@cyclonedx/cdxgen 8.0.0 → 8.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -1
- package/index.js +16 -5
- package/package.json +1 -1
- package/utils.js +4 -0
- package/utils.test.js +17 -0
package/README.md
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
|
|
4
4
|
|
|
5
|
-
This tool creates a valid and compliant CycloneDX Software Bill-of-Materials (SBOM) containing an aggregate of all project dependencies for c/c++, node.js, php, python, ruby, rust, java, .Net, dart, haskell, elixir, and Go projects in XML and JSON format. CycloneDX 1.4 is a lightweight SBOM specification that is easily created, human and machine-readable, and simple to parse.
|
|
5
|
+
This tool creates a valid and compliant [CycloneDX][cyclonedx-homepage] Software Bill-of-Materials (SBOM) containing an aggregate of all project dependencies for c/c++, node.js, php, python, ruby, rust, java, .Net, dart, haskell, elixir, and Go projects in XML and JSON format. CycloneDX 1.4 is a lightweight SBOM specification that is easily created, human and machine-readable, and simple to parse.
|
|
6
6
|
|
|
7
7
|
When used with plugins, cdxgen could generate an SBoM for Linux docker images and even VMs running Linux or Windows operating system.
|
|
8
8
|
|
|
@@ -352,3 +352,6 @@ Permission to modify and redistribute is granted under the terms of the Apache 2
|
|
|
352
352
|
## Discord support
|
|
353
353
|
|
|
354
354
|
The developers could be reached via the [discord](https://discord.gg/DCNxzaeUpd) channel.
|
|
355
|
+
|
|
356
|
+
|
|
357
|
+
[cyclonedx-homepage]: https://cyclonedx.org
|
package/index.js
CHANGED
|
@@ -3079,6 +3079,9 @@ const createPHPBom = async (path, options) => {
|
|
|
3079
3079
|
const composerLockMode = composerLockFiles.length;
|
|
3080
3080
|
// Create a composer.lock file for each composer.json file if needed.
|
|
3081
3081
|
if (!composerLockMode && composerJsonMode && options.installDeps) {
|
|
3082
|
+
if (DEBUG_MODE) {
|
|
3083
|
+
console.log("About to invoke composer --version");
|
|
3084
|
+
}
|
|
3082
3085
|
const versionResult = spawnSync("composer", ["--version"], {
|
|
3083
3086
|
encoding: "utf-8"
|
|
3084
3087
|
});
|
|
@@ -3086,18 +3089,26 @@ const createPHPBom = async (path, options) => {
|
|
|
3086
3089
|
console.error(
|
|
3087
3090
|
"No composer version found. Check if composer is installed and available in PATH."
|
|
3088
3091
|
);
|
|
3089
|
-
|
|
3092
|
+
if (DEBUG_MODE) {
|
|
3093
|
+
console.log(versionResult.error, versionResult.stderr);
|
|
3094
|
+
}
|
|
3090
3095
|
options.failOnError && process.exit(1);
|
|
3091
|
-
return {};
|
|
3092
3096
|
}
|
|
3093
|
-
|
|
3097
|
+
let composerVersion = undefined;
|
|
3094
3098
|
if (DEBUG_MODE) {
|
|
3095
|
-
console.log("
|
|
3099
|
+
console.log("Parsing version", versionResult.stdout);
|
|
3100
|
+
}
|
|
3101
|
+
let tmpV = undefined;
|
|
3102
|
+
if (versionResult && versionResult.stdout) {
|
|
3103
|
+
versionResult.stdout.split(" ");
|
|
3104
|
+
}
|
|
3105
|
+
if (tmpV && tmpV.length > 1) {
|
|
3106
|
+
composerVersion = tmpV[1];
|
|
3096
3107
|
}
|
|
3097
3108
|
for (let f of composerJsonFiles) {
|
|
3098
3109
|
const basePath = pathLib.dirname(f);
|
|
3099
3110
|
let args = [];
|
|
3100
|
-
if (composerVersion
|
|
3111
|
+
if (composerVersion && !composerVersion.startsWith("1")) {
|
|
3101
3112
|
console.log("Generating composer.lock in", basePath);
|
|
3102
3113
|
args = ["update", "--no-install", "--ignore-platform-reqs"];
|
|
3103
3114
|
} else {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cyclonedx/cdxgen",
|
|
3
|
-
"version": "8.0.
|
|
3
|
+
"version": "8.0.2",
|
|
4
4
|
"description": "Creates CycloneDX Software Bill-of-Materials (SBOM) from source or container image",
|
|
5
5
|
"homepage": "http://github.com/cyclonedx/cdxgen",
|
|
6
6
|
"author": "Prabhu Subramanian <prabhu@appthreat.com>",
|
package/utils.js
CHANGED
|
@@ -3616,6 +3616,10 @@ const parseComposerLock = function (pkgLockFile) {
|
|
|
3616
3616
|
for (let compScope in packages) {
|
|
3617
3617
|
for (let i in packages[compScope]) {
|
|
3618
3618
|
const pkg = packages[compScope][i];
|
|
3619
|
+
// Be extra cautious. Potential fix for #236
|
|
3620
|
+
if (!pkg || !pkg.name || !pkg.version) {
|
|
3621
|
+
continue;
|
|
3622
|
+
}
|
|
3619
3623
|
let group = path.dirname(pkg.name);
|
|
3620
3624
|
if (group === ".") {
|
|
3621
3625
|
group = "";
|
package/utils.test.js
CHANGED
|
@@ -1285,6 +1285,23 @@ test("parseComposerLock", () => {
|
|
|
1285
1285
|
}
|
|
1286
1286
|
]
|
|
1287
1287
|
});
|
|
1288
|
+
|
|
1289
|
+
deps = utils.parseComposerLock("./test/data/composer-3.lock");
|
|
1290
|
+
expect(deps.length).toEqual(62);
|
|
1291
|
+
expect(deps[0]).toEqual({
|
|
1292
|
+
group: "amphp",
|
|
1293
|
+
name: "amp",
|
|
1294
|
+
version: "2.6.2",
|
|
1295
|
+
repository: {
|
|
1296
|
+
type: "git",
|
|
1297
|
+
url: "https://github.com/amphp/amp.git",
|
|
1298
|
+
reference: "9d5100cebffa729aaffecd3ad25dc5aeea4f13bb"
|
|
1299
|
+
},
|
|
1300
|
+
license: ["MIT"],
|
|
1301
|
+
description: "A non-blocking concurrency framework for PHP applications.",
|
|
1302
|
+
scope: "required",
|
|
1303
|
+
properties: [{ name: "SrcFile", value: "./test/data/composer-3.lock" }]
|
|
1304
|
+
});
|
|
1288
1305
|
});
|
|
1289
1306
|
|
|
1290
1307
|
test("parseGemfileLockData", async () => {
|