@cyclonedx/cdxgen 8.1.4 → 8.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/docker.js +1 -1
- package/index.js +11 -6
- package/package.json +1 -1
- package/utils.js +2 -1
package/docker.js
CHANGED
|
@@ -381,7 +381,7 @@ const getImage = async (fullImageName) => {
|
|
|
381
381
|
`Unable to pull ${fullImageName}. Check if the name is valid. Perform any authentication prior to invoking cdxgen.`
|
|
382
382
|
);
|
|
383
383
|
console.log(
|
|
384
|
-
`Trying manually pulling this image using docker pull ${fullImageName}`
|
|
384
|
+
`Trying to manually pulling this image using docker pull ${fullImageName}`
|
|
385
385
|
);
|
|
386
386
|
}
|
|
387
387
|
return localData;
|
package/index.js
CHANGED
|
@@ -2104,6 +2104,7 @@ const createGoBom = async (path, options) => {
|
|
|
2104
2104
|
(options.multiProject ? "**/" : "") + "go.mod"
|
|
2105
2105
|
);
|
|
2106
2106
|
if (gomodFiles.length) {
|
|
2107
|
+
let shouldManuallyParse = false;
|
|
2107
2108
|
// Use the go list -deps and go mod why commands to generate a good quality BoM for non-docker invocations
|
|
2108
2109
|
if (!["docker", "oci", "os"].includes(options.projectType)) {
|
|
2109
2110
|
for (let f of gomodFiles) {
|
|
@@ -2127,6 +2128,7 @@ const createGoBom = async (path, options) => {
|
|
|
2127
2128
|
{ cwd: basePath, encoding: "utf-8", timeout: TIMEOUT_MS }
|
|
2128
2129
|
);
|
|
2129
2130
|
if (result.status !== 0 || result.error) {
|
|
2131
|
+
shouldManuallyParse = true;
|
|
2130
2132
|
console.error(result.stdout, result.stderr);
|
|
2131
2133
|
options.failOnError && process.exit(1);
|
|
2132
2134
|
}
|
|
@@ -2138,6 +2140,7 @@ const createGoBom = async (path, options) => {
|
|
|
2138
2140
|
pkgList = pkgList.concat(dlist);
|
|
2139
2141
|
}
|
|
2140
2142
|
} else {
|
|
2143
|
+
shouldManuallyParse = true;
|
|
2141
2144
|
console.error("go unexpectedly didn't return any output");
|
|
2142
2145
|
options.failOnError && process.exit(1);
|
|
2143
2146
|
}
|
|
@@ -2182,11 +2185,13 @@ const createGoBom = async (path, options) => {
|
|
|
2182
2185
|
if (DEBUG_MODE) {
|
|
2183
2186
|
console.log(`Required packages: ${Object.keys(allImports).length}`);
|
|
2184
2187
|
}
|
|
2185
|
-
|
|
2186
|
-
|
|
2187
|
-
|
|
2188
|
-
|
|
2189
|
-
|
|
2188
|
+
if (pkgList.length && !shouldManuallyParse) {
|
|
2189
|
+
return buildBomNSData(options, pkgList, "golang", {
|
|
2190
|
+
allImports,
|
|
2191
|
+
src: path,
|
|
2192
|
+
filename: gomodFiles.join(", ")
|
|
2193
|
+
});
|
|
2194
|
+
}
|
|
2190
2195
|
}
|
|
2191
2196
|
// Parse the gomod files manually. The resultant BoM would be incomplete
|
|
2192
2197
|
if (!["docker", "oci", "os"].includes(options.projectType)) {
|
|
@@ -3455,7 +3460,7 @@ const createMultiXBom = async (pathList, options) => {
|
|
|
3455
3460
|
if (bomData && bomData.bomJson && bomData.bomJson.components) {
|
|
3456
3461
|
if (DEBUG_MODE) {
|
|
3457
3462
|
console.log(
|
|
3458
|
-
`Found ${bomData.bomJson.components.length}
|
|
3463
|
+
`Found ${bomData.bomJson.components.length} npm packages at ${path}`
|
|
3459
3464
|
);
|
|
3460
3465
|
}
|
|
3461
3466
|
components = components.concat(bomData.bomJson.components);
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cyclonedx/cdxgen",
|
|
3
|
-
"version": "8.1.
|
|
3
|
+
"version": "8.1.5",
|
|
4
4
|
"description": "Creates CycloneDX Software Bill-of-Materials (SBOM) from source or container image",
|
|
5
5
|
"homepage": "http://github.com/cyclonedx/cdxgen",
|
|
6
6
|
"author": "Prabhu Subramanian <prabhu@appthreat.com>",
|
package/utils.js
CHANGED
|
@@ -2799,10 +2799,11 @@ const recurseImageNameLookup = (keyValueObj, pkgList, imgList) => {
|
|
|
2799
2799
|
typeof imageLike === "string" &&
|
|
2800
2800
|
!imgList.includes(imageLike)
|
|
2801
2801
|
) {
|
|
2802
|
-
if (imageLike.includes("
|
|
2802
|
+
if (imageLike.includes("VERSION")) {
|
|
2803
2803
|
imageLike = imageLike
|
|
2804
2804
|
.replace(":${VERSION:-", ":")
|
|
2805
2805
|
.replace(":${VERSION:", ":")
|
|
2806
|
+
.replace(":%VERSION%", ":latest")
|
|
2806
2807
|
.replace("}", "");
|
|
2807
2808
|
}
|
|
2808
2809
|
pkgList.push({ image: imageLike });
|