@cyclonedx/cdxgen 12.3.1 → 12.3.3

package/README.md

@@ -523,6 +523,12 @@ You can also pass `-t docker` with repository names. Only the `latest` tag would
 cdxgen shiftleft/scan-slim -o /tmp/bom.json -t docker
 ```
 
+For offline or staged scans, point cdxgen at a locally reconstructed root filesystem directory. The container pipeline accepts `-t docker`, `-t rootfs`, or `-t oci-dir` for this mode.
+
+```shell
+cdxgen /tmp/remote_target -o /tmp/bom.json -t rootfs
+```
+
 You can also pass the .tar file of a container image.
 
 ```shell

package/bin/cdxgen.js

@@ -462,9 +462,8 @@ const args = _yargs
   })
   .option("tlp-classification", {
     description:
-      'Traffic Light Protocol (TLP) is a classification system for identifying the potential risk associated with artefact, including whether it is subject to certain types of legal, financial, or technical threats. Refer to [https://www.first.org/tlp/](https://www.first.org/tlp/) for further information.\nThe default classification is "CLEAR"',
+      "Traffic Light Protocol (TLP) is a classification system for identifying the potential risk associated with an artefact, including whether it is subject to certain types of legal, financial, or technical threats. Refer to [https://www.first.org/tlp/](https://www.first.org/tlp/) for further information.",
     choices: ["CLEAR", "GREEN", "AMBER", "AMBER_AND_STRICT", "RED"],
-    default: "CLEAR",
     hidden: true,
   })
   .option("env-audit", {

package/data/rules/ai-agent-governance.yaml

@@ -204,3 +204,46 @@
       "hiddenMcpUrls": $prop($, 'cdx:agent:hiddenMcpUrls'),
       "providerNames": $prop($, 'cdx:agent:providerNames')
     }
+
+- id: AGT-007
+  name: "AI agent or skill file is included in a build or post-build SBOM"
+  description: "Shipped AI instruction and skill files deserve explicit review because they can alter developer tooling, release-time automation, and downstream runtime behavior."
+  severity: medium
+  category: ai-agent
+  standards:
+    owasp-ai-top-10:
+      - "LLM05: Supply Chain Vulnerabilities"
+      - "LLM08: Excessive Agency"
+    nist-ai-rmf:
+      - "Govern"
+      - "Map"
+    nist-ssdf:
+      - "Review build and release instructions before distribution"
+  condition: |
+    components[
+      (
+        $prop($, 'cdx:agent:inventorySource') = 'agent-file'
+        or $prop($, 'cdx:agent:inventorySource') = 'community-config'
+      )
+      and (
+        $prop($, 'cdx:file:kind') = 'skill-file'
+        or $prop($, 'cdx:file:kind') = 'agent-instructions'
+        or $prop($, 'cdx:file:kind') = 'copilot-instructions'
+        or $prop($, 'cdx:file:kind') = 'copilot-setup-workflow'
+        or $prop($, 'cdx:file:kind') = 'ai-agent-file'
+      )
+      and $count($$.metadata.lifecycles[phase = 'build' or phase = 'post-build']) > 0
+    ]
+  location: |
+    {
+      "bomRef": $."bom-ref",
+      "file": $prop($, 'SrcFile')
+    }
+  message: "AI instruction or skill file '{{ name }}' is included in a build/post-build SBOM"
+  mitigation: "If the file must ship, keep the BOM review-friendly with '--bom-audit --bom-audit-categories ai-agent' and consider '--tlp-classification AMBER'. If you want a package-only BOM, rerun with '--exclude-type ai-skill'."
+  evidence: |
+    {
+      "inventorySource": $prop($, 'cdx:agent:inventorySource'),
+      "fileKind": $prop($, 'cdx:file:kind'),
+      "providerNames": $prop($, 'cdx:agent:providerNames')
+    }

package/data/rules/ci-permissions.yaml

@@ -642,5 +642,137 @@
       "sensitiveOperations": $prop($, 'cdx:github:step:sensitiveOperations'),
       "sensitiveContextRefs": $prop($, 'cdx:github:step:sensitiveContextRefs'),
       "dispatchKinds": $prop($, 'cdx:github:step:dispatchKinds')
+     }
+
+- id: CI-022
+  name: "npm setup action disables build cache despite resolved package distributions"
+  description: "Explicitly disabling setup-node caching reduces tamper resistance and reviewability when npm dependencies are resolved from remote package distributions"
+  severity: medium
+  category: ci-permission
+  attack:
+    tactics: [TA0005]
+    techniques: [T1195.001]
+  condition: |
+    $auditComponents($)[
+      $prop($, 'cdx:github:action:disablesBuildCache') = 'true'
+      and $prop($, 'cdx:github:action:buildCacheEcosystem') = 'npm'
+      and $count($$.components[
+        $startsWith(purl, 'pkg:npm/')
+        and (
+          $contains($lowercase($nullSafeProp($, 'cdx:npm:manifestSourceType')), 'git')
+          or $contains($lowercase($nullSafeProp($, 'cdx:npm:manifestSourceType')), 'url')
+        )
+        and $count(externalReferences[
+          type = 'distribution'
+          and (
+            $startsWith($lowercase(url), 'git+')
+            or $startsWith($lowercase(url), 'http://')
+            or $startsWith($lowercase(url), 'https://')
+          )
+        ]) > 0
+      ]) > 0
+    ]
+  location: |
+    {
+      "bomRef": $."bom-ref",
+      "purl": purl,
+      "file": $prop($, 'cdx:github:workflow:file')
+    }
+  message: "GitHub Action '{{ $prop($, 'cdx:github:action:uses') }}' explicitly disables npm build caching while resolved npm package distributions are present in the BOM"
+  mitigation: "Keep setup-node caching enabled unless you have a reviewed exception; disabling cache can weaken integrity checks and provenance review for resolved npm artifacts"
+  evidence: |
+    {
+      "cacheDisableInput": $prop($, 'cdx:github:action:buildCacheDisableInput'),
+      "cacheDisableValue": $prop($, 'cdx:github:action:buildCacheDisableValue'),
+      "matchingPackages": $$.components[
+        $startsWith(purl, 'pkg:npm/')
+        and (
+          $contains($lowercase($nullSafeProp($, 'cdx:npm:manifestSourceType')), 'git')
+          or $contains($lowercase($nullSafeProp($, 'cdx:npm:manifestSourceType')), 'url')
+        )
+        and $count(externalReferences[
+          type = 'distribution'
+          and (
+            $startsWith($lowercase(url), 'git+')
+            or $startsWith($lowercase(url), 'http://')
+            or $startsWith($lowercase(url), 'https://')
+          )
+        ]) > 0
+      ].purl
+    }
+
+- id: CI-023
+  name: "Python setup action disables build cache despite resolved package distributions"
+  description: "Explicitly disabling setup-python caching reduces tamper resistance and reviewability when PyPI dependencies are resolved from remote archives or VCS sources"
+  severity: medium
+  category: ci-permission
+  attack:
+    tactics: [TA0005]
+    techniques: [T1195.001]
+  condition: |
+    $auditComponents($)[
+      $prop($, 'cdx:github:action:disablesBuildCache') = 'true'
+      and $prop($, 'cdx:github:action:buildCacheEcosystem') = 'pypi'
+      and $count($$.components[
+        $startsWith(purl, 'pkg:pypi/')
+        and (
+          $contains($lowercase($nullSafeProp($, 'cdx:pypi:manifestSourceType')), 'git')
+          or $contains($lowercase($nullSafeProp($, 'cdx:pypi:manifestSourceType')), 'url')
+        )
+      ]) > 0
+    ]
+  location: |
+    {
+      "bomRef": $."bom-ref",
+      "purl": purl,
+      "file": $prop($, 'cdx:github:workflow:file')
+    }
+  message: "GitHub Action '{{ $prop($, 'cdx:github:action:uses') }}' explicitly disables Python build caching while resolved PyPI package distributions are present in the BOM"
+  mitigation: "Keep setup-python caching enabled when lockfiles resolve remote archives or VCS sources unless you have a reviewed exception"
+  evidence: |
+    {
+      "cacheDisableInput": $prop($, 'cdx:github:action:buildCacheDisableInput'),
+      "cacheDisableValue": $prop($, 'cdx:github:action:buildCacheDisableValue'),
+      "matchingPackages": $$.components[
+        $startsWith(purl, 'pkg:pypi/')
+        and (
+          $contains($lowercase($nullSafeProp($, 'cdx:pypi:manifestSourceType')), 'git')
+          or $contains($lowercase($nullSafeProp($, 'cdx:pypi:manifestSourceType')), 'url')
+        )
+      ].purl
     }
 
+- id: CI-024
+  name: "Cargo setup action disables build cache despite manifest-declared git dependencies"
+  description: "Explicitly disabling Cargo setup caching reduces tamper resistance and reviewability when Cargo manifests rely on git dependencies"
+  severity: medium
+  category: ci-permission
+  attack:
+    tactics: [TA0005]
+    techniques: [T1195.001]
+  condition: |
+    $auditComponents($)[
+      $prop($, 'cdx:github:action:disablesBuildCache') = 'true'
+      and $prop($, 'cdx:github:action:buildCacheEcosystem') = 'cargo'
+      and $count($$.components[
+        $startsWith(purl, 'pkg:cargo/')
+        and $hasProp($, 'cdx:cargo:git')
+      ]) > 0
+    ]
+  location: |
+    {
+      "bomRef": $."bom-ref",
+      "purl": purl,
+      "file": $prop($, 'cdx:github:workflow:file')
+    }
+  message: "GitHub Action '{{ $prop($, 'cdx:github:action:uses') }}' explicitly disables Cargo build caching while manifest-declared Cargo git dependencies are present in the BOM"
+  mitigation: "Keep Cargo setup caching enabled when manifests rely on git dependencies unless you have a reviewed exception"
+  evidence: |
+    {
+      "cacheDisableInput": $prop($, 'cdx:github:action:buildCacheDisableInput'),
+      "cacheDisableValue": $prop($, 'cdx:github:action:buildCacheDisableValue'),
+      "matchingPackages": $$.components[
+        $startsWith(purl, 'pkg:cargo/')
+        and $hasProp($, 'cdx:cargo:git')
+      ].purl
+    }

package/data/rules/dependency-sources.yaml

@@ -2,21 +2,23 @@
 # Category: dependency-source
 # Evaluates package manager data for non-registry, local, or mutable sources
 - id: PKG-001
-  name: "Install script from non-registry source"
-  description: "npm packages with install scripts from git/file/local sources increase supply chain attack surface"
+  name: "Install script from direct manifest source"
+  description: "npm packages with install scripts declared from git, URL, or local path sources in the manifest increase supply chain attack surface"
   severity: high
   category: dependency-source
   condition: |
     components[
       $prop($, 'cdx:npm:hasInstallScript') = 'true'
-      and $prop($, 'cdx:npm:isRegistryDependency') = 'false'
+      and $hasProp($, 'cdx:npm:manifestSourceType')
     ]
   location: |
     { "bomRef": $."bom-ref", "purl": purl }
-  message: "npm package '{{ name }}@{{ version }}' executes install script from non-registry source"
-  mitigation: "Avoid git/file dependencies with lifecycle hooks; use registry dependencies or vendor explicitly"
+  message: "npm package '{{ name }}@{{ version }}' executes install script from manifest-declared source type(s): {{ $prop($, 'cdx:npm:manifestSourceType') }}"
+  mitigation: "Avoid git, URL, or local-path dependencies with lifecycle hooks; use registry-published dependencies or vendor explicitly"
   evidence: |
     {
+      "manifestSourceType": $prop($, 'cdx:npm:manifestSourceType'),
+      "manifestSource": $prop($, 'cdx:npm:manifestSource'),
       "riskyScripts": $prop($, 'cdx:npm:risky_scripts'),
       "resolvedPath": $prop($, 'cdx:npm:resolvedPath'),
       "isLink": $prop($, 'cdx:npm:isLink')
@@ -162,3 +164,61 @@
       "dependencyKind": $prop($, 'cdx:cargo:dependencyKind'),
       "target": $prop($, 'cdx:cargo:target')
     }
+- id: PKG-009
+  name: "Collider package resolved from insecure HTTP origin"
+  description: "Collider lock entries that resolve from HTTP origins can be observed or modified in transit before wrap-hash verification occurs"
+  severity: medium
+  category: dependency-source
+  condition: |
+    components[
+      $prop($, 'cdx:collider:originScheme') = 'http'
+    ]
+  location: |
+    { "bomRef": $."bom-ref", "purl": purl }
+  message: "Collider package '{{ name }}@{{ version }}' resolves from insecure origin '{{ $prop($, 'cdx:collider:origin') }}'"
+  mitigation: "Prefer HTTPS, trusted file:// repositories, or an authenticated internal mirror for Collider package origins"
+  evidence: |
+    {
+      "origin": $prop($, 'cdx:collider:origin'),
+      "originHost": $prop($, 'cdx:collider:originHost'),
+      "dependencyKind": $prop($, 'cdx:collider:dependencyKind')
+    }
+- id: PKG-010
+  name: "Collider origin required sanitization before BOM emission"
+  description: "Collider lock origin URLs should not carry credentials, query strings, or fragments because those values may embed secrets or unstable signed URLs"
+  severity: low
+  category: dependency-source
+  condition: |
+    components[
+      $prop($, 'cdx:collider:originSanitized') = 'true'
+    ]
+  location: |
+    { "bomRef": $."bom-ref", "purl": purl }
+  message: "Collider package '{{ name }}@{{ version }}' had sensitive origin fields stripped before BOM emission"
+  mitigation: "Avoid embedding credentials or signed query parameters in Collider repository origin URLs; prefer stable repository base URLs"
+  evidence: |
+    {
+      "origin": $prop($, 'cdx:collider:origin'),
+      "originHost": $prop($, 'cdx:collider:originHost'),
+      "dependencyKind": $prop($, 'cdx:collider:dependencyKind')
+    }
+- id: PKG-011
+  name: "Python dependency uses direct manifest source"
+  description: "Python dependencies declared via git, direct URL, or local path in requirements or pyproject files bypass normal registry version mediation"
+  severity: high
+  category: dependency-source
+  condition: |
+    components[
+      $hasProp($, 'cdx:pypi:manifestSourceType')
+    ]
+  location: |
+    { "bomRef": $."bom-ref", "purl": purl }
+  message: "Python package '{{ name }}@{{ version }}' is declared from manifest {{ $prop($, 'cdx:pypi:manifestSourceType') }} source '{{ $prop($, 'cdx:pypi:manifestSource') }}'"
+  mitigation: "Prefer registry-published releases for production builds, or pin and review direct git/URL/path sources explicitly"
+  evidence: |
+    {
+      "manifestSourceType": $prop($, 'cdx:pypi:manifestSourceType'),
+      "manifestSource": $prop($, 'cdx:pypi:manifestSource'),
+      "registry": $prop($, 'cdx:pypi:registry'),
+      "resolvedFrom": $prop($, 'cdx:pypi:resolved_from')
+    }

package/data/rules/mcp-servers.yaml

@@ -191,8 +191,9 @@
     {
       "configFormat": $prop($, 'cdx:mcp:configFormat'),
       "configKey": $prop($, 'cdx:mcp:configKey'),
-      "credentialExposureFields": $prop($, 'cdx:mcp:credentialExposureFields'),
-      "credentialRiskIndicators": $prop($, 'cdx:mcp:credentialRiskIndicators')
+      "credentialExposureFieldCount": $prop($, 'cdx:mcp:credentialExposureFieldCount'),
+      "credentialIndicatorCount": $prop($, 'cdx:mcp:credentialIndicatorCount'),
+      "credentialReferenceCount": $prop($, 'cdx:mcp:credentialReferenceCount')
     }
 
 - id: MCP-006
@@ -268,3 +269,36 @@
       "trustProfile": $prop($, 'cdx:mcp:trustProfile'),
       "authPosture": $prop($, 'cdx:mcp:authPosture')
     }
+
+- id: MCP-008
+  name: "MCP configuration file is included in a build or post-build SBOM"
+  description: "Committed MCP client configuration files can carry trust, auth, and distribution sensitivity even when they are not actively used during the current scan."
+  severity: medium
+  category: mcp-server
+  standards:
+    owasp-ai-top-10:
+      - "LLM07: Insecure Plugin Design"
+      - "LLM08: Excessive Agency"
+    nist-ai-rmf:
+      - "Govern"
+      - "Map"
+    nist-ssdf:
+      - "Review configured AI control surfaces before release"
+  condition: |
+    components[
+      $prop($, 'cdx:file:kind') = 'mcp-config'
+      and $count($$.metadata.lifecycles[phase = 'build' or phase = 'post-build']) > 0
+    ]
+  location: |
+    {
+      "bomRef": $."bom-ref",
+      "file": $prop($, 'SrcFile')
+    }
+  message: "MCP config file '{{ name }}' is included in a build/post-build SBOM"
+  mitigation: "Review the config with '--bom-audit --bom-audit-categories mcp-server', consider '--tlp-classification AMBER' before sharing the BOM broadly, or rerun with '--exclude-type mcp' if config artifacts should be omitted."
+  evidence: |
+    {
+      "configFormat": $prop($, 'cdx:mcp:configFormat'),
+      "configuredServiceCount": $prop($, 'cdx:mcp:configuredServiceCount'),
+      "configuredServiceNames": $prop($, 'cdx:mcp:configuredServiceNames')
+    }

package/data/rules/package-integrity.yaml

@@ -305,3 +305,25 @@
         )
       ].$prop($, 'cdx:github:step:command')
     }
+
+- id: INT-014
+  name: "Collider package missing valid wrap hash pin"
+  description: "Collider lock entries should carry a SHA-256 wrap_hash so the selected wrap file remains integrity-pinned and reproducible"
+  severity: high
+  category: package-integrity
+  condition: |
+    components[
+      $hasProp($, 'cdx:collider:dependencyKind')
+      and $prop($, 'cdx:collider:hasWrapHash') = 'false'
+    ]
+  location: |
+    { "bomRef": $."bom-ref", "purl": purl }
+  message: "Collider package '{{ name }}@{{ version }}' is missing a valid wrap hash integrity pin"
+  mitigation: "Recreate collider.lock with valid wrap_hash values and verify the lockfile against the repository before release"
+  evidence: |
+    {
+      "wrapHash": $prop($, 'cdx:collider:wrapHash'),
+      "wrapHashInvalid": $prop($, 'cdx:collider:wrapHashInvalid'),
+      "origin": $prop($, 'cdx:collider:origin'),
+      "dependencyKind": $prop($, 'cdx:collider:dependencyKind')
+    }