@cyclonedx/cdxgen 8.4.0 → 8.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +27 -26
- package/index.js +8 -8
- package/package.json +1 -1
- package/utils.js +48 -36
- package/utils.test.js +7 -4
package/README.md
CHANGED
|
@@ -246,32 +246,33 @@ cdxgen can retain the dependency tree under the `dependencies` attribute for a s
|
|
|
246
246
|
|
|
247
247
|
## Environment variables
|
|
248
248
|
|
|
249
|
-
| Variable
|
|
250
|
-
|
|
|
251
|
-
| SCAN_DEBUG_MODE
|
|
252
|
-
| GITHUB_TOKEN
|
|
253
|
-
| MVN_CMD
|
|
254
|
-
| MVN_ARGS
|
|
255
|
-
| MAVEN_HOME
|
|
256
|
-
| GRADLE_CACHE_DIR
|
|
257
|
-
| GRADLE_MULTI_PROJECT_MODE
|
|
258
|
-
| GRADLE_ARGS
|
|
259
|
-
| GRADLE_HOME
|
|
260
|
-
| GRADLE_CMD
|
|
261
|
-
| GRADLE_DEPENDENCY_TASK
|
|
262
|
-
| SBT_CACHE_DIR
|
|
263
|
-
| FETCH_LICENSE
|
|
264
|
-
| USE_GOSUM
|
|
265
|
-
| CDXGEN_TIMEOUT_MS
|
|
266
|
-
| CDXGEN_SERVER_TIMEOUT_MS
|
|
267
|
-
| BAZEL_TARGET
|
|
268
|
-
| CLJ_CMD
|
|
269
|
-
| LEIN_CMD
|
|
270
|
-
| SBOM_SIGN_ALGORITHM
|
|
271
|
-
| SBOM_SIGN_PRIVATE_KEY
|
|
272
|
-
| SBOM_SIGN_PUBLIC_KEY
|
|
273
|
-
| CDX_MAVEN_PLUGIN
|
|
274
|
-
| CDX_MAVEN_GOAL
|
|
249
|
+
| Variable | Description |
|
|
250
|
+
| ---------------------------- | --------------------------------------------------------------------------------------------------------------------------- |
|
|
251
|
+
| SCAN_DEBUG_MODE | Set to `debug` to enable debug messages |
|
|
252
|
+
| GITHUB_TOKEN | Specify GitHub token to prevent traffic shaping while querying license and repo information |
|
|
253
|
+
| MVN_CMD | Set to override maven command |
|
|
254
|
+
| MVN_ARGS | Set to pass additional arguments such as profile or settings to maven |
|
|
255
|
+
| MAVEN_HOME | Specify maven home |
|
|
256
|
+
| GRADLE_CACHE_DIR | Specify gradle cache directory. Useful for class name resolving |
|
|
257
|
+
| GRADLE_MULTI_PROJECT_MODE | Set this variable for gradle multi-project applications. Do not use this with recurse mode. |
|
|
258
|
+
| GRADLE_ARGS | Set to pass additional arguments such as profile or settings to gradle. Eg: --configuration runtimeClassPath |
|
|
259
|
+
| GRADLE_HOME | Specify gradle home |
|
|
260
|
+
| GRADLE_CMD | Set to override gradle command |
|
|
261
|
+
| GRADLE_DEPENDENCY_TASK | By default cdxgen use the task "dependencies" to collect packages. Set to override the task name. |
|
|
262
|
+
| SBT_CACHE_DIR | Specify sbt cache directory. Useful for class name resolving |
|
|
263
|
+
| FETCH_LICENSE | Set this variable to `true` or `1` to fetch license information from the registry. npm and golang |
|
|
264
|
+
| USE_GOSUM | Set to `true` or `1` to generate BOMs for golang projects using go.sum as the dependency source of truth, instead of go.mod |
|
|
265
|
+
| CDXGEN_TIMEOUT_MS | Default timeout for known execution involving maven, gradle or sbt |
|
|
266
|
+
| CDXGEN_SERVER_TIMEOUT_MS | Default timeout in server mode |
|
|
267
|
+
| BAZEL_TARGET | Bazel target to build. Default :all (Eg: //java-maven) |
|
|
268
|
+
| CLJ_CMD | Set to override the clojure cli command |
|
|
269
|
+
| LEIN_CMD | Set to override the leiningen command |
|
|
270
|
+
| SBOM_SIGN_ALGORITHM | Signature algorithm. Some valid values are RS256, RS384, RS512, PS256, PS384, PS512, ES256 etc |
|
|
271
|
+
| SBOM_SIGN_PRIVATE_KEY | Private key to use for signing |
|
|
272
|
+
| SBOM_SIGN_PUBLIC_KEY | Optional. Public key to include in the SBoM signature |
|
|
273
|
+
| CDX_MAVEN_PLUGIN | CycloneDX Maven plugin to use. Default "org.cyclonedx:cyclonedx-maven-plugin:2.7.8" |
|
|
274
|
+
| CDX_MAVEN_GOAL | CycloneDX Maven plugin goal to use. Default makeAggregateBom. Other options: makeBom, makePackageBom |
|
|
275
|
+
| CDX_MAVEN_INCLUDE_TEST_SCOPE | Whether test scoped dependencies should be included from Maven projects, Default: true |
|
|
275
276
|
|
|
276
277
|
## Plugins
|
|
277
278
|
|
package/index.js
CHANGED
|
@@ -988,13 +988,12 @@ const createJavaBom = async (path, options) => {
|
|
|
988
988
|
if (pomFiles && pomFiles.length) {
|
|
989
989
|
const cdxMavenPlugin =
|
|
990
990
|
process.env.CDX_MAVEN_PLUGIN ||
|
|
991
|
-
"org.cyclonedx:cyclonedx-maven-plugin:2.7.
|
|
991
|
+
"org.cyclonedx:cyclonedx-maven-plugin:2.7.8";
|
|
992
992
|
const cdxMavenGoal = process.env.CDX_MAVEN_GOAL || "makeAggregateBom";
|
|
993
|
-
let mvnArgs = [
|
|
994
|
-
|
|
995
|
-
"-
|
|
996
|
-
|
|
997
|
-
];
|
|
993
|
+
let mvnArgs = [`${cdxMavenPlugin}:${cdxMavenGoal}`, "-DoutputName=bom"];
|
|
994
|
+
if (utils.includeMavenTestScope) {
|
|
995
|
+
mvnArgs.push("-DincludeTestScope=true");
|
|
996
|
+
}
|
|
998
997
|
// By using quiet mode we can reduce the maxBuffer used and avoid crashes
|
|
999
998
|
if (!DEBUG_MODE) {
|
|
1000
999
|
mvnArgs.push("-q");
|
|
@@ -2157,8 +2156,9 @@ const createGoBom = async (path, options) => {
|
|
|
2157
2156
|
(options.multiProject ? "**/" : "") + "go.sum"
|
|
2158
2157
|
);
|
|
2159
2158
|
|
|
2160
|
-
// If USE_GOSUM is true, generate BOM components only using go.sum.
|
|
2161
|
-
const useGosum =
|
|
2159
|
+
// If USE_GOSUM is true|1, generate BOM components only using go.sum.
|
|
2160
|
+
const useGosum =
|
|
2161
|
+
process.env.USE_GOSUM && ["true", "1"].includes(process.env.USE_GOSUM);
|
|
2162
2162
|
if (useGosum && gosumFiles.length) {
|
|
2163
2163
|
console.warn(
|
|
2164
2164
|
"Using go.sum to generate BOMs for go projects may return an inaccurate representation of transitive dependencies.\nSee: https://github.com/golang/go/wiki/Modules#is-gosum-a-lock-file-why-does-gosum-include-information-for-module-versions-i-am-no-longer-using\n",
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cyclonedx/cdxgen",
|
|
3
|
-
"version": "8.4.
|
|
3
|
+
"version": "8.4.2",
|
|
4
4
|
"description": "Creates CycloneDX Software Bill-of-Materials (SBOM) from source or container image",
|
|
5
5
|
"homepage": "http://github.com/cyclonedx/cdxgen",
|
|
6
6
|
"author": "Prabhu Subramanian <prabhu@appthreat.com>",
|
package/utils.js
CHANGED
|
@@ -26,6 +26,17 @@ const DEBUG_MODE =
|
|
|
26
26
|
// Metadata cache
|
|
27
27
|
let metadata_cache = {};
|
|
28
28
|
|
|
29
|
+
// Whether test scope shall be included for java/maven projects; default, if unset shall be 'true'
|
|
30
|
+
const includeMavenTestScope =
|
|
31
|
+
!process.env.CDX_MAVEN_INCLUDE_TEST_SCOPE ||
|
|
32
|
+
["true", "1"].includes(process.env.CDX_MAVEN_INCLUDE_TEST_SCOPE);
|
|
33
|
+
exports.includeMavenTestScope = includeMavenTestScope;
|
|
34
|
+
|
|
35
|
+
// Whether license information should be fetched
|
|
36
|
+
const fetchLicenses =
|
|
37
|
+
process.env.FETCH_LICENSE &&
|
|
38
|
+
["true", "1"].includes(process.env.FETCH_LICENSE);
|
|
39
|
+
|
|
29
40
|
const MAX_LICENSE_ID_LENGTH = 100;
|
|
30
41
|
|
|
31
42
|
/**
|
|
@@ -339,7 +350,7 @@ const parsePkgJson = async (pkgJsonFile) => {
|
|
|
339
350
|
// continue regardless of error
|
|
340
351
|
}
|
|
341
352
|
}
|
|
342
|
-
if (
|
|
353
|
+
if (fetchLicenses && pkgList && pkgList.length) {
|
|
343
354
|
if (DEBUG_MODE) {
|
|
344
355
|
console.log(
|
|
345
356
|
`About to fetch license information for ${pkgList.length} packages in parsePkgJson`
|
|
@@ -446,7 +457,7 @@ const parsePkgLock = async (pkgLockFile) => {
|
|
|
446
457
|
lockData
|
|
447
458
|
);
|
|
448
459
|
}
|
|
449
|
-
if (
|
|
460
|
+
if (fetchLicenses && pkgList && pkgList.length) {
|
|
450
461
|
if (DEBUG_MODE) {
|
|
451
462
|
console.log(
|
|
452
463
|
`About to fetch license information for ${pkgList.length} packages in parsePkgLock`
|
|
@@ -652,7 +663,7 @@ const parseYarnLock = async function (yarnLockFile) {
|
|
|
652
663
|
}
|
|
653
664
|
});
|
|
654
665
|
}
|
|
655
|
-
if (
|
|
666
|
+
if (fetchLicenses && pkgList && pkgList.length) {
|
|
656
667
|
if (DEBUG_MODE) {
|
|
657
668
|
console.log(
|
|
658
669
|
`About to fetch license information for ${pkgList.length} packages in parseYarnLock`
|
|
@@ -719,7 +730,7 @@ const parseNodeShrinkwrap = async function (swFile) {
|
|
|
719
730
|
}
|
|
720
731
|
}
|
|
721
732
|
}
|
|
722
|
-
if (
|
|
733
|
+
if (fetchLicenses && pkgList && pkgList.length) {
|
|
723
734
|
if (DEBUG_MODE) {
|
|
724
735
|
console.log(
|
|
725
736
|
`About to fetch license information for ${pkgList.length} packages in parseNodeShrinkwrap`
|
|
@@ -874,7 +885,7 @@ const parsePnpmLock = async function (pnpmLock, parentComponent = null) {
|
|
|
874
885
|
}
|
|
875
886
|
}
|
|
876
887
|
}
|
|
877
|
-
if (
|
|
888
|
+
if (fetchLicenses && pkgList && pkgList.length) {
|
|
878
889
|
if (DEBUG_MODE) {
|
|
879
890
|
console.log(
|
|
880
891
|
`About to fetch license information for ${pkgList.length} packages in parsePnpmLock`
|
|
@@ -921,7 +932,7 @@ const parseBowerJson = async (bowerJsonFile) => {
|
|
|
921
932
|
// continue regardless of error
|
|
922
933
|
}
|
|
923
934
|
}
|
|
924
|
-
if (
|
|
935
|
+
if (fetchLicenses && pkgList && pkgList.length) {
|
|
925
936
|
if (DEBUG_MODE) {
|
|
926
937
|
console.log(
|
|
927
938
|
`About to fetch license information for ${pkgList.length} packages in parseBowerJson`
|
|
@@ -995,7 +1006,7 @@ const parseMinJs = async (minJsFile) => {
|
|
|
995
1006
|
// continue regardless of error
|
|
996
1007
|
}
|
|
997
1008
|
}
|
|
998
|
-
if (
|
|
1009
|
+
if (fetchLicenses && pkgList && pkgList.length) {
|
|
999
1010
|
if (DEBUG_MODE) {
|
|
1000
1011
|
console.log(
|
|
1001
1012
|
`About to fetch license information for ${pkgList.length} packages in parseMinJs`
|
|
@@ -1035,18 +1046,19 @@ const parsePom = function (pomFile) {
|
|
|
1035
1046
|
let versionStr = undefined;
|
|
1036
1047
|
if (version && version._ && version._.indexOf("$") == -1) {
|
|
1037
1048
|
versionStr = version._;
|
|
1038
|
-
|
|
1039
|
-
|
|
1040
|
-
|
|
1041
|
-
|
|
1042
|
-
|
|
1043
|
-
|
|
1044
|
-
|
|
1045
|
-
|
|
1046
|
-
|
|
1047
|
-
|
|
1048
|
-
|
|
1049
|
-
|
|
1049
|
+
if (includeMavenTestScope || !adep.scope || adep.scope !== "test")
|
|
1050
|
+
deps.push({
|
|
1051
|
+
group: adep.groupId ? adep.groupId._ : "",
|
|
1052
|
+
name: adep.artifactId ? adep.artifactId._ : "",
|
|
1053
|
+
version: versionStr,
|
|
1054
|
+
qualifiers: { type: "jar" },
|
|
1055
|
+
properties: [
|
|
1056
|
+
{
|
|
1057
|
+
name: "SrcFile",
|
|
1058
|
+
value: pomFile
|
|
1059
|
+
}
|
|
1060
|
+
]
|
|
1061
|
+
});
|
|
1050
1062
|
}
|
|
1051
1063
|
}
|
|
1052
1064
|
}
|
|
@@ -1071,7 +1083,7 @@ const parseMavenTree = function (rawOutput) {
|
|
|
1071
1083
|
let last_purl = "";
|
|
1072
1084
|
let stack = [];
|
|
1073
1085
|
tmpA.forEach((l) => {
|
|
1074
|
-
if (l.endsWith(":test")) {
|
|
1086
|
+
if (!includeMavenTestScope && l.endsWith(":test")) {
|
|
1075
1087
|
return;
|
|
1076
1088
|
}
|
|
1077
1089
|
let level = 0;
|
|
@@ -1531,7 +1543,7 @@ const getMvnMetadata = async function (pkgList) {
|
|
|
1531
1543
|
}
|
|
1532
1544
|
for (const p of pkgList) {
|
|
1533
1545
|
// If the package already has key metadata skip querying maven
|
|
1534
|
-
if (p.group && p.name && p.version && !
|
|
1546
|
+
if (p.group && p.name && p.version && !fetchLicenses) {
|
|
1535
1547
|
cdepList.push(p);
|
|
1536
1548
|
continue;
|
|
1537
1549
|
}
|
|
@@ -1641,7 +1653,7 @@ exports.parsePyRequiresDist = parsePyRequiresDist;
|
|
|
1641
1653
|
* @param {Boolean} fetchIndirectDeps Should we also fetch data about indirect dependencies from pypi
|
|
1642
1654
|
*/
|
|
1643
1655
|
const getPyMetadata = async function (pkgList, fetchIndirectDeps) {
|
|
1644
|
-
if (!
|
|
1656
|
+
if (!fetchLicenses && !fetchIndirectDeps) {
|
|
1645
1657
|
return pkgList;
|
|
1646
1658
|
}
|
|
1647
1659
|
const PYPI_URL = "https://pypi.org/pypi/";
|
|
@@ -2043,7 +2055,7 @@ exports.getGoPkgLicense = getGoPkgLicense;
|
|
|
2043
2055
|
const getGoPkgComponent = async function (group, name, version, hash) {
|
|
2044
2056
|
let pkg = {};
|
|
2045
2057
|
let license = undefined;
|
|
2046
|
-
if (
|
|
2058
|
+
if (fetchLicenses) {
|
|
2047
2059
|
if (DEBUG_MODE) {
|
|
2048
2060
|
console.log(
|
|
2049
2061
|
`About to fetch go package license information for ${group}:${name}`
|
|
@@ -2217,7 +2229,7 @@ const parseGosumData = async function (gosumData) {
|
|
|
2217
2229
|
const version = tmpA[1].replace("/go.mod", "");
|
|
2218
2230
|
const hash = tmpA[tmpA.length - 1].replace("h1:", "sha256-");
|
|
2219
2231
|
let license = undefined;
|
|
2220
|
-
if (
|
|
2232
|
+
if (fetchLicenses) {
|
|
2221
2233
|
if (DEBUG_MODE) {
|
|
2222
2234
|
console.log(
|
|
2223
2235
|
`About to fetch go package license information for ${name}`
|
|
@@ -2270,7 +2282,7 @@ const parseGopkgData = async function (gopkgData) {
|
|
|
2270
2282
|
case "name":
|
|
2271
2283
|
pkg.group = "";
|
|
2272
2284
|
pkg.name = value;
|
|
2273
|
-
if (
|
|
2285
|
+
if (fetchLicenses) {
|
|
2274
2286
|
pkg.license = await getGoPkgLicense({
|
|
2275
2287
|
group: pkg.group,
|
|
2276
2288
|
name: pkg.name
|
|
@@ -2400,7 +2412,7 @@ const parseGemspecData = async function (gemspecData) {
|
|
|
2400
2412
|
}
|
|
2401
2413
|
});
|
|
2402
2414
|
pkgList = [pkg];
|
|
2403
|
-
if (
|
|
2415
|
+
if (fetchLicenses) {
|
|
2404
2416
|
return await getRubyGemsMetadata(pkgList);
|
|
2405
2417
|
} else {
|
|
2406
2418
|
return pkgList;
|
|
@@ -2449,7 +2461,7 @@ const parseGemfileLockData = async function (gemLockData) {
|
|
|
2449
2461
|
specsFound = false;
|
|
2450
2462
|
}
|
|
2451
2463
|
});
|
|
2452
|
-
if (
|
|
2464
|
+
if (fetchLicenses) {
|
|
2453
2465
|
return await getRubyGemsMetadata(pkgList);
|
|
2454
2466
|
} else {
|
|
2455
2467
|
return pkgList;
|
|
@@ -2616,7 +2628,7 @@ const parseCargoTomlData = async function (cargoData) {
|
|
|
2616
2628
|
if (pkg) {
|
|
2617
2629
|
pkgList.push(pkg);
|
|
2618
2630
|
}
|
|
2619
|
-
if (
|
|
2631
|
+
if (fetchLicenses) {
|
|
2620
2632
|
return await getCratesMetadata(pkgList);
|
|
2621
2633
|
} else {
|
|
2622
2634
|
return pkgList;
|
|
@@ -2664,7 +2676,7 @@ const parseCargoData = async function (cargoData) {
|
|
|
2664
2676
|
}
|
|
2665
2677
|
}
|
|
2666
2678
|
});
|
|
2667
|
-
if (
|
|
2679
|
+
if (fetchLicenses) {
|
|
2668
2680
|
return await getCratesMetadata(pkgList);
|
|
2669
2681
|
} else {
|
|
2670
2682
|
return pkgList;
|
|
@@ -2693,7 +2705,7 @@ const parseCargoAuditableData = async function (cargoData) {
|
|
|
2693
2705
|
});
|
|
2694
2706
|
}
|
|
2695
2707
|
});
|
|
2696
|
-
if (
|
|
2708
|
+
if (fetchLicenses) {
|
|
2697
2709
|
return await getCratesMetadata(pkgList);
|
|
2698
2710
|
} else {
|
|
2699
2711
|
return pkgList;
|
|
@@ -2733,7 +2745,7 @@ const parsePubLockData = async function (pubLockData) {
|
|
|
2733
2745
|
}
|
|
2734
2746
|
}
|
|
2735
2747
|
});
|
|
2736
|
-
if (
|
|
2748
|
+
if (fetchLicenses) {
|
|
2737
2749
|
return await getDartMetadata(pkgList);
|
|
2738
2750
|
} else {
|
|
2739
2751
|
return pkgList;
|
|
@@ -3427,7 +3439,7 @@ const parseNupkg = async function (nupkgFile) {
|
|
|
3427
3439
|
}
|
|
3428
3440
|
];
|
|
3429
3441
|
pkgList.push(pkg);
|
|
3430
|
-
if (
|
|
3442
|
+
if (fetchLicenses) {
|
|
3431
3443
|
return await getNugetMetadata(pkgList);
|
|
3432
3444
|
} else {
|
|
3433
3445
|
return pkgList;
|
|
@@ -3459,7 +3471,7 @@ const parseCsPkgData = async function (pkgData) {
|
|
|
3459
3471
|
pkg.version = p.version;
|
|
3460
3472
|
pkgList.push(pkg);
|
|
3461
3473
|
}
|
|
3462
|
-
if (
|
|
3474
|
+
if (fetchLicenses) {
|
|
3463
3475
|
return await getNugetMetadata(pkgList);
|
|
3464
3476
|
} else {
|
|
3465
3477
|
return pkgList;
|
|
@@ -3514,7 +3526,7 @@ const parseCsProjData = async function (csProjData) {
|
|
|
3514
3526
|
}
|
|
3515
3527
|
}
|
|
3516
3528
|
}
|
|
3517
|
-
if (
|
|
3529
|
+
if (fetchLicenses) {
|
|
3518
3530
|
return await getNugetMetadata(pkgList);
|
|
3519
3531
|
} else {
|
|
3520
3532
|
return pkgList;
|
|
@@ -3554,7 +3566,7 @@ const parseCsProjAssetsData = async function (csProjData) {
|
|
|
3554
3566
|
pkgList.push(pkg);
|
|
3555
3567
|
}
|
|
3556
3568
|
}
|
|
3557
|
-
if (
|
|
3569
|
+
if (fetchLicenses) {
|
|
3558
3570
|
return await getNugetMetadata(pkgList);
|
|
3559
3571
|
} else {
|
|
3560
3572
|
return pkgList;
|
|
@@ -3583,7 +3595,7 @@ const parseCsPkgLockData = async function (csLockData) {
|
|
|
3583
3595
|
pkgList.push(pkg);
|
|
3584
3596
|
}
|
|
3585
3597
|
}
|
|
3586
|
-
if (
|
|
3598
|
+
if (fetchLicenses) {
|
|
3587
3599
|
return await getNugetMetadata(pkgList);
|
|
3588
3600
|
} else {
|
|
3589
3601
|
return pkgList;
|
package/utils.test.js
CHANGED
|
@@ -235,8 +235,8 @@ test("parse maven tree", () => {
|
|
|
235
235
|
let parsedList = utils.parseMavenTree(
|
|
236
236
|
fs.readFileSync("./test/data/sample-mvn-tree.txt", { encoding: "utf-8" })
|
|
237
237
|
);
|
|
238
|
-
expect(parsedList.pkgList.length).toEqual(
|
|
239
|
-
expect(parsedList.dependenciesList.length).toEqual(
|
|
238
|
+
expect(parsedList.pkgList.length).toEqual(61);
|
|
239
|
+
expect(parsedList.dependenciesList.length).toEqual(61);
|
|
240
240
|
expect(parsedList.pkgList[0]).toEqual({
|
|
241
241
|
group: "com.pogeyan.cmis",
|
|
242
242
|
name: "copper-server",
|
|
@@ -259,6 +259,7 @@ test("parse maven tree", () => {
|
|
|
259
259
|
"pkg:maven/commons-fileupload/commons-fileupload@1.4?type=jar",
|
|
260
260
|
"pkg:maven/com.fasterxml.jackson.core/jackson-core@2.12.0?type=jar",
|
|
261
261
|
"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.0?type=jar",
|
|
262
|
+
"pkg:maven/junit/junit@4.12?type=jar",
|
|
262
263
|
"pkg:maven/com.typesafe.akka/akka-actor_2.11@2.4.14?type=jar",
|
|
263
264
|
"pkg:maven/com.typesafe.akka/akka-cluster_2.11@2.4.14?type=jar",
|
|
264
265
|
"pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13?type=jar",
|
|
@@ -271,8 +272,8 @@ test("parse maven tree", () => {
|
|
|
271
272
|
encoding: "utf-8"
|
|
272
273
|
})
|
|
273
274
|
);
|
|
274
|
-
expect(parsedList.pkgList.length).toEqual(
|
|
275
|
-
expect(parsedList.dependenciesList.length).toEqual(
|
|
275
|
+
expect(parsedList.pkgList.length).toEqual(37);
|
|
276
|
+
expect(parsedList.dependenciesList.length).toEqual(37);
|
|
276
277
|
expect(parsedList.pkgList[0]).toEqual({
|
|
277
278
|
group: "com.gitlab.security_products.tests",
|
|
278
279
|
name: "java-maven",
|
|
@@ -282,7 +283,9 @@ test("parse maven tree", () => {
|
|
|
282
283
|
expect(parsedList.dependenciesList[0]).toEqual({
|
|
283
284
|
ref: "pkg:maven/com.gitlab.security_products.tests/java-maven@1.0-SNAPSHOT?type=jar",
|
|
284
285
|
dependsOn: [
|
|
286
|
+
"pkg:maven/org.powermock/powermock-api-mockito@1.7.3?type=jar",
|
|
285
287
|
"pkg:maven/io.netty/netty@3.9.1.Final?type=jar",
|
|
288
|
+
"pkg:maven/junit/junit@3.8.1?type=jar",
|
|
286
289
|
"pkg:maven/org.apache.maven/maven-artifact@3.3.9?type=jar",
|
|
287
290
|
"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.2?type=jar",
|
|
288
291
|
"pkg:maven/org.mozilla/rhino@1.7.10?type=jar",
|