom-ref"],
2646
2667
  dependsOn: Array.from(parentDependsOn).filter(
2647
- (r) => parentComponent && r !== parentComponent["bom-ref"]
2648
- )
2668
+ (r) => parentComponent && r !== parentComponent["bom-ref"],
2669
+ ),
2649
2670
  };
2650
2671
  dependencies.splice(0, 0, pdependencies);
2651
2672
  }
@@ -2672,7 +2693,7 @@ export async function createPythonBom(path, options) {
2672
2693
  src: path,
2673
2694
  filename: metadataFilename,
2674
2695
  dependencies,
2675
- parentComponent
2696
+ parentComponent,
2676
2697
  });
2677
2698
  }
2678
2699
 
@@ -2702,7 +2723,7 @@ export async function createGoBom(path, options) {
2702
2723
  const gosumFiles = getAllFiles(
2703
2724
  path,
2704
2725
  (options.multiProject ? "**/" : "") + "go.sum",
2705
- options
2726
+ options,
2706
2727
  );
2707
2728
 
2708
2729
  // If USE_GOSUM is true|1, generate BOM components only using go.sum.
@@ -2711,7 +2732,7 @@ export async function createGoBom(path, options) {
2711
2732
  if (useGosum && gosumFiles.length) {
2712
2733
  console.warn(
2713
2734
  "Using go.sum to generate BOMs for go projects may return an inaccurate representation of transitive dependencies.\nSee: https://github.com/golang/go/wiki/Modules#is-gosum-a-lock-file-why-does-gosum-include-information-for-module-versions-i-am-no-longer-using\n",
2714
- "Set USE_GOSUM=false to generate BOMs using go.mod as the dependency source of truth."
2735
+ "Set USE_GOSUM=false to generate BOMs using go.mod as the dependency source of truth.",
2715
2736
  );
2716
2737
  for (const f of gosumFiles) {
2717
2738
  if (DEBUG_MODE) {
@@ -2727,7 +2748,7 @@ export async function createGoBom(path, options) {
2727
2748
  let circuitBreak = false;
2728
2749
  if (DEBUG_MODE) {
2729
2750
  console.log(
2730
- `Attempting to detect required packages using "go mod why" command for ${pkgList.length} packages`
2751
+ `Attempting to detect required packages using "go mod why" command for ${pkgList.length} packages`,
2731
2752
  );
2732
2753
  }
2733
2754
  // Using go mod why detect required packages
@@ -2757,8 +2778,8 @@ export async function createGoBom(path, options) {
2757
2778
  cwd: path,
2758
2779
  encoding: "utf-8",
2759
2780
  timeout: TIMEOUT_MS,
2760
- maxBuffer: MAX_BUFFER
2761
- }
2781
+ maxBuffer: MAX_BUFFER,
2782
+ },
2762
2783
  );
2763
2784
  if (mresult.status !== 0 || mresult.error) {
2764
2785
  if (DEBUG_MODE) {
@@ -2792,7 +2813,7 @@ export async function createGoBom(path, options) {
2792
2813
  src: path,
2793
2814
  dependencies,
2794
2815
  parentComponent,
2795
- filename: gosumFiles.join(", ")
2816
+ filename: gosumFiles.join(", "),
2796
2817
  });
2797
2818
  }
2798
2819
 
@@ -2817,14 +2838,14 @@ export async function createGoBom(path, options) {
2817
2838
  const gopkgLockFiles = getAllFiles(
2818
2839
  path,
2819
2840
  (options.multiProject ? "**/" : "") + "Gopkg.lock",
2820
- options
2841
+ options,
2821
2842
  );
2822
2843
 
2823
2844
  // Read in go.mod files and parse BOM components with checksums from gosumData
2824
2845
  const gomodFiles = getAllFiles(
2825
2846
  path,
2826
2847
  (options.multiProject ? "**/" : "") + "go.mod",
2827
- options
2848
+ options,
2828
2849
  );
2829
2850
  if (gomodFiles.length) {
2830
2851
  let shouldManuallyParse = false;
@@ -2847,14 +2868,14 @@ export async function createGoBom(path, options) {
2847
2868
  "-deps",
2848
2869
  "-f",
2849
2870
  "'{{with .Module}}{{.Path}} {{.Version}} {{.Indirect}} {{.GoMod}} {{.GoVersion}} {{.Main}}{{end}}'",
2850
- "./..."
2871
+ "./...",
2851
2872
  ],
2852
2873
  {
2853
2874
  cwd: basePath,
2854
2875
  encoding: "utf-8",
2855
2876
  timeout: TIMEOUT_MS,
2856
- maxBuffer: MAX_BUFFER
2857
- }
2877
+ maxBuffer: MAX_BUFFER,
2878
+ },
2858
2879
  );
2859
2880
  if (DEBUG_MODE) {
2860
2881
  console.log("Executing go mod graph in", basePath);
@@ -2889,7 +2910,7 @@ export async function createGoBom(path, options) {
2889
2910
  cwd: basePath,
2890
2911
  encoding: "utf-8",
2891
2912
  timeout: TIMEOUT_MS,
2892
- maxBuffer: MAX_BUFFER
2913
+ maxBuffer: MAX_BUFFER,
2893
2914
  });
2894
2915
  // Check if got a mod graph successfully
2895
2916
  if (result.status !== 0 || result.error) {
@@ -2908,7 +2929,7 @@ export async function createGoBom(path, options) {
2908
2929
  f,
2909
2930
  gosumMap,
2910
2931
  pkgList,
2911
- parentComponent
2932
+ parentComponent,
2912
2933
  );
2913
2934
  if (retMap.pkgList && retMap.pkgList.length) {
2914
2935
  pkgList = pkgList.concat(retMap.pkgList);
@@ -2918,14 +2939,14 @@ export async function createGoBom(path, options) {
2918
2939
  dependencies = mergeDependencies(
2919
2940
  dependencies,
2920
2941
  retMap.dependenciesList,
2921
- parentComponent
2942
+ parentComponent,
2922
2943
  );
2923
2944
  }
2924
2945
  }
2925
2946
  } else {
2926
2947
  shouldManuallyParse = true;
2927
2948
  console.error(
2928
- "go unexpectedly didn't return any output. Check if the correct version of golang is installed."
2949
+ "go unexpectedly didn't return any output. Check if the correct version of golang is installed.",
2929
2950
  );
2930
2951
  options.failOnError && process.exit(1);
2931
2952
  }
@@ -2936,14 +2957,14 @@ export async function createGoBom(path, options) {
2936
2957
  dependencies,
2937
2958
  parentComponent,
2938
2959
  src: path,
2939
- filename: gomodFiles.join(", ")
2960
+ filename: gomodFiles.join(", "),
2940
2961
  });
2941
2962
  }
2942
2963
  }
2943
2964
  // Parse the gomod files manually. The resultant BOM would be incomplete
2944
2965
  if (!["docker", "oci", "container", "os"].includes(options.projectType)) {
2945
2966
  console.log(
2946
- "Manually parsing go.mod files. The resultant BOM would be incomplete."
2967
+ "Manually parsing go.mod files. The resultant BOM would be incomplete.",
2947
2968
  );
2948
2969
  }
2949
2970
  for (const f of gomodFiles) {
@@ -2960,7 +2981,7 @@ export async function createGoBom(path, options) {
2960
2981
  src: path,
2961
2982
  dependencies,
2962
2983
  parentComponent,
2963
- filename: gomodFiles.join(", ")
2984
+ filename: gomodFiles.join(", "),
2964
2985
  });
2965
2986
  } else if (gopkgLockFiles.length) {
2966
2987
  for (const f of gopkgLockFiles) {
@@ -2968,7 +2989,7 @@ export async function createGoBom(path, options) {
2968
2989
  console.log(`Parsing ${f}`);
2969
2990
  }
2970
2991
  const gopkgData = readFileSync(f, {
2971
- encoding: "utf-8"
2992
+ encoding: "utf-8",
2972
2993
  });
2973
2994
  const dlist = await parseGopkgData(gopkgData);
2974
2995
  if (dlist && dlist.length) {
@@ -2979,7 +3000,7 @@ export async function createGoBom(path, options) {
2979
3000
  src: path,
2980
3001
  dependencies,
2981
3002
  parentComponent,
2982
- filename: gopkgLockFiles.join(", ")
3003
+ filename: gopkgLockFiles.join(", "),
2983
3004
  });
2984
3005
  }
2985
3006
  return {};
@@ -3016,18 +3037,18 @@ export async function createRustBom(path, options) {
3016
3037
  return buildBomNSData(options, pkgList, "cargo", {
3017
3038
  allImports,
3018
3039
  src: path,
3019
- filename: path
3040
+ filename: path,
3020
3041
  });
3021
3042
  }
3022
3043
  let cargoLockFiles = getAllFiles(
3023
3044
  path,
3024
3045
  (options.multiProject ? "**/" : "") + "Cargo.lock",
3025
- options
3046
+ options,
3026
3047
  );
3027
3048
  const cargoFiles = getAllFiles(
3028
3049
  path,
3029
3050
  (options.multiProject ? "**/" : "") + "Cargo.toml",
3030
- options
3051
+ options,
3031
3052
  );
3032
3053
  // This function assumes that the given path is prioritized, i.e that the
3033
3054
  // Cargo.toml-file directly inside the directory `path` (or the one in the
@@ -3053,7 +3074,7 @@ export async function createRustBom(path, options) {
3053
3074
  parentComponent.components = [];
3054
3075
  if (DEBUG_MODE) {
3055
3076
  console.log(
3056
- `Assigning parent component "${parentComponent.name}" from ${f}`
3077
+ `Assigning parent component "${parentComponent.name}" from ${f}`,
3057
3078
  );
3058
3079
  }
3059
3080
  } else {
@@ -3067,7 +3088,7 @@ export async function createRustBom(path, options) {
3067
3088
  cargoLockFiles = getAllFiles(
3068
3089
  path,
3069
3090
  (options.multiProject ? "**/" : "") + "Cargo.lock",
3070
- options
3091
+ options,
3071
3092
  );
3072
3093
  let dependencyTree = [];
3073
3094
  if (cargoLockFiles.length) {
@@ -3089,7 +3110,7 @@ export async function createRustBom(path, options) {
3089
3110
  dependencyTree = mergeDependencies(
3090
3111
  dependencyTree,
3091
3112
  fileDependencylist,
3092
- parentComponent
3113
+ parentComponent,
3093
3114
  );
3094
3115
  }
3095
3116
  }
@@ -3097,7 +3118,7 @@ export async function createRustBom(path, options) {
3097
3118
  src: path,
3098
3119
  filename: cargoLockFiles.join(", "),
3099
3120
  dependencies: dependencyTree,
3100
- parentComponent
3121
+ parentComponent,
3101
3122
  });
3102
3123
  }
3103
3124
  return {};
@@ -3113,12 +3134,12 @@ export async function createDartBom(path, options) {
3113
3134
  const pubFiles = getAllFiles(
3114
3135
  path,
3115
3136
  (options.multiProject ? "**/" : "") + "pubspec.lock",
3116
- options
3137
+ options,
3117
3138
  );
3118
3139
  const pubSpecYamlFiles = getAllFiles(
3119
3140
  path,
3120
3141
  (options.multiProject ? "**/" : "") + "pubspec.yaml",
3121
- options
3142
+ options,
3122
3143
  );
3123
3144
  let pkgList = [];
3124
3145
  if (pubFiles.length) {
@@ -3134,7 +3155,7 @@ export async function createDartBom(path, options) {
3134
3155
  }
3135
3156
  return buildBomNSData(options, pkgList, "pub", {
3136
3157
  src: path,
3137
- filename: pubFiles.join(", ")
3158
+ filename: pubFiles.join(", "),
3138
3159
  });
3139
3160
  } else if (pubSpecYamlFiles.length) {
3140
3161
  for (const f of pubSpecYamlFiles) {
@@ -3149,7 +3170,7 @@ export async function createDartBom(path, options) {
3149
3170
  }
3150
3171
  return buildBomNSData(options, pkgList, "pub", {
3151
3172
  src: path,
3152
- filename: pubSpecYamlFiles.join(", ")
3173
+ filename: pubSpecYamlFiles.join(", "),
3153
3174
  });
3154
3175
  }
3155
3176
 
@@ -3169,18 +3190,18 @@ export function createCppBom(path, options) {
3169
3190
  const conanLockFiles = getAllFiles(
3170
3191
  path,
3171
3192
  (options.multiProject ? "**/" : "") + "conan.lock",
3172
- options
3193
+ options,
3173
3194
  );
3174
3195
  const conanFiles = getAllFiles(
3175
3196
  path,
3176
3197
  (options.multiProject ? "**/" : "") + "conanfile.txt",
3177
- options
3198
+ options,
3178
3199
  );
3179
3200
  let cmakeLikeFiles = [];
3180
3201
  const mesonBuildFiles = getAllFiles(
3181
3202
  path,
3182
3203
  (options.multiProject ? "**/" : "") + "meson.build",
3183
- options
3204
+ options,
3184
3205
  );
3185
3206
  if (mesonBuildFiles && mesonBuildFiles.length) {
3186
3207
  cmakeLikeFiles = cmakeLikeFiles.concat(mesonBuildFiles);
@@ -3189,13 +3210,13 @@ export function createCppBom(path, options) {
3189
3210
  getAllFiles(
3190
3211
  path,
3191
3212
  (options.multiProject ? "**/" : "") + "CMakeLists.txt",
3192
- options
3193
- )
3213
+ options,
3214
+ ),
3194
3215
  );
3195
3216
  const cmakeFiles = getAllFiles(
3196
3217
  path,
3197
3218
  (options.multiProject ? "**/" : "") + "*.cmake",
3198
- options
3219
+ options,
3199
3220
  );
3200
3221
  if (cmakeFiles && cmakeFiles.length) {
3201
3222
  cmakeLikeFiles = cmakeLikeFiles.concat(cmakeFiles);
@@ -3262,7 +3283,7 @@ export function createCppBom(path, options) {
3262
3283
  dependencies = mergeDependencies(
3263
3284
  dependencies,
3264
3285
  retMap.dependenciesList,
3265
- parentComponent
3286
+ parentComponent,
3266
3287
  );
3267
3288
  } else {
3268
3289
  dependencies = retMap.dependenciesList;
@@ -3289,7 +3310,7 @@ export function createCppBom(path, options) {
3289
3310
  queryCategory,
3290
3311
  queryObj,
3291
3312
  results,
3292
- true
3313
+ true,
3293
3314
  );
3294
3315
  if (dlist && dlist.length) {
3295
3316
  osPkgsList = osPkgsList.concat(dlist);
@@ -3307,7 +3328,7 @@ export function createCppBom(path, options) {
3307
3328
  dependencies = mergeDependencies(
3308
3329
  dependencies,
3309
3330
  retMap.dependenciesList,
3310
- parentComponent
3331
+ parentComponent,
3311
3332
  );
3312
3333
  } else {
3313
3334
  dependencies = retMap.dependenciesList;
@@ -3332,7 +3353,7 @@ export function createCppBom(path, options) {
3332
3353
  return buildBomNSData(options, pkgList, "generic", {
3333
3354
  src: path,
3334
3355
  parentComponent,
3335
- dependencies
3356
+ dependencies,
3336
3357
  });
3337
3358
  }
3338
3359
 
@@ -3346,12 +3367,12 @@ export function createClojureBom(path, options) {
3346
3367
  const ednFiles = getAllFiles(
3347
3368
  path,
3348
3369
  (options.multiProject ? "**/" : "") + "deps.edn",
3349
- options
3370
+ options,
3350
3371
  );
3351
3372
  const leinFiles = getAllFiles(
3352
3373
  path,
3353
3374
  (options.multiProject ? "**/" : "") + "project.clj",
3354
- options
3375
+ options,
3355
3376
  );
3356
3377
  let pkgList = [];
3357
3378
  if (leinFiles.length) {
@@ -3369,7 +3390,7 @@ export function createClojureBom(path, options) {
3369
3390
  cwd: basePath,
3370
3391
  encoding: "utf-8",
3371
3392
  timeout: TIMEOUT_MS,
3372
- maxBuffer: MAX_BUFFER
3393
+ maxBuffer: MAX_BUFFER,
3373
3394
  });
3374
3395
  if (result.status !== 0 || result.error) {
3375
3396
  if (result.stderr) {
@@ -3377,7 +3398,7 @@ export function createClojureBom(path, options) {
3377
3398
  options.failOnError && process.exit(1);
3378
3399
  }
3379
3400
  console.log(
3380
- "Check if the correct version of lein is installed and available in PATH. Falling back to manual parsing."
3401
+ "Check if the correct version of lein is installed and available in PATH. Falling back to manual parsing.",
3381
3402
  );
3382
3403
  if (DEBUG_MODE) {
3383
3404
  console.log(`Parsing ${f}`);
@@ -3403,7 +3424,7 @@ export function createClojureBom(path, options) {
3403
3424
  }
3404
3425
  return buildBomNSData(options, pkgList, "clojars", {
3405
3426
  src: path,
3406
- filename: leinFiles.join(", ")
3427
+ filename: leinFiles.join(", "),
3407
3428
  });
3408
3429
  } else if (ednFiles.length) {
3409
3430
  let CLJ_ARGS = ["-Stree"];
@@ -3417,7 +3438,7 @@ export function createClojureBom(path, options) {
3417
3438
  cwd: basePath,
3418
3439
  encoding: "utf-8",
3419
3440
  timeout: TIMEOUT_MS,
3420
- maxBuffer: MAX_BUFFER
3441
+ maxBuffer: MAX_BUFFER,
3421
3442
  });
3422
3443
  if (result.status !== 0 || result.error) {
3423
3444
  if (result.stderr) {
@@ -3425,7 +3446,7 @@ export function createClojureBom(path, options) {
3425
3446
  options.failOnError && process.exit(1);
3426
3447
  }
3427
3448
  console.log(
3428
- "Check if the correct version of clojure cli is installed and available in PATH. Falling back to manual parsing."
3449
+ "Check if the correct version of clojure cli is installed and available in PATH. Falling back to manual parsing.",
3429
3450
  );
3430
3451
  if (DEBUG_MODE) {
3431
3452
  console.log(`Parsing ${f}`);
@@ -3451,7 +3472,7 @@ export function createClojureBom(path, options) {
3451
3472
  }
3452
3473
  return buildBomNSData(options, pkgList, "clojars", {
3453
3474
  src: path,
3454
- filename: ednFiles.join(", ")
3475
+ filename: ednFiles.join(", "),
3455
3476
  });
3456
3477
  }
3457
3478
 
@@ -3468,7 +3489,7 @@ export function createHaskellBom(path, options) {
3468
3489
  const cabalFiles = getAllFiles(
3469
3490
  path,
3470
3491
  (options.multiProject ? "**/" : "") + "cabal.project.freeze",
3471
- options
3492
+ options,
3472
3493
  );
3473
3494
  let pkgList = [];
3474
3495
  if (cabalFiles.length) {
@@ -3484,7 +3505,7 @@ export function createHaskellBom(path, options) {
3484
3505
  }
3485
3506
  return buildBomNSData(options, pkgList, "hackage", {
3486
3507
  src: path,
3487
- filename: cabalFiles.join(", ")
3508
+ filename: cabalFiles.join(", "),
3488
3509
  });
3489
3510
  }
3490
3511
  return {};
@@ -3500,7 +3521,7 @@ export function createElixirBom(path, options) {
3500
3521
  const mixFiles = getAllFiles(
3501
3522
  path,
3502
3523
  (options.multiProject ? "**/" : "") + "mix.lock",
3503
- options
3524
+ options,
3504
3525
  );
3505
3526
  let pkgList = [];
3506
3527
  if (mixFiles.length) {
@@ -3516,7 +3537,7 @@ export function createElixirBom(path, options) {
3516
3537
  }
3517
3538
  return buildBomNSData(options, pkgList, "hex", {
3518
3539
  src: path,
3519
- filename: mixFiles.join(", ")
3540
+ filename: mixFiles.join(", "),
3520
3541
  });
3521
3542
  }
3522
3543
  return {};
@@ -3532,7 +3553,7 @@ export function createGitHubBom(path, options) {
3532
3553
  const ghactionFiles = getAllFiles(
3533
3554
  path,
3534
3555
  ".github/workflows/" + "*.yml",
3535
- options
3556
+ options,
3536
3557
  );
3537
3558
  let pkgList = [];
3538
3559
  if (ghactionFiles.length) {
@@ -3548,7 +3569,7 @@ export function createGitHubBom(path, options) {
3548
3569
  }
3549
3570
  return buildBomNSData(options, pkgList, "github", {
3550
3571
  src: path,
3551
- filename: ghactionFiles.join(", ")
3572
+ filename: ghactionFiles.join(", "),
3552
3573
  });
3553
3574
  }
3554
3575
  return {};
@@ -3576,7 +3597,7 @@ export function createCloudBuildBom(path, options) {
3576
3597
  }
3577
3598
  return buildBomNSData(options, pkgList, "cloudbuild", {
3578
3599
  src: path,
3579
- filename: cbFiles.join(", ")
3600
+ filename: cbFiles.join(", "),
3580
3601
  });
3581
3602
  }
3582
3603
  return {};
@@ -3590,7 +3611,7 @@ export function createCloudBuildBom(path, options) {
3590
3611
  */
3591
3612
  export function createOSBom(path, options) {
3592
3613
  console.warn(
3593
- "About to generate OBOM for the current OS installation. This will take several minutes ..."
3614
+ "About to generate OBOM for the current OS installation. This will take several minutes ...",
3594
3615
  );
3595
3616
  let pkgList = [];
3596
3617
  let bomData = {};
@@ -3602,14 +3623,14 @@ export function createOSBom(path, options) {
3602
3623
  queryCategory,
3603
3624
  queryObj,
3604
3625
  results,
3605
- false
3626
+ false,
3606
3627
  );
3607
3628
  if (dlist && dlist.length) {
3608
3629
  if (!Object.keys(parentComponent).length) {
3609
3630
  parentComponent = dlist.splice(0, 1)[0];
3610
3631
  }
3611
3632
  pkgList = pkgList.concat(
3612
- dlist.sort((a, b) => a.name.localeCompare(b.name))
3633
+ dlist.sort((a, b) => a.name.localeCompare(b.name)),
3613
3634
  );
3614
3635
  }
3615
3636
  } // for
@@ -3617,7 +3638,7 @@ export function createOSBom(path, options) {
3617
3638
  bomData = buildBomNSData(options, pkgList, "", {
3618
3639
  src: "",
3619
3640
  filename: "",
3620
- parentComponent
3641
+ parentComponent,
3621
3642
  });
3622
3643
  }
3623
3644
  options.bomData = bomData;
@@ -3631,7 +3652,7 @@ export function createOSBom(path, options) {
3631
3652
  const exportData = {
3632
3653
  lastWorkingDir: undefined,
3633
3654
  allLayersDir: options.allLayersExplodedDir,
3634
- allLayersExplodedDir: options.allLayersExplodedDir
3655
+ allLayersExplodedDir: options.allLayersExplodedDir,
3635
3656
  };
3636
3657
  const pkgPathList = [];
3637
3658
  if (options.deep) {
@@ -3651,7 +3672,7 @@ export async function createJenkinsBom(path, options) {
3651
3672
  const hpiFiles = getAllFiles(
3652
3673
  path,
3653
3674
  (options.multiProject ? "**/" : "") + "*.hpi",
3654
- options
3675
+ options,
3655
3676
  );
3656
3677
  const tempDir = mkdtempSync(join(tmpdir(), "hpi-deps-"));
3657
3678
  if (hpiFiles.length) {
@@ -3685,7 +3706,7 @@ export async function createJenkinsBom(path, options) {
3685
3706
  return buildBomNSData(options, pkgList, "maven", {
3686
3707
  src: path,
3687
3708
  filename: hpiFiles.join(", "),
3688
- nsMapping: {}
3709
+ nsMapping: {},
3689
3710
  });
3690
3711
  }
3691
3712
 
@@ -3700,7 +3721,7 @@ export function createHelmBom(path, options) {
3700
3721
  const yamlFiles = getAllFiles(
3701
3722
  path,
3702
3723
  (options.multiProject ? "**/" : "") + "*.yaml",
3703
- options
3724
+ options,
3704
3725
  );
3705
3726
  if (yamlFiles.length) {
3706
3727
  for (const f of yamlFiles) {
@@ -3715,7 +3736,7 @@ export function createHelmBom(path, options) {
3715
3736
  }
3716
3737
  return buildBomNSData(options, pkgList, "helm", {
3717
3738
  src: path,
3718
- filename: yamlFiles.join(", ")
3739
+ filename: yamlFiles.join(", "),
3719
3740
  });
3720
3741
  }
3721
3742
  return {};
@@ -3731,12 +3752,12 @@ export async function createSwiftBom(path, options) {
3731
3752
  const swiftFiles = getAllFiles(
3732
3753
  path,
3733
3754
  (options.multiProject ? "**/" : "") + "Package*.swift",
3734
- options
3755
+ options,
3735
3756
  );
3736
3757
  const pkgResolvedFiles = getAllFiles(
3737
3758
  path,
3738
3759
  (options.multiProject ? "**/" : "") + "Package.resolved",
3739
- options
3760
+ options,
3740
3761
  );
3741
3762
  let pkgList = [];
3742
3763
  let dependencies = [];
@@ -3773,8 +3794,8 @@ export async function createSwiftBom(path, options) {
3773
3794
  cwd: basePath,
3774
3795
  encoding: "utf-8",
3775
3796
  timeout: TIMEOUT_MS,
3776
- maxBuffer: MAX_BUFFER
3777
- }
3797
+ maxBuffer: MAX_BUFFER,
3798
+ },
3778
3799
  );
3779
3800
  if (result.status === 0 && result.stdout) {
3780
3801
  completedPath.push(basePath);
@@ -3789,13 +3810,13 @@ export async function createSwiftBom(path, options) {
3789
3810
  dependencies = mergeDependencies(
3790
3811
  dependencies,
3791
3812
  retData.dependenciesList,
3792
- parentComponent
3813
+ parentComponent,
3793
3814
  );
3794
3815
  }
3795
3816
  } else {
3796
3817
  if (DEBUG_MODE) {
3797
3818
  console.log(
3798
- "Please install swift from https://www.swift.org/download/ or use the cdxgen container image"
3819
+ "Please install swift from https://www.swift.org/download/ or use the cdxgen container image",
3799
3820
  );
3800
3821
  }
3801
3822
  console.error(result.stderr);
@@ -3810,7 +3831,7 @@ export async function createSwiftBom(path, options) {
3810
3831
  src: path,
3811
3832
  filename: swiftFiles.join(", "),
3812
3833
  parentComponent,
3813
- dependencies
3834
+ dependencies,
3814
3835
  });
3815
3836
  }
3816
3837
 
@@ -3833,37 +3854,37 @@ export async function createContainerSpecLikeBom(path, options) {
3833
3854
  let dcFiles = getAllFiles(
3834
3855
  path,
3835
3856
  (options.multiProject ? "**/" : "") + "*.yml",
3836
- options
3857
+ options,
3837
3858
  );
3838
3859
  const dfFiles = getAllFiles(
3839
3860
  path,
3840
3861
  (options.multiProject ? "**/" : "") + "*Dockerfile*",
3841
- options
3862
+ options,
3842
3863
  );
3843
3864
  const bbPipelineFiles = getAllFiles(
3844
3865
  path,
3845
3866
  (options.multiProject ? "**/" : "") + "bitbucket-pipelines.yml",
3846
- options
3867
+ options,
3847
3868
  );
3848
3869
  const cfFiles = getAllFiles(
3849
3870
  path,
3850
3871
  (options.multiProject ? "**/" : "") + "*Containerfile*",
3851
- options
3872
+ options,
3852
3873
  );
3853
3874
  const yamlFiles = getAllFiles(
3854
3875
  path,
3855
3876
  (options.multiProject ? "**/" : "") + "*.yaml",
3856
- options
3877
+ options,
3857
3878
  );
3858
3879
  let oapiFiles = getAllFiles(
3859
3880
  path,
3860
3881
  (options.multiProject ? "**/" : "") + "open*.json",
3861
- options
3882
+ options,
3862
3883
  );
3863
3884
  const oapiYamlFiles = getAllFiles(
3864
3885
  path,
3865
3886
  (options.multiProject ? "**/" : "") + "open*.yaml",
3866
- options
3887
+ options,
3867
3888
  );
3868
3889
  if (oapiYamlFiles && oapiYamlFiles.length) {
3869
3890
  oapiFiles = oapiFiles.concat(oapiYamlFiles);
@@ -3905,32 +3926,32 @@ export async function createContainerSpecLikeBom(path, options) {
3905
3926
  const commonProperties = [
3906
3927
  {
3907
3928
  name: "SrcFile",
3908
- value: f
3909
- }
3929
+ value: f,
3930
+ },
3910
3931
  ];
3911
3932
  if (img.image) {
3912
3933
  commonProperties.push({
3913
3934
  name: "oci:SrcImage",
3914
- value: img.image
3935
+ value: img.image,
3915
3936
  });
3916
3937
  }
3917
3938
  if (img.service) {
3918
3939
  commonProperties.push({
3919
3940
  name: "ServiceName",
3920
- value: img.service
3941
+ value: img.service,
3921
3942
  });
3922
3943
  }
3923
3944
 
3924
3945
  // img could have .service, .ociSpec or .image
3925
3946
  if (img.ociSpec) {
3926
3947
  console.log(
3927
- `NOTE: ${img.ociSpec} needs to built using docker or podman and referred with a name to get included in this SBOM.`
3948
+ `NOTE: ${img.ociSpec} needs to built using docker or podman and referred with a name to get included in this SBOM.`,
3928
3949
  );
3929
3950
  ociSpecs.push({
3930
3951
  group: "",
3931
3952
  name: img.ociSpec,
3932
3953
  version: "latest",
3933
- properties: commonProperties
3954
+ properties: commonProperties,
3934
3955
  });
3935
3956
  }
3936
3957
  if (img.service) {
@@ -3950,7 +3971,7 @@ export async function createContainerSpecLikeBom(path, options) {
3950
3971
  name: name,
3951
3972
  version: version,
3952
3973
  group: "",
3953
- properties: commonProperties
3974
+ properties: commonProperties,
3954
3975
  });
3955
3976
  doneservices.push(servbomRef);
3956
3977
  }
@@ -3960,7 +3981,7 @@ export async function createContainerSpecLikeBom(path, options) {
3960
3981
  if (DEBUG_MODE) {
3961
3982
  console.log(
3962
3983
  "Skipping image as it's already been processed",
3963
- img.image
3984
+ img.image,
3964
3985
  );
3965
3986
  }
3966
3987
 
@@ -3981,7 +4002,7 @@ export async function createContainerSpecLikeBom(path, options) {
3981
4002
  (imageObj.digest ? "sha256:" + imageObj.digest : "latest"),
3982
4003
  qualifiers: {},
3983
4004
  properties: commonProperties,
3984
- type: "container"
4005
+ type: "container",
3985
4006
  };
3986
4007
  if (imageObj.registry) {
3987
4008
  // Skip adding repository_url if the registry or repo contains variables.
@@ -3992,7 +4013,7 @@ export async function createContainerSpecLikeBom(path, options) {
3992
4013
  if (DEBUG_MODE) {
3993
4014
  console.warn(
3994
4015
  "Skipping adding repository_url qualifier as it contains variables, which are not yet supported",
3995
- img.image
4016
+ img.image,
3996
4017
  );
3997
4018
  }
3998
4019
  } else {
@@ -4010,7 +4031,7 @@ export async function createContainerSpecLikeBom(path, options) {
4010
4031
  const imageBomData = buildBomNSData(options, [pkg], "oci", {
4011
4032
  src: img.image,
4012
4033
  filename: f,
4013
- nsMapping: {}
4034
+ nsMapping: {},
4014
4035
  });
4015
4036
  if (
4016
4037
  imageBomData &&
@@ -4052,8 +4073,8 @@ export async function createContainerSpecLikeBom(path, options) {
4052
4073
  se.properties = [
4053
4074
  {
4054
4075
  name: "SrcFile",
4055
- value: af
4056
- }
4076
+ value: af,
4077
+ },
4057
4078
  ];
4058
4079
  }
4059
4080
  services = services.concat(servlist);
@@ -4063,15 +4084,15 @@ export async function createContainerSpecLikeBom(path, options) {
4063
4084
  // Parse privado files
4064
4085
  if (privadoFiles.length) {
4065
4086
  console.log(
4066
- "Enriching your SBOM with information from privado.ai scan reports"
4087
+ "Enriching your SBOM with information from privado.ai scan reports",
4067
4088
  );
4068
4089
  let rows = [["Classification", "Flow"]];
4069
4090
  const config = {
4070
4091
  header: {
4071
4092
  alignment: "center",
4072
- content: "Data Privacy Insights from privado.ai"
4093
+ content: "Data Privacy Insights from privado.ai",
4073
4094
  },
4074
- columns: [{ width: 50 }, { width: 10 }]
4095
+ columns: [{ width: 50 }, { width: 10 }],
4075
4096
  };
4076
4097
  for (const f of privadoFiles) {
4077
4098
  if (DEBUG_MODE) {
@@ -4095,9 +4116,9 @@ export async function createContainerSpecLikeBom(path, options) {
4095
4116
  console.log(
4096
4117
  table(rows, {
4097
4118
  columnDefault: {
4098
- width: 50
4099
- }
4100
- })
4119
+ width: 50,
4120
+ },
4121
+ }),
4101
4122
  );
4102
4123
  }
4103
4124
  }
@@ -4107,7 +4128,7 @@ export async function createContainerSpecLikeBom(path, options) {
4107
4128
  // In case of universal, repeat to collect multiX Boms
4108
4129
  const mbomData = await createMultiXBom([path], {
4109
4130
  projectType: origProjectType,
4110
- multiProject: true
4131
+ multiProject: true,
4111
4132
  });
4112
4133
  if (mbomData) {
4113
4134
  if (mbomData.components && mbomData.components.length) {
@@ -4122,7 +4143,7 @@ export async function createContainerSpecLikeBom(path, options) {
4122
4143
  dependencies = mergeDependencies(
4123
4144
  dependencies,
4124
4145
  mbomData.bomJson.dependencies,
4125
- parentComponent
4146
+ parentComponent,
4126
4147
  );
4127
4148
  }
4128
4149
  if (mbomData.bomJson.services) {
@@ -4131,7 +4152,7 @@ export async function createContainerSpecLikeBom(path, options) {
4131
4152
  }
4132
4153
  if (DEBUG_MODE) {
4133
4154
  console.log(
4134
- `BOM includes ${components.length} unfiltered components ${dependencies.length} dependencies so far`
4155
+ `BOM includes ${components.length} unfiltered components ${dependencies.length} dependencies so far`,
4135
4156
  );
4136
4157
  }
4137
4158
  }
@@ -4153,7 +4174,7 @@ export function createPHPBom(path, options) {
4153
4174
  const composerJsonFiles = getAllFiles(
4154
4175
  path,
4155
4176
  (options.multiProject ? "**/" : "") + "composer.json",
4156
- options
4177
+ options,
4157
4178
  );
4158
4179
  if (!options.exclude) {
4159
4180
  options.exclude = [];
@@ -4163,7 +4184,7 @@ export function createPHPBom(path, options) {
4163
4184
  let composerLockFiles = getAllFiles(
4164
4185
  path,
4165
4186
  (options.multiProject ? "**/" : "") + "composer.lock",
4166
- options
4187
+ options,
4167
4188
  );
4168
4189
  let pkgList = [];
4169
4190
  const composerJsonMode = composerJsonFiles.length;
@@ -4174,11 +4195,11 @@ export function createPHPBom(path, options) {
4174
4195
  console.log("About to invoke composer --version");
4175
4196
  }
4176
4197
  const versionResult = spawnSync("composer", ["--version"], {
4177
- encoding: "utf-8"
4198
+ encoding: "utf-8",
4178
4199
  });
4179
4200
  if (versionResult.status !== 0 || versionResult.error) {
4180
4201
  console.error(
4181
- "No composer version found. Check if composer is installed and available in PATH."
4202
+ "No composer version found. Check if composer is installed and available in PATH.",
4182
4203
  );
4183
4204
  if (DEBUG_MODE) {
4184
4205
  console.log(versionResult.error, versionResult.stderr);
@@ -4208,7 +4229,7 @@ export function createPHPBom(path, options) {
4208
4229
  }
4209
4230
  const result = spawnSync("composer", args, {
4210
4231
  cwd: basePath,
4211
- encoding: "utf-8"
4232
+ encoding: "utf-8",
4212
4233
  });
4213
4234
  if (result.status !== 0 || result.error) {
4214
4235
  console.error("Error running composer:");
@@ -4220,7 +4241,7 @@ export function createPHPBom(path, options) {
4220
4241
  composerLockFiles = getAllFiles(
4221
4242
  path,
4222
4243
  (options.multiProject ? "**/" : "") + "composer.lock",
4223
- options
4244
+ options,
4224
4245
  );
4225
4246
  if (composerLockFiles.length) {
4226
4247
  for (const f of composerLockFiles) {
@@ -4235,7 +4256,7 @@ export function createPHPBom(path, options) {
4235
4256
  existsSync(join(basePath, "composer.json"))
4236
4257
  ) {
4237
4258
  const composerData = JSON.parse(
4238
- readFileSync(join(basePath, "composer.json"), { encoding: "utf-8" })
4259
+ readFileSync(join(basePath, "composer.json"), { encoding: "utf-8" }),
4239
4260
  );
4240
4261
  rootRequires = composerData.require;
4241
4262
  const pkgName = composerData.name;
@@ -4254,8 +4275,8 @@ export function createPHPBom(path, options) {
4254
4275
  parentComponent.name,
4255
4276
  parentComponent.version,
4256
4277
  null,
4257
- null
4258
- ).toString()
4278
+ null,
4279
+ ).toString(),
4259
4280
  );
4260
4281
  }
4261
4282
  }
@@ -4268,7 +4289,7 @@ export function createPHPBom(path, options) {
4268
4289
  parentComponent = createDefaultParentComponent(
4269
4290
  path,
4270
4291
  "composer",
4271
- options
4292
+ options,
4272
4293
  );
4273
4294
  }
4274
4295
  // Complete the dependency tree by making parent component depend on the first level
@@ -4278,12 +4299,12 @@ export function createPHPBom(path, options) {
4278
4299
  }
4279
4300
  const pdependencies = {
4280
4301
  ref: parentComponent["bom-ref"],
4281
- dependsOn: parentDependsOn
4302
+ dependsOn: parentDependsOn,
4282
4303
  };
4283
4304
  dependencies = mergeDependencies(
4284
4305
  dependencies,
4285
4306
  retMap.dependenciesList,
4286
- parentComponent
4307
+ parentComponent,
4287
4308
  );
4288
4309
  dependencies.splice(0, 0, pdependencies);
4289
4310
  }
@@ -4292,7 +4313,7 @@ export function createPHPBom(path, options) {
4292
4313
  src: path,
4293
4314
  filename: composerLockFiles.join(", "),
4294
4315
  dependencies,
4295
- parentComponent
4316
+ parentComponent,
4296
4317
  });
4297
4318
  }
4298
4319
  return {};
@@ -4308,12 +4329,12 @@ export async function createRubyBom(path, options) {
4308
4329
  const gemFiles = getAllFiles(
4309
4330
  path,
4310
4331
  (options.multiProject ? "**/" : "") + "Gemfile",
4311
- options
4332
+ options,
4312
4333
  );
4313
4334
  let gemLockFiles = getAllFiles(
4314
4335
  path,
4315
4336
  (options.multiProject ? "**/" : "") + "Gemfile*.lock",
4316
- options
4337
+ options,
4317
4338
  );
4318
4339
  let pkgList = [];
4319
4340
  let dependencies = [];
@@ -4327,11 +4348,11 @@ export async function createRubyBom(path, options) {
4327
4348
  console.log("Executing 'bundle install' in", basePath);
4328
4349
  const result = spawnSync("bundle", ["install"], {
4329
4350
  cwd: basePath,
4330
- encoding: "utf-8"
4351
+ encoding: "utf-8",
4331
4352
  });
4332
4353
  if (result.status !== 0 || result.error) {
4333
4354
  console.error(
4334
- "Bundle install has failed. Check if bundle is installed and available in PATH."
4355
+ "Bundle install has failed. Check if bundle is installed and available in PATH.",
4335
4356
  );
4336
4357
  console.log(result.error, result.stderr);
4337
4358
  options.failOnError && process.exit(1);
@@ -4341,7 +4362,7 @@ export async function createRubyBom(path, options) {
4341
4362
  gemLockFiles = getAllFiles(
4342
4363
  path,
4343
4364
  (options.multiProject ? "**/" : "") + "Gemfile*.lock",
4344
- options
4365
+ options,
4345
4366
  );
4346
4367
  if (gemLockFiles.length) {
4347
4368
  for (const f of gemLockFiles) {
@@ -4358,7 +4379,7 @@ export async function createRubyBom(path, options) {
4358
4379
  dependencies = mergeDependencies(
4359
4380
  dependencies,
4360
4381
  retMap.dependenciesList,
4361
- parentComponent
4382
+ parentComponent,
4362
4383
  );
4363
4384
  }
4364
4385
  if (retMap.rootList && retMap.rootList.length) {
@@ -4372,17 +4393,17 @@ export async function createRubyBom(path, options) {
4372
4393
  [
4373
4394
  {
4374
4395
  ref: parentComponent["bom-ref"],
4375
- dependsOn: rootList
4376
- }
4396
+ dependsOn: rootList,
4397
+ },
4377
4398
  ],
4378
- parentComponent
4399
+ parentComponent,
4379
4400
  );
4380
4401
  }
4381
4402
  return buildBomNSData(options, pkgList, "gem", {
4382
4403
  src: path,
4383
4404
  dependencies,
4384
4405
  parentComponent,
4385
- filename: gemLockFiles.join(", ")
4406
+ filename: gemLockFiles.join(", "),
4386
4407
  });
4387
4408
  }
4388
4409
 
@@ -4403,50 +4424,58 @@ export async function createCsharpBom(path, options) {
4403
4424
  const slnFiles = getAllFiles(
4404
4425
  path,
4405
4426
  (options.multiProject ? "**/" : "") + "*.sln",
4406
- options
4427
+ options,
4407
4428
  );
4408
4429
  let csProjFiles = getAllFiles(
4409
4430
  path,
4410
4431
  (options.multiProject ? "**/" : "") + "*.csproj",
4411
- options
4432
+ options,
4412
4433
  );
4413
4434
  csProjFiles = csProjFiles.concat(
4414
- getAllFiles(path, (options.multiProject ? "**/" : "") + "*.vbproj", options)
4435
+ getAllFiles(
4436
+ path,
4437
+ (options.multiProject ? "**/" : "") + "*.vbproj",
4438
+ options,
4439
+ ),
4415
4440
  );
4416
4441
  csProjFiles = csProjFiles.concat(
4417
4442
  getAllFiles(
4418
4443
  path,
4419
4444
  (options.multiProject ? "**/" : "") + "*.vcxproj",
4420
- options
4421
- )
4445
+ options,
4446
+ ),
4422
4447
  );
4423
4448
  csProjFiles = csProjFiles.concat(
4424
- getAllFiles(path, (options.multiProject ? "**/" : "") + "*.fsproj", options)
4449
+ getAllFiles(
4450
+ path,
4451
+ (options.multiProject ? "**/" : "") + "*.fsproj",
4452
+ options,
4453
+ ),
4425
4454
  );
4426
4455
  const pkgConfigFiles = getAllFiles(
4427
4456
  path,
4428
4457
  (options.multiProject ? "**/" : "") + "packages.config",
4429
- options
4458
+ options,
4430
4459
  );
4431
4460
  let projAssetsFiles = getAllFiles(
4432
4461
  path,
4433
4462
  (options.multiProject ? "**/" : "") + "project.assets.json",
4434
- options
4463
+ options,
4435
4464
  );
4436
4465
  const pkgLockFiles = getAllFiles(
4437
4466
  path,
4438
4467
  (options.multiProject ? "**/" : "") + "packages.lock.json",
4439
- options
4468
+ options,
4440
4469
  );
4441
4470
  const paketLockFiles = getAllFiles(
4442
4471
  path,
4443
4472
  (options.multiProject ? "**/" : "") + "paket.lock",
4444
- options
4473
+ options,
4445
4474
  );
4446
4475
  const nupkgFiles = getAllFiles(
4447
4476
  path,
4448
4477
  (options.multiProject ? "**/" : "") + "*.nupkg",
4449
- options
4478
+ options,
4450
4479
  );
4451
4480
  // Support for automatic restore
4452
4481
  if (
@@ -4466,15 +4495,15 @@ export async function createCsharpBom(path, options) {
4466
4495
  ["restore", "--force", "--ignore-failed-sources", f],
4467
4496
  {
4468
4497
  cwd: path,
4469
- encoding: "utf-8"
4470
- }
4498
+ encoding: "utf-8",
4499
+ },
4471
4500
  );
4472
4501
  if (DEBUG_MODE && (result.status !== 0 || result.error)) {
4473
4502
  console.error(
4474
- "Restore has failed. Check if dotnet is installed and available in PATH."
4503
+ "Restore has failed. Check if dotnet is installed and available in PATH.",
4475
4504
  );
4476
4505
  console.log(
4477
- "Authenticate with any private registries such as Azure Artifacts feed before running cdxgen."
4506
+ "Authenticate with any private registries such as Azure Artifacts feed before running cdxgen.",
4478
4507
  );
4479
4508
  console.log(result.stderr);
4480
4509
  options.failOnError && process.exit(1);
@@ -4484,7 +4513,7 @@ export async function createCsharpBom(path, options) {
4484
4513
  projAssetsFiles = getAllFiles(
4485
4514
  path,
4486
4515
  (options.multiProject ? "**/" : "") + "project.assets.json",
4487
- options
4516
+ options,
4488
4517
  );
4489
4518
  }
4490
4519
  let pkgList = [];
@@ -4522,19 +4551,19 @@ export async function createCsharpBom(path, options) {
4522
4551
  // This usually happens when restore was performed with an incorrect version of the SDK.
4523
4552
  if (!pkgList.length || dependencies.length < 2) {
4524
4553
  console.log(
4525
- "Unable to obtain the correct dependency tree from the project.assets.json files. Ensure the correct version of the dotnet SDK was installed and used."
4554
+ "Unable to obtain the correct dependency tree from the project.assets.json files. Ensure the correct version of the dotnet SDK was installed and used.",
4526
4555
  );
4527
4556
  console.log(
4528
- "1. Create a global.json file in the project directory to specify the required version of the dotnet SDK."
4557
+ "1. Create a global.json file in the project directory to specify the required version of the dotnet SDK.",
4529
4558
  );
4530
4559
  console.log(
4531
- "2. Use the environment variable `DOTNET_ROLL_FORWARD` to roll forward to a closest available SDK such as .Net core or dotnet 6."
4560
+ "2. Use the environment variable `DOTNET_ROLL_FORWARD` to roll forward to a closest available SDK such as .Net core or dotnet 6.",
4532
4561
  );
4533
4562
  console.log(
4534
- "3. If the project uses the legacy .Net Framework 4.6/4.7, it might require Windows operating system."
4563
+ "3. If the project uses the legacy .Net Framework 4.6/4.7, it might require Windows operating system.",
4535
4564
  );
4536
4565
  console.log(
4537
- "Alternatively, try using the unofficial `ghcr.io/appthreat/cdxgen-dotnet:v10` container image, which bundles a range of dotnet SDKs."
4566
+ "Alternatively, try using the unofficial `ghcr.io/appthreat/cdxgen-dotnet:v10` container image, which bundles a range of dotnet SDKs.",
4538
4567
  );
4539
4568
  options.failOnError && process.exit(1);
4540
4569
  }
@@ -4568,7 +4597,7 @@ export async function createCsharpBom(path, options) {
4568
4597
  if (parentDependsOn.size) {
4569
4598
  dependencies.splice(0, 0, {
4570
4599
  ref: parentComponent["bom-ref"],
4571
- dependsOn: Array.from(parentDependsOn)
4600
+ dependsOn: Array.from(parentDependsOn),
4572
4601
  });
4573
4602
  }
4574
4603
  } else if (pkgConfigFiles.length) {
@@ -4627,7 +4656,7 @@ export async function createCsharpBom(path, options) {
4627
4656
  }
4628
4657
  if (pkgList.length) {
4629
4658
  console.log(
4630
- `Found ${pkgList.length} components by parsing the ${csProjFiles.length} csproj files. The resulting SBOM will be incomplete.`
4659
+ `Found ${pkgList.length} components by parsing the ${csProjFiles.length} csproj files. The resulting SBOM will be incomplete.`,
4631
4660
  );
4632
4661
  options.failOnError && process.exit(1);
4633
4662
  }
@@ -4637,14 +4666,14 @@ export async function createCsharpBom(path, options) {
4637
4666
  // Perform deep analysis using dosai
4638
4667
  if (options.deep) {
4639
4668
  const slicesFile = resolve(
4640
- options.depsSlicesFile || join(tmpdir(), "dosai.json")
4669
+ options.depsSlicesFile || join(tmpdir(), "dosai.json"),
4641
4670
  );
4642
4671
  // Create the slices file if it doesn't exist
4643
4672
  if (!existsSync(slicesFile)) {
4644
4673
  const sliceResult = getDotnetSlices(resolve(path), resolve(slicesFile));
4645
4674
  if (!sliceResult && DEBUG_MODE) {
4646
4675
  console.log(
4647
- "Slicing with dosai was unsuccessful. Check the errors reported in the logs above."
4676
+ "Slicing with dosai was unsuccessful. Check the errors reported in the logs above.",
4648
4677
  );
4649
4678
  }
4650
4679
  }
@@ -4657,7 +4686,7 @@ export async function createCsharpBom(path, options) {
4657
4686
  dependencies = mergeDependencies(
4658
4687
  dependencies,
4659
4688
  retMap.dependencies,
4660
- parentComponent
4689
+ parentComponent,
4661
4690
  );
4662
4691
  }
4663
4692
  pkgList = trimComponents(pkgList);
@@ -4666,7 +4695,7 @@ export async function createCsharpBom(path, options) {
4666
4695
  src: path,
4667
4696
  filename: manifestFiles.join(", "),
4668
4697
  dependencies,
4669
- parentComponent
4698
+ parentComponent,
4670
4699
  });
4671
4700
  }
4672
4701
 
@@ -4682,7 +4711,7 @@ export async function createCryptoCertsBom(path, options) {
4682
4711
  path,
4683
4712
  (options.multiProject ? "**/" : "") +
4684
4713
  "*.{p12,jks,jceks,bks,keystore,key,pem,cer,gpg,pub}",
4685
- options
4714
+ options,
4686
4715
  );
4687
4716
  for (const f of certFiles) {
4688
4717
  const name = basename(f);
@@ -4696,28 +4725,28 @@ export async function createCryptoCertsBom(path, options) {
4696
4725
  assetType: "certificate",
4697
4726
  algorithmProperties: {
4698
4727
  executionEnvironment: "unknown",
4699
- implementationPlatform: "unknown"
4700
- }
4728
+ implementationPlatform: "unknown",
4729
+ },
4701
4730
  },
4702
- properties: [{ name: "SrcFile", value: f }]
4731
+ properties: [{ name: "SrcFile", value: f }],
4703
4732
  };
4704
4733
  pkgList.push(apkg);
4705
4734
  }
4706
4735
  return {
4707
4736
  bomJson: {
4708
- components: pkgList
4709
- }
4737
+ components: pkgList,
4738
+ },
4710
4739
  };
4711
4740
  }
4712
4741
 
4713
4742
  export function mergeDependencies(
4714
4743
  dependencies,
4715
4744
  newDependencies,
4716
- parentComponent = {}
4745
+ parentComponent = {},
4717
4746
  ) {
4718
4747
  if (!parentComponent && DEBUG_MODE) {
4719
4748
  console.log(
4720
- "Unable to determine parent component. Dependencies will be flattened."
4749
+ "Unable to determine parent component. Dependencies will be flattened.",
4721
4750
  );
4722
4751
  }
4723
4752
  let providesFound = false;
@@ -4763,12 +4792,12 @@ export function mergeDependencies(
4763
4792
  retlist.push({
4764
4793
  ref: akey,
4765
4794
  dependsOn: Array.from(deps_map[akey]).sort(),
4766
- provides: Array.from(provides_map[akey]).sort()
4795
+ provides: Array.from(provides_map[akey]).sort(),
4767
4796
  });
4768
4797
  } else {
4769
4798
  retlist.push({
4770
4799
  ref: akey,
4771
- dependsOn: Array.from(deps_map[akey]).sort()
4800
+ dependsOn: Array.from(deps_map[akey]).sort(),
4772
4801
  });
4773
4802
  }
4774
4803
  }
@@ -4808,7 +4837,7 @@ export function dedupeBom(options, components, parentComponent, dependencies) {
4808
4837
  components = trimComponents(components);
4809
4838
  if (DEBUG_MODE) {
4810
4839
  console.log(
4811
- `BOM includes ${components.length} components and ${dependencies.length} dependencies after dedupe`
4840
+ `BOM includes ${components.length} components and ${dependencies.length} dependencies after dedupe`,
4812
4841
  );
4813
4842
  }
4814
4843
  const serialNum = "urn:uuid:" + uuidv4();
@@ -4821,11 +4850,11 @@ export function dedupeBom(options, components, parentComponent, dependencies) {
4821
4850
  specVersion: "" + (options.specVersion || 1.5),
4822
4851
  serialNumber: serialNum,
4823
4852
  version: 1,
4824
- metadata: addMetadata(parentComponent, options),
4853
+ metadata: addMetadata(parentComponent, options, {}),
4825
4854
  components,
4826
4855
  services: options.services || [],
4827
- dependencies
4828
- }
4856
+ dependencies,
4857
+ },
4829
4858
  };
4830
4859
  }
4831
4860
 
@@ -4847,11 +4876,11 @@ export async function createMultiXBom(pathList, options) {
4847
4876
  options.allLayersExplodedDir
4848
4877
  ) {
4849
4878
  const { osPackages, dependenciesList, allTypes } = getOSPackages(
4850
- options.allLayersExplodedDir
4879
+ options.allLayersExplodedDir,
4851
4880
  );
4852
4881
  if (DEBUG_MODE) {
4853
4882
  console.log(
4854
- `Found ${osPackages.length} OS packages at ${options.allLayersExplodedDir}`
4883
+ `Found ${osPackages.length} OS packages at ${options.allLayersExplodedDir}`,
4855
4884
  );
4856
4885
  }
4857
4886
  if (allTypes && allTypes.length) {
@@ -4866,7 +4895,7 @@ export async function createMultiXBom(pathList, options) {
4866
4895
  const parentDependsOn = new Set(osPackages.map((p) => p["bom-ref"]));
4867
4896
  dependencies.splice(0, 0, {
4868
4897
  ref: parentComponent["bom-ref"],
4869
- dependsOn: Array.from(parentDependsOn).sort()
4898
+ dependsOn: Array.from(parentDependsOn).sort(),
4870
4899
  });
4871
4900
  }
4872
4901
  }
@@ -4892,7 +4921,7 @@ export async function createMultiXBom(pathList, options) {
4892
4921
  ) {
4893
4922
  if (DEBUG_MODE) {
4894
4923
  console.log(
4895
- `Found ${bomData.bomJson.components.length} npm packages at ${path}`
4924
+ `Found ${bomData.bomJson.components.length} npm packages at ${path}`,
4896
4925
  );
4897
4926
  }
4898
4927
  components = components.concat(bomData.bomJson.components);
@@ -4909,7 +4938,7 @@ export async function createMultiXBom(pathList, options) {
4909
4938
  bomData.parentComponent.components.length
4910
4939
  ) {
4911
4940
  parentSubComponents = parentSubComponents.concat(
4912
- bomData.parentComponent.components
4941
+ bomData.parentComponent.components,
4913
4942
  );
4914
4943
  }
4915
4944
  }
@@ -4922,7 +4951,7 @@ export async function createMultiXBom(pathList, options) {
4922
4951
  ) {
4923
4952
  if (DEBUG_MODE) {
4924
4953
  console.log(
4925
- `Found ${bomData.bomJson.components.length} java packages at ${path}`
4954
+ `Found ${bomData.bomJson.components.length} java packages at ${path}`,
4926
4955
  );
4927
4956
  }
4928
4957
  components = components.concat(bomData.bomJson.components);
@@ -4939,7 +4968,7 @@ export async function createMultiXBom(pathList, options) {
4939
4968
  bomData.parentComponent.components.length
4940
4969
  ) {
4941
4970
  parentSubComponents = parentSubComponents.concat(
4942
- bomData.parentComponent.components
4971
+ bomData.parentComponent.components,
4943
4972
  );
4944
4973
  }
4945
4974
  }
@@ -4952,7 +4981,7 @@ export async function createMultiXBom(pathList, options) {
4952
4981
  ) {
4953
4982
  if (DEBUG_MODE) {
4954
4983
  console.log(
4955
- `Found ${bomData.bomJson.components.length} python packages at ${path}`
4984
+ `Found ${bomData.bomJson.components.length} python packages at ${path}`,
4956
4985
  );
4957
4986
  }
4958
4987
  components = components.concat(bomData.bomJson.components);
@@ -4973,7 +5002,7 @@ export async function createMultiXBom(pathList, options) {
4973
5002
  ) {
4974
5003
  if (DEBUG_MODE) {
4975
5004
  console.log(
4976
- `Found ${bomData.bomJson.components.length} go packages at ${path}`
5005
+ `Found ${bomData.bomJson.components.length} go packages at ${path}`,
4977
5006
  );
4978
5007
  }
4979
5008
  components = components.concat(bomData.bomJson.components);
@@ -4989,7 +5018,7 @@ export async function createMultiXBom(pathList, options) {
4989
5018
  if (bomData && bomData.bomJson && bomData.bomJson.components) {
4990
5019
  if (DEBUG_MODE) {
4991
5020
  console.log(
4992
- `Found ${bomData.bomJson.components.length} rust packages at ${path}`
5021
+ `Found ${bomData.bomJson.components.length} rust packages at ${path}`,
4993
5022
  );
4994
5023
  }
4995
5024
  components = components.concat(bomData.bomJson.components);
@@ -5006,7 +5035,7 @@ export async function createMultiXBom(pathList, options) {
5006
5035
  bomData.parentComponent.components.length
5007
5036
  ) {
5008
5037
  parentSubComponents = parentSubComponents.concat(
5009
- bomData.parentComponent.components
5038
+ bomData.parentComponent.components,
5010
5039
  );
5011
5040
  }
5012
5041
  }
@@ -5014,7 +5043,7 @@ export async function createMultiXBom(pathList, options) {
5014
5043
  if (bomData && bomData.bomJson && bomData.bomJson.components) {
5015
5044
  if (DEBUG_MODE) {
5016
5045
  console.log(
5017
- `Found ${bomData.bomJson.components.length} php packages at ${path}`
5046
+ `Found ${bomData.bomJson.components.length} php packages at ${path}`,
5018
5047
  );
5019
5048
  }
5020
5049
  components = components.concat(bomData.bomJson.components);
@@ -5030,14 +5059,14 @@ export async function createMultiXBom(pathList, options) {
5030
5059
  if (bomData && bomData.bomJson && bomData.bomJson.components) {
5031
5060
  if (DEBUG_MODE) {
5032
5061
  console.log(
5033
- `Found ${bomData.bomJson.components.length} ruby packages at ${path}`
5062
+ `Found ${bomData.bomJson.components.length} ruby packages at ${path}`,
5034
5063
  );
5035
5064
  }
5036
5065
  components = components.concat(bomData.bomJson.components);
5037
5066
  dependencies = mergeDependencies(
5038
5067
  dependencies,
5039
5068
  bomData.bomJson.dependencies,
5040
- bomData.parentComponent
5069
+ bomData.parentComponent,
5041
5070
  );
5042
5071
  if (
5043
5072
  bomData.parentComponent &&
@@ -5055,7 +5084,7 @@ export async function createMultiXBom(pathList, options) {
5055
5084
  ) {
5056
5085
  if (DEBUG_MODE) {
5057
5086
  console.log(
5058
- `Found ${bomData.bomJson.components.length} csharp packages at ${path}`
5087
+ `Found ${bomData.bomJson.components.length} csharp packages at ${path}`,
5059
5088
  );
5060
5089
  }
5061
5090
  components = components.concat(bomData.bomJson.components);
@@ -5071,7 +5100,7 @@ export async function createMultiXBom(pathList, options) {
5071
5100
  if (bomData && bomData.bomJson && bomData.bomJson.components) {
5072
5101
  if (DEBUG_MODE) {
5073
5102
  console.log(
5074
- `Found ${bomData.bomJson.components.length} pub packages at ${path}`
5103
+ `Found ${bomData.bomJson.components.length} pub packages at ${path}`,
5075
5104
  );
5076
5105
  }
5077
5106
  components = components.concat(bomData.bomJson.components);
@@ -5087,7 +5116,7 @@ export async function createMultiXBom(pathList, options) {
5087
5116
  if (bomData && bomData.bomJson && bomData.bomJson.components) {
5088
5117
  if (DEBUG_MODE) {
5089
5118
  console.log(
5090
- `Found ${bomData.bomJson.components.length} hackage packages at ${path}`
5119
+ `Found ${bomData.bomJson.components.length} hackage packages at ${path}`,
5091
5120
  );
5092
5121
  }
5093
5122
  components = components.concat(bomData.bomJson.components);
@@ -5103,7 +5132,7 @@ export async function createMultiXBom(pathList, options) {
5103
5132
  if (bomData && bomData.bomJson && bomData.bomJson.components) {
5104
5133
  if (DEBUG_MODE) {
5105
5134
  console.log(
5106
- `Found ${bomData.bomJson.components.length} mix packages at ${path}`
5135
+ `Found ${bomData.bomJson.components.length} mix packages at ${path}`,
5107
5136
  );
5108
5137
  }
5109
5138
  components = components.concat(bomData.bomJson.components);
@@ -5119,7 +5148,7 @@ export async function createMultiXBom(pathList, options) {
5119
5148
  if (bomData && bomData.bomJson && bomData.bomJson.components) {
5120
5149
  if (DEBUG_MODE) {
5121
5150
  console.log(
5122
- `Found ${bomData.bomJson.components.length} cpp packages at ${path}`
5151
+ `Found ${bomData.bomJson.components.length} cpp packages at ${path}`,
5123
5152
  );
5124
5153
  }
5125
5154
  components = components.concat(bomData.bomJson.components);
@@ -5135,7 +5164,7 @@ export async function createMultiXBom(pathList, options) {
5135
5164
  if (bomData && bomData.bomJson && bomData.bomJson.components) {
5136
5165
  if (DEBUG_MODE) {
5137
5166
  console.log(
5138
- `Found ${bomData.bomJson.components.length} clojure packages at ${path}`
5167
+ `Found ${bomData.bomJson.components.length} clojure packages at ${path}`,
5139
5168
  );
5140
5169
  }
5141
5170
  components = components.concat(bomData.bomJson.components);
@@ -5151,7 +5180,7 @@ export async function createMultiXBom(pathList, options) {
5151
5180
  if (bomData && bomData.bomJson && bomData.bomJson.components) {
5152
5181
  if (DEBUG_MODE) {
5153
5182
  console.log(
5154
- `Found ${bomData.bomJson.components.length} GitHub action packages at ${path}`
5183
+ `Found ${bomData.bomJson.components.length} GitHub action packages at ${path}`,
5155
5184
  );
5156
5185
  }
5157
5186
  components = components.concat(bomData.bomJson.components);
@@ -5167,7 +5196,7 @@ export async function createMultiXBom(pathList, options) {
5167
5196
  if (bomData && bomData.bomJson && bomData.bomJson.components) {
5168
5197
  if (DEBUG_MODE) {
5169
5198
  console.log(
5170
- `Found ${bomData.bomJson.components.length} CloudBuild configuration at ${path}`
5199
+ `Found ${bomData.bomJson.components.length} CloudBuild configuration at ${path}`,
5171
5200
  );
5172
5201
  }
5173
5202
  components = components.concat(bomData.bomJson.components);
@@ -5188,7 +5217,7 @@ export async function createMultiXBom(pathList, options) {
5188
5217
  ) {
5189
5218
  if (DEBUG_MODE) {
5190
5219
  console.log(
5191
- `Found ${bomData.bomJson.components.length} Swift packages at ${path}`
5220
+ `Found ${bomData.bomJson.components.length} Swift packages at ${path}`,
5192
5221
  );
5193
5222
  }
5194
5223
  components = components.concat(bomData.bomJson.components);
@@ -5211,7 +5240,7 @@ export async function createMultiXBom(pathList, options) {
5211
5240
  ) {
5212
5241
  if (DEBUG_MODE) {
5213
5242
  console.log(
5214
- `Found ${bomData.bomJson.components.length} jar packages at ${path}`
5243
+ `Found ${bomData.bomJson.components.length} jar packages at ${path}`,
5215
5244
  );
5216
5245
  }
5217
5246
  components = components.concat(bomData.bomJson.components);
@@ -5234,7 +5263,7 @@ export async function createMultiXBom(pathList, options) {
5234
5263
  ) {
5235
5264
  if (DEBUG_MODE) {
5236
5265
  console.log(
5237
- `Found ${bomData.bomJson.components.length} crypto assets at ${path}`
5266
+ `Found ${bomData.bomJson.components.length} crypto assets at ${path}`,
5238
5267
  );
5239
5268
  }
5240
5269
  components = components.concat(bomData.bomJson.components);
@@ -5256,7 +5285,7 @@ export async function createMultiXBom(pathList, options) {
5256
5285
  ) {
5257
5286
  if (DEBUG_MODE) {
5258
5287
  console.log(
5259
- `Found ${bomData.bomJson.components.length} jar packages at ${options.lastWorkingDir}`
5288
+ `Found ${bomData.bomJson.components.length} jar packages at ${options.lastWorkingDir}`,
5260
5289
  );
5261
5290
  }
5262
5291
  components = components.concat(bomData.bomJson.components);
@@ -5277,7 +5306,7 @@ export async function createMultiXBom(pathList, options) {
5277
5306
  // Our naive approach to appending to sub-components could result in same parent being included as a child
5278
5307
  // This is filtered out here
5279
5308
  parentSubComponents = parentSubComponents.filter(
5280
- (c) => c["bom-ref"] !== parentComponent["bom-ref"]
5309
+ (c) => c["bom-ref"] !== parentComponent["bom-ref"],
5281
5310
  );
5282
5311
  parentComponent.components = trimComponents(parentSubComponents);
5283
5312
  if (
@@ -5317,19 +5346,19 @@ export async function createXBom(path, options) {
5317
5346
  const pomFiles = getAllFiles(
5318
5347
  path,
5319
5348
  (options.multiProject ? "**/" : "") + "pom.xml",
5320
- options
5349
+ options,
5321
5350
  );
5322
5351
  // gradle
5323
5352
  const gradleFiles = getAllFiles(
5324
5353
  path,
5325
5354
  (options.multiProject ? "**/" : "") + "build.gradle*",
5326
- options
5355
+ options,
5327
5356
  );
5328
5357
  // scala sbt
5329
5358
  const sbtFiles = getAllFiles(
5330
5359
  path,
5331
5360
  (options.multiProject ? "**/" : "") + "{build.sbt,Build.scala}*",
5332
- options
5361
+ options,
5333
5362
  );
5334
5363
  if (pomFiles.length || gradleFiles.length || sbtFiles.length) {
5335
5364
  return await createJavaBom(path, options);
@@ -5345,19 +5374,19 @@ export async function createXBom(path, options) {
5345
5374
  const reqFiles = getAllFiles(
5346
5375
  path,
5347
5376
  (options.multiProject ? "**/" : "") + "*requirements*.txt",
5348
- options
5377
+ options,
5349
5378
  );
5350
5379
  const reqDirFiles = getAllFiles(
5351
5380
  path,
5352
5381
  (options.multiProject ? "**/" : "") + "requirements/*.txt",
5353
- options
5382
+ options,
5354
5383
  );
5355
5384
  const requirementsMode =
5356
5385
  (reqFiles && reqFiles.length) || (reqDirFiles && reqDirFiles.length);
5357
5386
  const whlFiles = getAllFiles(
5358
5387
  path,
5359
5388
  (options.multiProject ? "**/" : "") + "*.whl",
5360
- options
5389
+ options,
5361
5390
  );
5362
5391
  if (requirementsMode || whlFiles.length) {
5363
5392
  return await createPythonBom(path, options);
@@ -5366,17 +5395,17 @@ export async function createXBom(path, options) {
5366
5395
  const gosumFiles = getAllFiles(
5367
5396
  path,
5368
5397
  (options.multiProject ? "**/" : "") + "go.sum",
5369
- options
5398
+ options,
5370
5399
  );
5371
5400
  const gomodFiles = getAllFiles(
5372
5401
  path,
5373
5402
  (options.multiProject ? "**/" : "") + "go.mod",
5374
- options
5403
+ options,
5375
5404
  );
5376
5405
  const gopkgLockFiles = getAllFiles(
5377
5406
  path,
5378
5407
  (options.multiProject ? "**/" : "") + "Gopkg.lock",
5379
- options
5408
+ options,
5380
5409
  );
5381
5410
  if (gomodFiles.length || gosumFiles.length || gopkgLockFiles.length) {
5382
5411
  return await createGoBom(path, options);
@@ -5386,12 +5415,12 @@ export async function createXBom(path, options) {
5386
5415
  const cargoLockFiles = getAllFiles(
5387
5416
  path,
5388
5417
  (options.multiProject ? "**/" : "") + "Cargo.lock",
5389
- options
5418
+ options,
5390
5419
  );
5391
5420
  const cargoFiles = getAllFiles(
5392
5421
  path,
5393
5422
  (options.multiProject ? "**/" : "") + "Cargo.toml",
5394
- options
5423
+ options,
5395
5424
  );
5396
5425
  if (cargoLockFiles.length || cargoFiles.length) {
5397
5426
  return await createRustBom(path, options);
@@ -5401,12 +5430,12 @@ export async function createXBom(path, options) {
5401
5430
  const composerJsonFiles = getAllFiles(
5402
5431
  path,
5403
5432
  (options.multiProject ? "**/" : "") + "composer.json",
5404
- options
5433
+ options,
5405
5434
  );
5406
5435
  const composerLockFiles = getAllFiles(
5407
5436
  path,
5408
5437
  (options.multiProject ? "**/" : "") + "composer.lock",
5409
- options
5438
+ options,
5410
5439
  );
5411
5440
  if (composerJsonFiles.length || composerLockFiles.length) {
5412
5441
  return createPHPBom(path, options);
@@ -5416,12 +5445,12 @@ export async function createXBom(path, options) {
5416
5445
  const gemFiles = getAllFiles(
5417
5446
  path,
5418
5447
  (options.multiProject ? "**/" : "") + "Gemfile",
5419
- options
5448
+ options,
5420
5449
  );
5421
5450
  const gemLockFiles = getAllFiles(
5422
5451
  path,
5423
5452
  (options.multiProject ? "**/" : "") + "Gemfile*.lock",
5424
- options
5453
+ options,
5425
5454
  );
5426
5455
  if (gemFiles.length || gemLockFiles.length) {
5427
5456
  return await createRubyBom(path, options);
@@ -5431,13 +5460,21 @@ export async function createXBom(path, options) {
5431
5460
  let csProjFiles = getAllFiles(
5432
5461
  path,
5433
5462
  (options.multiProject ? "**/" : "") + "*.csproj",
5434
- options
5463
+ options,
5435
5464
  );
5436
5465
  csProjFiles = csProjFiles.concat(
5437
- getAllFiles(path, (options.multiProject ? "**/" : "") + "*.vbproj", options)
5466
+ getAllFiles(
5467
+ path,
5468
+ (options.multiProject ? "**/" : "") + "*.vbproj",
5469
+ options,
5470
+ ),
5438
5471
  );
5439
5472
  csProjFiles = csProjFiles.concat(
5440
- getAllFiles(path, (options.multiProject ? "**/" : "") + "*.fsproj", options)
5473
+ getAllFiles(
5474
+ path,
5475
+ (options.multiProject ? "**/" : "") + "*.fsproj",
5476
+ options,
5477
+ ),
5441
5478
  );
5442
5479
  if (csProjFiles.length) {
5443
5480
  return await createCsharpBom(path, options);
@@ -5447,12 +5484,12 @@ export async function createXBom(path, options) {
5447
5484
  const pubFiles = getAllFiles(
5448
5485
  path,
5449
5486
  (options.multiProject ? "**/" : "") + "pubspec.lock",
5450
- options
5487
+ options,
5451
5488
  );
5452
5489
  const pubSpecFiles = getAllFiles(
5453
5490
  path,
5454
5491
  (options.multiProject ? "**/" : "") + "pubspec.yaml",
5455
- options
5492
+ options,
5456
5493
  );
5457
5494
  if (pubFiles.length || pubSpecFiles.length) {
5458
5495
  return await createDartBom(path, options);
@@ -5462,7 +5499,7 @@ export async function createXBom(path, options) {
5462
5499
  const hackageFiles = getAllFiles(
5463
5500
  path,
5464
5501
  (options.multiProject ? "**/" : "") + "cabal.project.freeze",
5465
- options
5502
+ options,
5466
5503
  );
5467
5504
  if (hackageFiles.length) {
5468
5505
  return createHaskellBom(path, options);
@@ -5472,7 +5509,7 @@ export async function createXBom(path, options) {
5472
5509
  const mixFiles = getAllFiles(
5473
5510
  path,
5474
5511
  (options.multiProject ? "**/" : "") + "mix.lock",
5475
- options
5512
+ options,
5476
5513
  );
5477
5514
  if (mixFiles.length) {
5478
5515
  return createElixirBom(path, options);
@@ -5482,22 +5519,22 @@ export async function createXBom(path, options) {
5482
5519
  const conanLockFiles = getAllFiles(
5483
5520
  path,
5484
5521
  (options.multiProject ? "**/" : "") + "conan.lock",
5485
- options
5522
+ options,
5486
5523
  );
5487
5524
  const conanFiles = getAllFiles(
5488
5525
  path,
5489
5526
  (options.multiProject ? "**/" : "") + "conanfile.txt",
5490
- options
5527
+ options,
5491
5528
  );
5492
5529
  const cmakeListFiles = getAllFiles(
5493
5530
  path,
5494
5531
  (options.multiProject ? "**/" : "") + "CMakeLists.txt",
5495
- options
5532
+ options,
5496
5533
  );
5497
5534
  const mesonBuildFiles = getAllFiles(
5498
5535
  path,
5499
5536
  (options.multiProject ? "**/" : "") + "meson.build",
5500
- options
5537
+ options,
5501
5538
  );
5502
5539
  if (
5503
5540
  conanLockFiles.length ||
@@ -5512,12 +5549,12 @@ export async function createXBom(path, options) {
5512
5549
  const ednFiles = getAllFiles(
5513
5550
  path,
5514
5551
  (options.multiProject ? "**/" : "") + "deps.edn",
5515
- options
5552
+ options,
5516
5553
  );
5517
5554
  const leinFiles = getAllFiles(
5518
5555
  path,
5519
5556
  (options.multiProject ? "**/" : "") + "project.clj",
5520
- options
5557
+ options,
5521
5558
  );
5522
5559
  if (ednFiles.length || leinFiles.length) {
5523
5560
  return createClojureBom(path, options);
@@ -5527,7 +5564,7 @@ export async function createXBom(path, options) {
5527
5564
  const ghactionFiles = getAllFiles(
5528
5565
  path,
5529
5566
  ".github/workflows/" + "*.yml",
5530
- options
5567
+ options,
5531
5568
  );
5532
5569
  if (ghactionFiles.length) {
5533
5570
  return createGitHubBom(path, options);
@@ -5537,7 +5574,7 @@ export async function createXBom(path, options) {
5537
5574
  const hpiFiles = getAllFiles(
5538
5575
  path,
5539
5576
  (options.multiProject ? "**/" : "") + "*.hpi",
5540
- options
5577
+ options,
5541
5578
  );
5542
5579
  if (hpiFiles.length) {
5543
5580
  return await createJenkinsBom(path, options);
@@ -5547,12 +5584,12 @@ export async function createXBom(path, options) {
5547
5584
  const chartFiles = getAllFiles(
5548
5585
  path,
5549
5586
  (options.multiProject ? "**/" : "") + "Chart.yaml",
5550
- options
5587
+ options,
5551
5588
  );
5552
5589
  const yamlFiles = getAllFiles(
5553
5590
  path,
5554
5591
  (options.multiProject ? "**/" : "") + "values.yaml",
5555
- options
5592
+ options,
5556
5593
  );
5557
5594
  if (chartFiles.length || yamlFiles.length) {
5558
5595
  return createHelmBom(path, options);
@@ -5562,27 +5599,27 @@ export async function createXBom(path, options) {
5562
5599
  const dcFiles = getAllFiles(
5563
5600
  path,
5564
5601
  (options.multiProject ? "**/" : "") + "docker-compose*.yml",
5565
- options
5602
+ options,
5566
5603
  );
5567
5604
  const dfFiles = getAllFiles(
5568
5605
  path,
5569
5606
  (options.multiProject ? "**/" : "") + "*Dockerfile*",
5570
- options
5607
+ options,
5571
5608
  );
5572
5609
  const cfFiles = getAllFiles(
5573
5610
  path,
5574
5611
  (options.multiProject ? "**/" : "") + "*Containerfile*",
5575
- options
5612
+ options,
5576
5613
  );
5577
5614
  const skFiles = getAllFiles(
5578
5615
  path,
5579
5616
  (options.multiProject ? "**/" : "") + "skaffold.yaml",
5580
- options
5617
+ options,
5581
5618
  );
5582
5619
  const deplFiles = getAllFiles(
5583
5620
  path,
5584
5621
  (options.multiProject ? "**/" : "") + "deployment.yaml",
5585
- options
5622
+ options,
5586
5623
  );
5587
5624
  if (
5588
5625
  dcFiles.length ||
@@ -5598,7 +5635,7 @@ export async function createXBom(path, options) {
5598
5635
  const cbFiles = getAllFiles(
5599
5636
  path,
5600
5637
  (options.multiProject ? "**/" : "") + "cloudbuild.yaml",
5601
- options
5638
+ options,
5602
5639
  );
5603
5640
  if (cbFiles.length) {
5604
5641
  return createCloudBuildBom(path, options);
@@ -5608,12 +5645,12 @@ export async function createXBom(path, options) {
5608
5645
  const swiftFiles = getAllFiles(
5609
5646
  path,
5610
5647
  (options.multiProject ? "**/" : "") + "Package*.swift",
5611
- options
5648
+ options,
5612
5649
  );
5613
5650
  const pkgResolvedFiles = getAllFiles(
5614
5651
  path,
5615
5652
  (options.multiProject ? "**/" : "") + "Package.resolved",
5616
- options
5653
+ options,
5617
5654
  );
5618
5655
  if (swiftFiles.length || pkgResolvedFiles.length) {
5619
5656
  return await createSwiftBom(path, options);
@@ -5640,7 +5677,7 @@ export async function createBom(path, options) {
5640
5677
  exportData = await exportArchive(path);
5641
5678
  if (!exportData) {
5642
5679
  console.log(
5643
- `OS BOM generation has failed due to problems with exporting the image ${path}`
5680
+ `OS BOM generation has failed due to problems with exporting the image ${path}`,
5644
5681
  );
5645
5682
  return {};
5646
5683
  }
@@ -5660,7 +5697,7 @@ export async function createBom(path, options) {
5660
5697
  exportData = await exportImage(path);
5661
5698
  if (!exportData) {
5662
5699
  console.log(
5663
- "BOM generation has failed due to problems with exporting the image"
5700
+ "BOM generation has failed due to problems with exporting the image",
5664
5701
  );
5665
5702
  options.failOnError && process.exit(1);
5666
5703
  return {};
@@ -5672,7 +5709,7 @@ export async function createBom(path, options) {
5672
5709
  inspectData: undefined,
5673
5710
  lastWorkingDir: "",
5674
5711
  allLayersDir: path,
5675
- allLayersExplodedDir: path
5712
+ allLayersExplodedDir: path,
5676
5713
  };
5677
5714
  if (existsSync(join(path, "all-layers"))) {
5678
5715
  exportData.allLayersDir = join(path, "all-layers");
@@ -5707,10 +5744,13 @@ export async function createBom(path, options) {
5707
5744
  version: tmpA[1],
5708
5745
  type: "container",
5709
5746
  purl: "pkg:oci/" + inspectData.RepoDigests[0],
5710
- _integrity: inspectData.RepoDigests[0].replace("sha256:", "sha256-")
5747
+ _integrity: inspectData.RepoDigests[0].replace(
5748
+ "sha256:",
5749
+ "sha256-",
5750
+ ),
5711
5751
  };
5712
5752
  options.parentComponent["bom-ref"] = decodeURIComponent(
5713
- options.parentComponent.purl
5753
+ options.parentComponent.purl,
5714
5754
  );
5715
5755
  }
5716
5756
  } else if (inspectData.Id) {
@@ -5721,17 +5761,17 @@ export async function createBom(path, options) {
5721
5761
  .replace("sha256:", ""),
5722
5762
  type: "container",
5723
5763
  purl: "pkg:oci/" + inspectData.RepoDigests[0],
5724
- _integrity: inspectData.RepoDigests[0].replace("sha256:", "sha256-")
5764
+ _integrity: inspectData.RepoDigests[0].replace("sha256:", "sha256-"),
5725
5765
  };
5726
5766
  options.parentComponent["bom-ref"] = decodeURIComponent(
5727
- options.parentComponent.purl
5767
+ options.parentComponent.purl,
5728
5768
  );
5729
5769
  }
5730
5770
  } else {
5731
5771
  options.parentComponent = createDefaultParentComponent(
5732
5772
  path,
5733
5773
  "container",
5734
- options
5774
+ options,
5735
5775
  );
5736
5776
  }
5737
5777
  // Pass the entire export data about the image layers
@@ -5740,7 +5780,7 @@ export async function createBom(path, options) {
5740
5780
  options.allLayersExplodedDir = exportData.allLayersExplodedDir;
5741
5781
  const bomData = await createMultiXBom(
5742
5782
  [...new Set(exportData.pkgPathList)],
5743
- options
5783
+ options,
5744
5784
  );
5745
5785
  if (
5746
5786
  exportData.allLayersDir &&
@@ -5793,7 +5833,7 @@ export async function createBom(path, options) {
5793
5833
  options.useMavenCache = true;
5794
5834
  return createJarBom(
5795
5835
  process.env.MAVEN_CACHE_DIR || join(homedir(), ".m2", "repository"),
5796
- options
5836
+ options,
5797
5837
  );
5798
5838
  case "npm":
5799
5839
  case "pnpm":
@@ -5868,7 +5908,7 @@ export async function createBom(path, options) {
5868
5908
  case "helm-repo":
5869
5909
  return createHelmBom(
5870
5910
  join(homedir(), ".cache", "helm", "repository"),
5871
- options
5911
+ options,
5872
5912
  );
5873
5913
  case "universal":
5874
5914
  case "containerfile":
@@ -5907,14 +5947,14 @@ export async function createBom(path, options) {
5907
5947
  export async function submitBom(args, bomContents) {
5908
5948
  const serverUrl = args.serverUrl.replace(/\/$/, "") + "/api/v1/bom";
5909
5949
  let encodedBomContents = Buffer.from(JSON.stringify(bomContents)).toString(
5910
- "base64"
5950
+ "base64",
5911
5951
  );
5912
5952
  if (encodedBomContents.startsWith("77u/")) {
5913
5953
  encodedBomContents = encodedBomContents.substring(4);
5914
5954
  }
5915
5955
  const bomPayload = {
5916
5956
  autoCreate: "true",
5917
- bom: encodedBomContents
5957
+ bom: encodedBomContents,
5918
5958
  };
5919
5959
  const projectVersion = args.projectVersion || "master";
5920
5960
  if (
@@ -5933,7 +5973,7 @@ export async function submitBom(args, bomContents) {
5933
5973
  }
5934
5974
  } else {
5935
5975
  console.log(
5936
- "projectId, projectName and projectVersion, or all three must be provided."
5976
+ "projectId, projectName and projectVersion, or all three must be provided.",
5937
5977
  );
5938
5978
  return;
5939
5979
  }
@@ -5949,7 +5989,7 @@ export async function submitBom(args, bomContents) {
5949
5989
  serverUrl,
5950
5990
  "params",
5951
5991
  args.projectName,
5952
- projectVersion
5992
+ projectVersion,
5953
5993
  );
5954
5994
  }
5955
5995
  try {
@@ -5958,16 +5998,16 @@ export async function submitBom(args, bomContents) {
5958
5998
  headers: {
5959
5999
  "X-Api-Key": args.apiKey,
5960
6000
  "Content-Type": "application/json",
5961
- "user-agent": `@CycloneDX/cdxgen ${_version}`
6001
+ "user-agent": `@CycloneDX/cdxgen ${_version}`,
5962
6002
  },
5963
6003
  json: bomPayload,
5964
- responseType: "json"
6004
+ responseType: "json",
5965
6005
  }).json();
5966
6006
  } catch (error) {
5967
6007
  if (error.response && error.response.statusCode === 401) {
5968
6008
  // Unauthorized
5969
6009
  console.log(
5970
- "Received Unauthorized error. Check the API key used is valid and has necessary permissions to create projects and upload bom."
6010
+ "Received Unauthorized error. Check the API key used is valid and has necessary permissions to create projects and upload bom.",
5971
6011
  );
5972
6012
  } else if (error.response && error.response.statusCode === 405) {
5973
6013
  // Method not allowed errors
@@ -5977,14 +6017,14 @@ export async function submitBom(args, bomContents) {
5977
6017
  headers: {
5978
6018
  "X-Api-Key": args.apiKey,
5979
6019
  "Content-Type": "application/json",
5980
- "user-agent": `@CycloneDX/cdxgen ${_version}`
6020
+ "user-agent": `@CycloneDX/cdxgen ${_version}`,
5981
6021
  },
5982
6022
  json: bomPayload,
5983
- responseType: "json"
6023
+ responseType: "json",
5984
6024
  }).json();
5985
6025
  } catch (error) {
5986
6026
  console.log(
5987
- "Unable to submit the SBOM to the Dependency-Track server using POST method"
6027
+ "Unable to submit the SBOM to the Dependency-Track server using POST method",
5988
6028
  );
5989
6029
  console.log(error);
5990
6030
  }