@cyclonedx/cdxgen 9.2.1 → 9.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +11 -0
- package/package.json +1 -1
- package/utils.js +15 -3
- package/validator.js +8 -3
package/index.js
CHANGED
|
@@ -1312,6 +1312,7 @@ export const createJavaBom = async (path, options) => {
|
|
|
1312
1312
|
// Bug #317 fix
|
|
1313
1313
|
parentComponent.components = allProjects.flatMap((s) => {
|
|
1314
1314
|
delete s.qualifiers;
|
|
1315
|
+
delete s.evidence;
|
|
1315
1316
|
return s;
|
|
1316
1317
|
});
|
|
1317
1318
|
dependencies.push({
|
|
@@ -3787,6 +3788,7 @@ export const createMultiXBom = async (pathList, options) => {
|
|
|
3787
3788
|
) {
|
|
3788
3789
|
parentSubComponents.push(bomData.parentComponent);
|
|
3789
3790
|
}
|
|
3791
|
+
// Retain metadata.component.components
|
|
3790
3792
|
if (
|
|
3791
3793
|
bomData.parentComponent.components &&
|
|
3792
3794
|
bomData.parentComponent.components.length
|
|
@@ -3819,6 +3821,15 @@ export const createMultiXBom = async (pathList, options) => {
|
|
|
3819
3821
|
) {
|
|
3820
3822
|
parentSubComponents.push(bomData.parentComponent);
|
|
3821
3823
|
}
|
|
3824
|
+
// Retain metadata.component.components
|
|
3825
|
+
if (
|
|
3826
|
+
bomData.parentComponent.components &&
|
|
3827
|
+
bomData.parentComponent.components.length
|
|
3828
|
+
) {
|
|
3829
|
+
parentSubComponents = parentSubComponents.concat(
|
|
3830
|
+
bomData.parentComponent.components
|
|
3831
|
+
);
|
|
3832
|
+
}
|
|
3822
3833
|
componentsXmls = componentsXmls.concat(
|
|
3823
3834
|
listComponents(options, {}, bomData.bomJson.components, "maven", "xml")
|
|
3824
3835
|
);
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cyclonedx/cdxgen",
|
|
3
|
-
"version": "9.2.
|
|
3
|
+
"version": "9.2.2",
|
|
4
4
|
"description": "Creates CycloneDX Software Bill-of-Materials (SBOM) from source or container image",
|
|
5
5
|
"homepage": "http://github.com/cyclonedx/cdxgen",
|
|
6
6
|
"author": "Prabhu Subramanian <prabhu@appthreat.com>",
|
package/utils.js
CHANGED
|
@@ -443,10 +443,22 @@ export const parsePkgJson = async (pkgJsonFile) => {
|
|
|
443
443
|
try {
|
|
444
444
|
const pkgData = JSON.parse(readFileSync(pkgJsonFile, "utf8"));
|
|
445
445
|
const pkgIdentifier = parsePackageJsonName(pkgData.name);
|
|
446
|
+
const name = pkgIdentifier.fullName || pkgData.name;
|
|
447
|
+
const group = pkgIdentifier.scope || "";
|
|
448
|
+
const purl = new PackageURL(
|
|
449
|
+
"npm",
|
|
450
|
+
encodeForPurl(group),
|
|
451
|
+
encodeForPurl(name),
|
|
452
|
+
pkgData.version,
|
|
453
|
+
null,
|
|
454
|
+
null
|
|
455
|
+
).toString();
|
|
446
456
|
pkgList.push({
|
|
447
|
-
name
|
|
448
|
-
group
|
|
457
|
+
name,
|
|
458
|
+
group,
|
|
449
459
|
version: pkgData.version,
|
|
460
|
+
purl,
|
|
461
|
+
"bom-ref": decodeURIComponent(purl),
|
|
450
462
|
properties: [
|
|
451
463
|
{
|
|
452
464
|
name: "SrcFile",
|
|
@@ -1740,7 +1752,7 @@ export const executeGradleProperties = function (dir, rootPath, subProject) {
|
|
|
1740
1752
|
if (subProject && subProject.match(/:/g).length >= 2) {
|
|
1741
1753
|
return defaultProps;
|
|
1742
1754
|
}
|
|
1743
|
-
|
|
1755
|
+
const gradlePropertiesArgs = [
|
|
1744
1756
|
subProject ? `${subProject}:properties` : "properties",
|
|
1745
1757
|
"-q",
|
|
1746
1758
|
"--console",
|
package/validator.js
CHANGED
|
@@ -68,11 +68,16 @@ export const validateMetadata = (bomJson) => {
|
|
|
68
68
|
warningsList.push("metadata.component is missing.");
|
|
69
69
|
}
|
|
70
70
|
if (bomJson.metadata.component) {
|
|
71
|
+
// Do we have a purl and bom-ref for metadata.component
|
|
72
|
+
if (!bomJson.metadata.component.purl) {
|
|
73
|
+
warningsList.push(`purl is missing for metadata.component`);
|
|
74
|
+
}
|
|
75
|
+
if (!bomJson.metadata.component["bom-ref"]) {
|
|
76
|
+
warningsList.push(`bom-ref is missing for metadata.component`);
|
|
77
|
+
}
|
|
71
78
|
// Do we have a version for metadata.component
|
|
72
79
|
if (!bomJson.metadata.component.version) {
|
|
73
|
-
warningsList.push(
|
|
74
|
-
`Version is missing for metadata.component with ref ${bomJson.metadata.component["bom-ref"]}`
|
|
75
|
-
);
|
|
80
|
+
warningsList.push(`Version is missing for metadata.component`);
|
|
76
81
|
}
|
|
77
82
|
// Is the same component getting repeated inside the components block
|
|
78
83
|
if (
|