npm - @cyclonedx/cdxgen - Versions diffs - 9.6.1 → 9.7.0 - Mend

@cyclonedx/cdxgen 9.6.1 → 9.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/README.md CHANGED Viewed

@@ -4,7 +4,7 @@
 cdxgen is a cli tool, library, [REPL](./ADVANCED.md) and server to create a valid and compliant [CycloneDX][cyclonedx-homepage] Software Bill-of-Materials (SBOM) containing an aggregate of all project dependencies for c/c++, node.js, php, python, ruby, rust, java, .Net, dart, haskell, elixir, and Go projects in JSON format. CycloneDX 1.5 is a lightweight SBOM specification that is easily created, human and machine-readable, and simple to parse.
-When used with plugins, cdxgen could generate an SBoM for Linux docker images and even VMs running Linux or Windows operating system. cdxgen also includes a tool called `evinse` that can generate component evidences for some languages.
+When used with plugins, cdxgen could generate an OBoM for Linux docker images and even VMs running Linux or Windows operating system. cdxgen also includes a tool called `evinse` that can generate component evidences and SaaSBoM for some languages.
 NOTE:
@@ -127,9 +127,7 @@ Options:
   -r, --recurse                Recurse mode suitable for mono-repos. Defaults to
                                 true. Pass --no-recurse to disable.
                                                        [boolean] [default: true]
-  -p, --print                  Print the SBoM as a table with tree. Defaults to
-                               true if output file is not specified with -o
-                                                                       [boolean]
+  -p, --print                  Print the SBoM as a table with tree.    [boolean]
   -c, --resolve-class          Resolve class names for packages. jars only for n
                                ow.                                     [boolean]
       --deep                   Perform deep searches for components. Useful whil
@@ -294,6 +292,7 @@ cdxgen can retain the dependency tree under the `dependencies` attribute for a s
 | MVN_CMD                      | Set to override maven command                                                                                                        |
 | MVN_ARGS                     | Set to pass additional arguments such as profile or settings to maven                                                                |
 | MAVEN_HOME                   | Specify maven home                                                                                                                   |
+| MAVEN_CENTRAL_URL            | Specify URL of Maven Central for metadata fetching (e.g. when private repo is used)                                                  |
 | GRADLE_CACHE_DIR             | Specify gradle cache directory. Useful for class name resolving                                                                      |
 | GRADLE_MULTI_PROJECT_MODE    | Unused. Automatically handled                                                                                                        |
 | GRADLE_ARGS                  | Set to pass additional arguments such as profile or settings to gradle (all tasks). Eg: --configuration runtimeClassPath             |
@@ -366,15 +365,15 @@ systemctl --user start podman.socket
 podman system service -t 0 &
 ```
-### Generate SBoM for a live system
+### Generate OBoM for a live system
-You can use cdxgen to generate SBoM for a live system or a VM for compliance and vulnerability management purposes by passing the argument `-t os`.
+You can use cdxgen to generate an OBoM for a live system or a VM for compliance and vulnerability management purposes by passing the argument `-t os`. Windows and Linux operating systems are supported in this mode.
 ```shell
 cdxgen -t os
 ```
-This feature is powered by osquery which is [installed](https://github.com/cyclonedx/cdxgen-plugins-bin/blob/main/build.sh#L8) along with the binary plugins. cdxgen would opportunistically try to detect as many components, apps and extensions as possible using the [default queries](queries.json). The process would take several minutes and result in an SBoM file with thousands of components.
+This feature is powered by osquery which is [installed](https://github.com/cyclonedx/cdxgen-plugins-bin/blob/main/build.sh#L8) along with the binary plugins. cdxgen would opportunistically try to detect as many components, apps and extensions as possible using the [default queries](queries.json). The process would take several minutes and result in an SBoM file with thousands of components of various types such as operating-system, device-drivers, files, and data.
 ## Generating SaaSBoM and component evidences

package/bin/cdxgen.js CHANGED Viewed

@@ -41,8 +41,7 @@ const args = yargs(hideBin(process.argv))
   .option("print", {
     alias: "p",
     type: "boolean",
-    description:
-      "Print the SBoM as a table with tree. Defaults to true if output file is not specified with -o"
+    description: "Print the SBoM as a table with tree."
   })
   .option("resolve-class", {
     alias: "c",
@@ -229,7 +228,6 @@ const checkPermissions = (filePath) => {
   const bomNSData = (await createBom(filePath, options)) || {};
   if (!args.output) {
     args.output = "bom.json";
-    args.print = true;
   }
   if (
     args.output &&

package/bin/verify.js CHANGED Viewed

@@ -40,6 +40,25 @@ if (args.version) {
 }
 const bomJson = JSON.parse(fs.readFileSync(args.input, "utf8"));
+let hasInvalidComp = false;
+// Validate any component signature
+for (const comp of bomJson.components) {
+  if (comp.signature) {
+    const compSignature = comp.signature.value;
+    const validationResult = jws.verify(
+      compSignature,
+      comp.signature.algorithm,
+      fs.readFileSync(args.publicKey, "utf8")
+    );
+    if (!validationResult) {
+      console.log(`${comp["bom-ref"]} signature is invalid!`);
+      hasInvalidComp = true;
+    }
+  }
+}
+if (hasInvalidComp) {
+  process.exit(1);
+}
 const bomSignature =
   bomJson.signature && bomJson.signature.value
     ? bomJson.signature.value

package/binary.js CHANGED Viewed

@@ -17,6 +17,7 @@ const isWin = _platform() === "win32";
 let platform = _platform();
 let extn = "";
+let pluginsBinSuffix = "";
 if (platform == "win32") {
   platform = "windows";
   extn = ".exe";
@@ -30,6 +31,13 @@ switch (arch) {
   case "x64":
     arch = "amd64";
     break;
+  case "arm64":
+    pluginsBinSuffix = "-arm64";
+    break;
+  case "ppc64":
+    arch = "ppc64le";
+    pluginsBinSuffix = "-ppc64";
+    break;
 }
 // Retrieve the cdxgen plugins directory
@@ -46,14 +54,20 @@ if (
 if (
   !CDXGEN_PLUGINS_DIR &&
   existsSync(
-    join(dirName, "node_modules", "@cyclonedx", "cdxgen-plugins-bin", "plugins")
+    join(
+      dirName,
+      "node_modules",
+      "@cyclonedx",
+      "cdxgen-plugins-bin" + pluginsBinSuffix,
+      "plugins"
+    )
   ) &&
   existsSync(
     join(
       dirName,
       "node_modules",
       "@cyclonedx",
-      "cdxgen-plugins-bin",
+      "cdxgen-plugins-bin" + pluginsBinSuffix,
       "plugins",
       "goversion"
     )
@@ -63,7 +77,7 @@ if (
     dirName,
     "node_modules",
     "@cyclonedx",
-    "cdxgen-plugins-bin",
+    "cdxgen-plugins-bin" + pluginsBinSuffix,
     "plugins"
   );
 }
@@ -88,7 +102,7 @@ if (!CDXGEN_PLUGINS_DIR) {
   const globalPlugins = join(
     globalNodePath,
     "@cyclonedx",
-    "cdxgen-plugins-bin",
+    "cdxgen-plugins-bin" + pluginsBinSuffix,
     "plugins"
   );
   if (existsSync(globalPlugins)) {
@@ -323,15 +337,21 @@ export const getOSPackages = (src) => {
         }
       }
       const osReleaseData = {};
-      // Let's try to read the os-release file
-      if (existsSync(join(src, "usr", "lib", "os-release"))) {
+      let osReleaseFile = undefined;
+      // Let's try to read the os-release file from various locations
+      if (existsSync(join(src, "etc", "os-release"))) {
+        osReleaseFile = join(src, "etc", "os-release");
+      } else if (existsSync(join(src, "usr", "lib", "os-release"))) {
+        osReleaseFile = join(src, "usr", "lib", "os-release");
+      }
+      if (osReleaseFile) {
         const osReleaseInfo = readFileSync(
           join(src, "usr", "lib", "os-release"),
           "utf-8"
         );
         if (osReleaseInfo) {
           osReleaseInfo.split("\n").forEach((l) => {
-            if (l.includes("=")) {
+            if (!l.startsWith("#") && l.includes("=")) {
               const tmpA = l.split("=");
               osReleaseData[tmpA[0]] = tmpA[1].replace(/"/g, "");
             }
@@ -592,10 +612,11 @@ export const executeOsQuery = (query) => {
     }
     const args = ["--json", query];
     if (DEBUG_MODE) {
-      console.log("Execuing", OSQUERY_BIN, args.join(" "));
+      console.log("Executing", OSQUERY_BIN, args.join(" "));
     }
     const result = spawnSync(OSQUERY_BIN, args, {
-      encoding: "utf-8"
+      encoding: "utf-8",
+      maxBuffer: 50 * 1024 * 1024
     });
     if (result.status !== 0 || result.error) {
       if (DEBUG_MODE && result.error) {
@@ -607,7 +628,17 @@ export const executeOsQuery = (query) => {
       if (stdout) {
         const cmdOutput = Buffer.from(stdout).toString();
         if (cmdOutput !== "") {
-          return JSON.parse(cmdOutput);
+          try {
+            return JSON.parse(cmdOutput);
+          } catch (err) {
+            // ignore
+            if (DEBUG_MODE) {
+              console.log("Unable to parse the output from query", query);
+              console.log(
+                "This could be due to the amount of data returned or the query being invalid for the given platform."
+              );
+            }
+          }
         }
         return undefined;
       }

package/data/queries-win.json ADDED Viewed

@@ -0,0 +1,200 @@
+{
+  "win_version": {
+    "query": "select tb1.name, tb1.build_version, (case when (arch like '%-bit') then concat('x', replace(arch,'-bit', '')) else arch end) as arch, 'Microsoft' as publisher, tb2.version from (select name, version as build_version, arch from os_version) tb1,(select data as version from registry where path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\DisplayVersion') tb2;",
+    "name": "win_version",
+    "description": "Retrieves the name, version number, build version, and arch of the target Windows system.",
+    "purlType": "swid",
+    "componentType": "operating-system"
+  },
+  "kernel_info": {
+    "query": "select * from kernel_info;",
+    "name": "os-image",
+    "description": "Retrieves information from the current kernel in the target system.",
+    "purlType": "swid"
+  },
+  "chrome_extensions": {
+    "query": "select chrome_extensions.* from users join chrome_extensions using (uid);",
+    "description": "Retrieves the list of extensions for Chrome in the target system.",
+    "purlType": "swid"
+  },
+  "firefox_addons": {
+    "query": "select firefox_addons.* from users join firefox_addons using (uid);",
+    "description": "Retrieves the list of addons for Firefox in the target system.",
+    "purlType": "swid"
+  },
+  "browser_plugins": {
+    "query": "select browser_plugins.* from users join browser_plugins using (uid);",
+    "description": "Retrieves the list of C/NPAPI browser plugin in the target system.",
+    "purlType": "swid"
+  },
+  "ie_extensions": {
+    "query": "select ie_extensions.* from users join ie_extensions using (uid);",
+    "description": "Retrieves the list of extensions for IE in the target system.",
+    "purlType": "swid"
+  },
+  "opera_extensions": {
+    "query": "select opera_extensions.* from users join opera_extensions using (uid);",
+    "description": "Retrieves the list of extensions for opera in the target system.",
+    "purlType": "swid"
+  },
+  "safari_extensions": {
+    "query": "select safari_extensions.* from users join safari_extensions using (uid);",
+    "description": "Retrieves the list of extensions for safari in the target system.",
+    "purlType": "swid"
+  },
+  "python_packages": {
+    "query": "select * from python_packages;",
+    "description": "Python packages installed on system.",
+    "purlType": "pypi"
+  },
+  "windows_programs": {
+    "query": "select * from programs;",
+    "description": "Retrieves the list of products as they are installed by Windows Installer in the target Windows system.",
+    "purlType": "swid"
+  },
+  "windows_patches": {
+    "query": "select * from patches;",
+    "description": "Retrieves all the information for the current windows drivers in the target Windows system.",
+    "purlType": "swid"
+  },
+  "windows_drivers": {
+    "query": "select * from drivers;",
+    "description": "Retrieves all the information for the current windows drivers in the target Windows system.",
+    "purlType": "swid"
+  },
+  "windows_shared_resources": {
+    "query": "select * from shared_resources;",
+    "description": "Retrieves the list of shared resources in the target Windows system.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "appcompat_shims": {
+    "query": "SELECT * FROM appcompat_shims WHERE description!='EMET_Database' AND executable NOT IN ('setuphost.exe','setupprep.exe','iisexpress.exe');",
+    "description": "Appcompat shims (.sdb files) installed on Windows hosts.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "system_info_snapshot": {
+    "query": "SELECT * FROM system_info;",
+    "description": "System info snapshot query.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "pipes_snapshot": {
+    "query": "SELECT processes.path, processes.cmdline, processes.uid, processes.on_disk, pipes.name, pid FROM pipes JOIN processes USING (pid);",
+    "description": "Pipes snapshot query.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "services_snapshot": {
+    "query": "SELECT * FROM services;",
+    "description": "Services snapshot query.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "wmi_cli_event_consumers": {
+    "query": "SELECT * FROM wmi_cli_event_consumers;",
+    "description": "WMI CommandLineEventConsumer, which can be used for persistence on Windows. See https://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdf for more details.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "wmi_filter_consumer_binding": {
+    "query": "SELECT * FROM wmi_filter_consumer_binding;",
+    "description": "Lists the relationship between event consumers and filters.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "wmi_cli_event_consumers_snapshot": {
+    "query": "SELECT * FROM wmi_cli_event_consumers;",
+    "description": "Snapshot query for WMI event consumers.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "certificates": {
+    "query": "SELECT * FROM certificates WHERE path != 'Other People';",
+    "description": "List all certificates in the trust store.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "wmi_event_filters": {
+    "query": "SELECT * FROM wmi_event_filters;",
+    "description": "Lists WMI event filters.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "etc_hosts": {
+    "query": "SELECT * FROM etc_hosts;",
+    "description": "List the contents of the Windows hosts file.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "scheduled_tasks": {
+    "query": "SELECT * FROM scheduled_tasks;",
+    "description": "List all scheduled_tasks.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "chocolatey_packages": {
+    "query": "SELECT * FROM chocolatey_packages;",
+    "description": "List all chocolatey_packages.",
+    "purlType": "chocolatey"
+  },
+  "npm_packages": {
+    "query": "SELECT * FROM npm_packages;",
+    "description": "List all npm_packages.",
+    "purlType": "npm"
+  },
+  "atom_packages": {
+    "query": "SELECT * FROM atom_packages;",
+    "description": "List all atom_packages.",
+    "purlType": "atom"
+  },
+  "startup_items": {
+    "query": "SELECT * FROM startup_items;",
+    "description": "List all startup_items.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "routes": {
+    "query": "SELECT * FROM routes;",
+    "description": "List all routes.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "listening_ports": {
+    "query": "SELECT * FROM listening_ports;",
+    "description": "List all listening_ports.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "processes": {
+    "query": "SELECT * FROM processes;",
+    "description": "List all processes.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "process_open_sockets": {
+    "query": "SELECT * FROM process_open_sockets;",
+    "description": "List all process_open_sockets.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "windows_update_history": {
+    "query": "SELECT * FROM windows_update_history;",
+    "description": "List all windows_update_history.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "windows_optional_features": {
+    "query": "SELECT * FROM windows_optional_features;",
+    "description": "List all windows_optional_features.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "windows_firewall_rules": {
+    "query": "SELECT * FROM windows_firewall_rules;",
+    "description": "List all windows_firewall_rules.",
+    "purlType": "swid",
+    "componentType": "data"
+  }
+}

package/data/queries.json CHANGED Viewed

@@ -1,24 +1,28 @@
 {
+  "os_version": {
+    "query": "select * from os_version;",
+    "description": "Retrieves the current version of the running osquery in the target system and where the configuration was loaded from.",
+    "purlType": "swid",
+    "componentType": "operating-system"
+  },
   "kernel_info": {
     "query": "select * from kernel_info;",
     "name": "os-image",
     "description": "Retrieves information from the current kernel in the target system.",
-    "purlType": "swid"
-  },
-  "os_version": {
-    "query": "select * from os_version;",
-    "description": "Retrieves the current version of the running osquery in the target system and where the configuration was loaded from.",
-    "purlType": "swid"
+    "purlType": "swid",
+    "componentType": "operating-system"
   },
   "chrome_extensions": {
     "query": "select chrome_extensions.* from users join chrome_extensions using (uid);",
     "description": "Retrieves the list of extensions for Chrome in the target system.",
-    "purlType": "swid"
+    "purlType": "swid",
+    "componentType": "application"
   },
   "firefox_addons": {
     "query": "select firefox_addons.* from users join firefox_addons using (uid);",
     "description": "Retrieves the list of addons for Firefox in the target system.",
-    "purlType": "swid"
+    "purlType": "swid",
+    "componentType": "application"
   },
   "deb_packages": {
     "query": "select * from deb_packages;",
@@ -30,6 +34,11 @@
     "description": "Retrieves all the APT sources to install packages from in the target Linux system.",
     "purlType": "deb"
   },
+  "yum_sources": {
+    "query": "select * from yum_sources;",
+    "description": "Display yum package manager sources.",
+    "purlType": "yum"
+  },
   "portage_packages": {
     "query": "select * from portage_packages;",
     "description": "Retrieves all the installed packages on the target Linux system.",
@@ -40,29 +49,171 @@
     "description": "Retrieves all the installed RPM packages in the target Linux system.",
     "purlType": "rpm"
   },
-  "backdoored_python_packages": {
-    "query": "select name as package_name, version as package_version, path as package_path from python_packages where package_name = 'acqusition' or package_name = 'apidev-coop' or package_name = 'bzip' or package_name = 'crypt' or package_name = 'django-server' or package_name = 'pwd' or package_name = 'setup-tools' or package_name = 'telnet' or package_name = 'urlib3' or package_name = 'urllib';",
-    "description": "Watches for the backdoored Python packages installed on system.",
+  "python_packages": {
+    "query": "select * from python_packages;",
+    "description": "Python packages installed on system.",
     "purlType": "pypi"
   },
   "windows_programs": {
     "query": "select * from programs;",
     "description": "Retrieves the list of products as they are installed by Windows Installer in the target Windows system.",
-    "purlType": "swid"
+    "purlType": "swid",
+    "componentType": "application"
   },
   "windows_patches": {
     "query": "select * from patches;",
     "description": "Retrieves all the information for the current windows drivers in the target Windows system.",
-    "purlType": "swid"
+    "purlType": "swid",
+    "componentType": "application"
   },
   "windows_drivers": {
     "query": "select * from drivers;",
     "description": "Retrieves all the information for the current windows drivers in the target Windows system.",
-    "purlType": "swid"
+    "purlType": "swid",
+    "componentType": "device-driver"
   },
   "windows_shared_resources": {
     "query": "select * from shared_resources;",
     "description": "Retrieves the list of shared resources in the target Windows system.",
-    "purlType": "swid"
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "system_info_snapshot": {
+    "query": "SELECT * FROM system_info;",
+    "description": "System info snapshot query.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "pipes_snapshot": {
+    "query": "SELECT processes.path, processes.cmdline, processes.uid, processes.on_disk, pipes.name, pid FROM pipes JOIN processes USING (pid);",
+    "description": "Pipes snapshot query.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "services_snapshot": {
+    "query": "SELECT * FROM services;",
+    "description": "Services snapshot query.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "pipes": {
+    "query": "SELECT processes.path, processes.cmdline, processes.uid, processes.on_disk, pipes.name, pid FROM pipes JOIN processes USING (pid);",
+    "description": "Named and Anonymous pipes.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "etc_hosts": {
+    "query": "SELECT * FROM etc_hosts;",
+    "description": "List the contents of the Windows hosts file.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "scheduled_tasks": {
+    "query": "SELECT * FROM scheduled_tasks;",
+    "description": "List all scheduled_tasks.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "homebrew_packages": {
+    "query": "SELECT * FROM homebrew_packages;",
+    "description": "List all homebrew_packages.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "installed_applications": {
+    "query": "SELECT * FROM apps;",
+    "description": "List all macos apps.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "kernel_integrity": {
+    "query": "SELECT * FROM kernel_integrity;",
+    "description": "Various Linux kernel integrity checked attributes.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "crontab_snapshot": {
+    "query": "SELECT * FROM crontab;",
+    "description": "Retrieves all the jobs scheduled in crontab in the target system.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "kernel_modules": {
+    "query": "SELECT * FROM kernel_modules;",
+    "description": "Linux kernel modules both loaded and within the load search path.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "behavioral_reverse_shell": {
+    "query": "SELECT DISTINCT(processes.pid), processes.parent, processes.name, processes.path, processes.cmdline, processes.cwd, processes.root, processes.uid, processes.gid, processes.start_time, process_open_sockets.remote_address, process_open_sockets.remote_port, (SELECT cmdline FROM processes AS parent_cmdline WHERE pid=processes.parent) AS parent_cmdline FROM processes JOIN process_open_sockets USING (pid) LEFT OUTER JOIN process_open_files ON processes.pid = process_open_files.pid WHERE (name='sh' OR name='bash') AND remote_address NOT IN ('0.0.0.0', '::', '') AND remote_address NOT LIKE '10.%' AND remote_address NOT LIKE '192.168.%';",
+    "description": "Find shell processes that have open sockets.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "process_events": {
+    "query": "SELECT auid, cmdline, ctime, cwd, egid, euid, gid, parent, path, pid, time, uid FROM process_events WHERE path NOT IN ('/bin/sed', '/usr/bin/tr', '/bin/gawk', '/bin/date', '/bin/mktemp', '/usr/bin/dirname', '/usr/bin/head', '/usr/bin/jq', '/bin/cut', '/bin/uname', '/bin/basename') and cmdline NOT LIKE '%_key%' AND cmdline NOT LIKE '%secret%';",
+    "description": "Process events collected from the audit framework.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "ld_preload": {
+    "query": "SELECT process_envs.pid, process_envs.key, process_envs.value, processes.name, processes.path, processes.cmdline, processes.cwd FROM process_envs join processes USING (pid) WHERE key = 'LD_PRELOAD';",
+    "description": "Any processes that run with an LD_PRELOAD environment variable.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "certificates": {
+    "query": "SELECT * FROM certificates WHERE path != 'Other People';",
+    "description": "List all certificates in the trust store.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "processes": {
+    "query": "SELECT * FROM processes;",
+    "description": "List all processes.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "startup_items": {
+    "query": "SELECT * FROM startup_items;",
+    "description": "List all startup_items.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "listening_ports": {
+    "query": "SELECT * FROM listening_ports;",
+    "description": "List all listening_ports.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "interface_addresses": {
+    "query": "SELECT * FROM interface_addresses;",
+    "description": "List all interface_addresses.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "docker_container_ports": {
+    "query": "SELECT * FROM docker_container_ports;",
+    "description": "List all docker_container_ports.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "docker_containers": {
+    "query": "SELECT * FROM docker_containers;",
+    "description": "List all docker_containers.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "docker_networks": {
+    "query": "SELECT * FROM docker_networks;",
+    "description": "List all docker_networks.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "docker_volumes": {
+    "query": "SELECT * FROM docker_volumes;",
+    "description": "List all docker_volumes.",
+    "purlType": "swid",
+    "componentType": "data"
   }
 }