@cyclonedx/cdxgen 11.3.0 → 11.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/bin/cdxgen.js +15 -10
  2. package/lib/helpers/envcontext.js +1 -1
  3. package/lib/managers/docker.js +3 -0
  4. package/package.json +1 -1
  5. package/types/lib/managers/docker.d.ts.map +1 -1
package/bin/cdxgen.js CHANGED
@@ -1,10 +1,9 @@
1
1
  #!/usr/bin/env node
2
-
2
+ import { Buffer } from "node:buffer";
3
3
  import crypto from "node:crypto";
4
4
  import fs from "node:fs";
5
5
  import { basename, dirname, join, resolve } from "node:path";
6
6
  import process from "node:process";
7
- import { URL } from "node:url";
8
7
  import { findUpSync } from "find-up";
9
8
  import globalAgent from "global-agent";
10
9
  import { load as _load } from "js-yaml";
@@ -781,6 +780,13 @@ const checkPermissions = (filePath, options) => {
781
780
  return true;
782
781
  };
783
782
 
783
+ const needsBomSigning = ({ generateKeyAndSign }) =>
784
+ generateKeyAndSign ||
785
+ (process.env.SBOM_SIGN_ALGORITHM &&
786
+ process.env.SBOM_SIGN_ALGORITHM !== "none" &&
787
+ process.env.SBOM_SIGN_PRIVATE_KEY &&
788
+ safeExistsSync(process.env.SBOM_SIGN_PRIVATE_KEY));
789
+
784
790
  /**
785
791
  * Method to start the bom creation process
786
792
  */
@@ -838,14 +844,7 @@ const checkPermissions = (filePath, options) => {
838
844
  thoughtLog(`Let's save the file to "${jsonFile}".`);
839
845
  }
840
846
  }
841
- if (
842
- jsonPayload &&
843
- (options.generateKeyAndSign ||
844
- (process.env.SBOM_SIGN_ALGORITHM &&
845
- process.env.SBOM_SIGN_ALGORITHM !== "none" &&
846
- process.env.SBOM_SIGN_PRIVATE_KEY &&
847
- safeExistsSync(process.env.SBOM_SIGN_PRIVATE_KEY)))
848
- ) {
847
+ if (jsonPayload && needsBomSigning(options)) {
849
848
  let alg = process.env.SBOM_SIGN_ALGORITHM || "RS512";
850
849
  if (alg.includes("none")) {
851
850
  alg = "RS512";
@@ -857,6 +856,7 @@ const checkPermissions = (filePath, options) => {
857
856
  const jdirName = dirname(jsonFile);
858
857
  publicKeyFile = join(jdirName, "public.key");
859
858
  const privateKeyFile = join(jdirName, "private.key");
859
+ const privateKeyB64File = join(jdirName, "private.key.base64");
860
860
  const { privateKey, publicKey } = crypto.generateKeyPairSync("rsa", {
861
861
  modulusLength: 4096,
862
862
  publicKeyEncoding: {
@@ -870,10 +870,15 @@ const checkPermissions = (filePath, options) => {
870
870
  });
871
871
  fs.writeFileSync(publicKeyFile, publicKey);
872
872
  fs.writeFileSync(privateKeyFile, privateKey);
873
+ fs.writeFileSync(
874
+ privateKeyB64File,
875
+ Buffer.from(privateKey, "utf8").toString("base64"),
876
+ );
873
877
  console.log(
874
878
  "Created public/private key pairs for testing purposes",
875
879
  publicKeyFile,
876
880
  privateKeyFile,
881
+ privateKeyB64File,
877
882
  );
878
883
  privateKeyToUse = privateKey;
879
884
  jwkPublicKey = crypto
package/lib/helpers/envcontext.js CHANGED
@@ -30,7 +30,7 @@ export const GIT_COMMAND = process.env.GIT_CMD || "git";
30
30
  // sdkman tool aliases
31
31
  export const SDKMAN_JAVA_TOOL_ALIASES = {
32
32
  java8: process.env.JAVA8_TOOL || "8.0.452-amzn", // Temurin no longer offers java8 :(
33
- java11: process.env.JAVA11_TOOL || "11.0.26-tem",
33
+ java11: process.env.JAVA11_TOOL || "11.0.27-tem",
34
34
  java17: process.env.JAVA17_TOOL || "17.0.15-tem",
35
35
  java21: process.env.JAVA21_TOOL || "21.0.7-tem",
36
36
  java22: process.env.JAVA22_TOOL || "22.0.2-tem",
package/lib/managers/docker.js CHANGED
@@ -84,6 +84,9 @@ export const stripAbsolutePath = (path) => {
84
84
  * Detect colima
85
85
  */
86
86
  export function detectColima() {
87
+ if (isColima) {
88
+ return true;
89
+ }
87
90
  if (_platform() === "darwin") {
88
91
  const result = spawnSync("colima", ["version"], {
89
92
  encoding: "utf-8",
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@cyclonedx/cdxgen",
3
- "version": "11.3.0",
3
+ "version": "11.3.1",
4
4
  "description": "Creates CycloneDX Software Bill of Materials (SBOM) from source or container image",
5
5
  "homepage": "http://github.com/cyclonedx/cdxgen",
6
6
  "author": "Prabhu Subramanian <prabhu@appthreat.com>",
package/types/lib/managers/docker.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"docker.d.ts","sourceRoot":"","sources":["../../../lib/managers/docker.js"],"names":[],"mappings":"AAkFA;;GAEG;AACH,oCAmBC;AAED;;GAEG;AACH,4CA6CC;AA7HD,4BAA6C;AAC7C,kCAAmC,WAAW,CAAC;AAmCxC,kDAeN;AAqFM,iCAHI,MAAM,WACN,MAAM,iDAehB;AAqBM,6DAmBN;AAgLM,4EAsGN;AAEM,oFAwBN;AAUM;;;;;;;;EA2EN;AAsBM,2DAuMN;AAgBM,yFAuGN;AAMM;;;;;;;;;;;;;;GAwDN;AAEM;;;;;;;;GAyGN;AAMM,4EA+IN;AAKM,4EA2GN;AAEM,+EAEN;AAEM,4EA2CN;AAEM,iFA0BN"}
1
+ {"version":3,"file":"docker.d.ts","sourceRoot":"","sources":["../../../lib/managers/docker.js"],"names":[],"mappings":"AAkFA;;GAEG;AACH,oCAsBC;AAED;;GAEG;AACH,4CA6CC;AAhID,4BAA6C;AAC7C,kCAAmC,WAAW,CAAC;AAmCxC,kDAeN;AAwFM,iCAHI,MAAM,WACN,MAAM,iDAehB;AAqBM,6DAmBN;AAgLM,4EAsGN;AAEM,oFAwBN;AAUM;;;;;;;;EA2EN;AAsBM,2DAuMN;AAgBM,yFAuGN;AAMM;;;;;;;;;;;;;;GAwDN;AAEM;;;;;;;;GAyGN;AAMM,4EA+IN;AAKM,4EA2GN;AAEM,+EAEN;AAEM,4EA2CN;AAEM,iFA0BN"}