npm - @cyclonedx/cdxgen - Versions diffs - 8.1.0 → 8.1.2 - Mend

@cyclonedx/cdxgen 8.1.0 → 8.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -257,7 +257,7 @@ cdxgen can retain the dependency tree under the `dependencies` attribute for a s
 | GRADLE_CMD                | Set to override gradle command                                                                                     |
 | GRADLE_DEPENDENCY_TASK    | By default cdxgen use the task "dependencies" to collect packages. Set to override the task name.                  |
 | SBT_CACHE_DIR             | Specify sbt cache directory. Useful for class name resolving                                                       |
-| FETCH_LICENSE             | Set to true to fetch license information from the registry. npm and golang only                                    |
+| FETCH_LICENSE             | Set this variable to fetch license information from the registry. npm and golang only                              |
 | USE_GOSUM                 | Set to true to generate BOMs for golang projects using go.sum as the dependency source of truth, instead of go.mod |
 | CDXGEN_TIMEOUT_MS         | Default timeout for known execution involving maven, gradle or sbt                                                 |
 | BAZEL_TARGET              | Bazel target to build. Default :all (Eg: //java-maven)                                                             |

package/index.js CHANGED Viewed

@@ -58,7 +58,7 @@ const TIMEOUT_MS = parseInt(process.env.CDXGEN_TIMEOUT_MS) || 10 * 60 * 1000;
 const determineParentComponent = (options) => {
   let parentComponent = undefined;
-  if (options.projectName) {
+  if (options.projectName && options.projectVersion) {
     parentComponent = {
       group: options.projectGroup || "",
       name: options.projectName,
@@ -1106,8 +1106,9 @@ const createJavaBom = async (path, options) => {
     );
     if (gradleFiles && gradleFiles.length && options.installDeps) {
       let gradleCmd = utils.getGradleCommand(path, null);
+      const multiProjectMode = process.env.GRADLE_MULTI_PROJECT_MODE || "";
       // Support for multi-project applications
-      if (process.env.GRADLE_MULTI_PROJECT_MODE) {
+      if (["true", "1"].includes(multiProjectMode)) {
         console.log("Executing", gradleCmd, "projects in", path);
         const result = spawnSync(
           gradleCmd,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@cyclonedx/cdxgen",
-  "version": "8.1.0",
+  "version": "8.1.2",
   "description": "Creates CycloneDX Software Bill-of-Materials (SBOM) from source or container image",
   "homepage": "http://github.com/cyclonedx/cdxgen",
   "author": "Prabhu Subramanian <prabhu@appthreat.com>",