@cyclonedx/cdxgen 11.1.10 → 11.2.1

package/bin/cdxgen.js

@@ -579,13 +579,25 @@ const applyAdvancedOptions = (options) => {
       break;
   }
   // When the user specifies source-code-analysis as a technique, then enable deep and evidence mode.
-  if (
-    options?.technique &&
-    Array.isArray(options.technique) &&
-    options?.technique?.includes("source-code-analysis")
-  ) {
-    options.deep = true;
-    options.evidence = true;
+  if (options?.technique && Array.isArray(options.technique)) {
+    if (options?.technique?.includes("source-code-analysis")) {
+      options.deep = true;
+      options.evidence = true;
+    }
+    if (options.technique.length === 1) {
+      thoughtLog(
+        `Wait, the user wants me to use only the following technique: '${options.technique.join(", ")}'.`,
+      );
+    } else {
+      thoughtLog(
+        `Alright, I will use only the following techniques: '${options.technique.join(", ")}' for the final BOM.`,
+      );
+    }
+  }
+  if (!options.installDeps) {
+    thoughtLog(
+      "I must avoid any package installations and focus solely on the available artefacts, such as lock files.",
+    );
   }
   return options;
 };
@@ -764,7 +776,11 @@ const checkPermissions = (filePath, options) => {
   prepareEnv(filePath, options);
   thoughtLog("Getting ready to generate the BOM ⚡️.");
   let bomNSData = (await createBom(filePath, options)) || {};
-  thoughtLog("Tweaking the generated BOM data. Nearly there.");
+  if (bomNSData?.bomJson) {
+    thoughtLog(
+      "Tweaking the generated BOM data with useful annotations and properties.",
+    );
+  }
   // Add extra metadata and annotations with post processing
   bomNSData = postProcess(bomNSData, options);
   if (
@@ -972,7 +988,7 @@ const checkPermissions = (filePath, options) => {
     }
   }
   // Perform automatic validation
-  if (options.validate) {
+  if (options.validate && bomNSData?.bomJson) {
     thoughtLog("Wait, let's check the generated BOM file for any issues.");
     if (!validateBom(bomNSData.bomJson)) {
       process.exit(1);

package/bin/repl.js

@@ -137,6 +137,19 @@ cdxgenRepl.defineCommand("import", {
     this.displayPrompt();
   },
 });
+cdxgenRepl.defineCommand("summary", {
+  help: "summarize an existing BOM",
+  action() {
+    if (sbom) {
+      printSummary(sbom);
+    } else {
+      console.log(
+        "⚠ No BOM is loaded. Use .import command to import an existing BOM",
+      );
+    }
+    this.displayPrompt();
+  },
+});
 cdxgenRepl.defineCommand("exit", {
   help: "exit",
   action() {
@@ -162,13 +175,13 @@ cdxgenRepl.defineCommand("search", {
     if (sbom) {
       if (searchStr) {
         try {
-          const originalSearchString = searchStr;
-          let dependenciesSearchStr = searchStr;
-          if (!searchStr.includes("~>")) {
-            dependenciesSearchStr = `dependencies[ref ~> /${searchStr}/i or dependsOn ~> /${searchStr}/i or provides ~> /${searchStr}/i]`;
-            searchStr = `components[group ~> /${searchStr}/i or name ~> /${searchStr}/i or description ~> /${searchStr}/i or publisher ~> /${searchStr}/i or purl ~> /${searchStr}/i or tags ~> /${searchStr}/i]`;
+          let fixedSearchStr = searchStr.replaceAll("/", "\\/");
+          let dependenciesSearchStr = fixedSearchStr;
+          if (!fixedSearchStr.includes("~>")) {
+            dependenciesSearchStr = `dependencies[ref ~> /${fixedSearchStr}/i or dependsOn ~> /${fixedSearchStr}/i or provides ~> /${fixedSearchStr}/i]`;
+            fixedSearchStr = `components[group ~> /${fixedSearchStr}/i or name ~> /${fixedSearchStr}/i or description ~> /${fixedSearchStr}/i or publisher ~> /${fixedSearchStr}/i or purl ~> /${fixedSearchStr}/i or tags ~> /${fixedSearchStr}/i]`;
           }
-          const expression = jsonata(searchStr);
+          const expression = jsonata(fixedSearchStr);
           let components = await expression.evaluate(sbom);
           const dexpression = jsonata(dependenciesSearchStr);
           let dependencies = await dexpression.evaluate(sbom);
@@ -181,16 +194,12 @@ cdxgenRepl.defineCommand("search", {
           if (!components) {
             console.log("No results found!");
           } else {
-            printTable(
-              { components, dependencies },
-              undefined,
-              originalSearchString,
-            );
+            printTable({ components, dependencies }, undefined, searchStr);
             if (dependencies?.length) {
               printDependencyTree(
                 { components, dependencies },
                 "dependsOn",
-                originalSearchString,
+                searchStr,
               );
             }
           }