npm - @cyclonedx/cdxgen - Versions diffs - 9.8.3 → 9.8.5 - Mend

@cyclonedx/cdxgen 9.8.3 → 9.8.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md CHANGED Viewed

@@ -238,6 +238,22 @@ docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx
 Use curl or your favorite tool to pass arguments to the `/sbom` route.
+### Server arguments
+Arguments can be passed either via the query string or as a JSON body. The following arguments are supported.
+| Argument       | Description                                                                                                                                 |
+| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------- |
+| type           | Project type                                                                                                                                |
+| multiProject   | [boolean]                                                                                                                                   |
+| requiredOnly   | Include only the packages with required scope on the SBoM. [boolean]                                                                        |
+| noBabel        | Do not use babel to perform usage analysis for JavaScript/TypeScript projects. [boolean]                                                    |
+| installDeps    | Install dependencies automatically for some projects. Defaults to true but disabled for containers and oci scans. [boolean] [default: true] |
+| project        |                                                                                                                                             |
+| projectName    | Dependency track project name. Default use the directory name                                                                               |
+| projectGroup   | Dependency track project group                                                                                                              |
+| projectVersion | Dependency track project version [default: ""]                                                                                              |
 ### Scanning a local path
 ```shell

package/index.js CHANGED Viewed

@@ -686,7 +686,6 @@ function addComponent(
         encodeForPurl(pkg.subpath)
       );
     let purlString = purl.toString();
-    purlString = decodeURIComponent(purlString);
     let description = { "#cdata": pkg.description };
     if (format === "json") {
       description = pkg.description || undefined;
@@ -2681,7 +2680,9 @@ export const createGoBom = async (path, options) => {
           }
         } else {
           shouldManuallyParse = true;
-          console.error("go unexpectedly didn't return any output");
+          console.error(
+            "go unexpectedly didn't return any output. Check if the correct version of golang is installed."
+          );
           options.failOnError && process.exit(1);
         }
       }
@@ -4419,7 +4420,12 @@ export const createMultiXBom = async (pathList, options) => {
       );
     }
     bomData = await createCsharpBom(path, options, parentComponent);
-    if (bomData && bomData.bomJson && bomData.bomJson.components) {
+    if (
+      bomData &&
+      bomData.bomJson &&
+      bomData.bomJson.components &&
+      bomData.bomJson.components.length
+    ) {
       if (DEBUG_MODE) {
         console.log(
           `Found ${bomData.bomJson.components.length} csharp packages at ${path}`

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@cyclonedx/cdxgen",
-  "version": "9.8.3",
+  "version": "9.8.5",
   "description": "Creates CycloneDX Software Bill-of-Materials (SBOM) from source or container image",
   "homepage": "http://github.com/cyclonedx/cdxgen",
   "author": "Prabhu Subramanian <prabhu@appthreat.com>",
@@ -38,6 +38,7 @@
     "cdx-verify": "./bin/verify.js"
   },
   "scripts": {
+    "docs": "docsify serve docs",
     "test": "node --experimental-vm-modules node_modules/jest/bin/jest.js --inject-globals false docker.test.js utils.test.js display.test.js",
     "watch": "node --experimental-vm-modules node_modules/jest/bin/jest.js --watch --inject-globals false",
     "lint": "eslint *.js *.test.js bin/*.js",
@@ -99,6 +100,7 @@
   ],
   "devDependencies": {
     "caxa": "^3.0.1",
+    "docsify-cli": "^4.4.4",
     "eslint": "^8.49.0",
     "jest": "^29.7.0",
     "prettier": "3.0.3"

package/server.js CHANGED Viewed

@@ -6,7 +6,7 @@ import { spawnSync } from "node:child_process";
 import os from "node:os";
 import fs from "node:fs";
 import path from "node:path";
-import { createBom } from "./index.js";
+import { createBom, submitBom } from "./index.js";
 import compression from "compression";
 // Timeout milliseconds. Default 10 mins
@@ -42,33 +42,37 @@ const parseQueryString = (q, body, options = {}) => {
   if (body && Object.keys(body).length) {
     options = Object.assign(options, body);
   }
-  if (q.type) {
-    options.projectType = q.type;
-  }
-  if (q.multiProject && q.multiProject !== "false") {
-    options.multiProject = true;
-  }
-  if (q.requiredOnly && q.requiredOnly !== "false") {
-    options.requiredOnly = true;
-  }
-  if (q.noBabel) {
-    options.noBabel = q.noBabel;
-  }
-  if (q.installDeps) {
-    options.installDeps = q.installDeps;
-  }
-  if (q.project) {
-    options.project = q.project;
-  }
-  if (q.projectName) {
-    options.projectName = q.projectName;
-  }
-  if (q.projectGroup) {
-    options.projectGroup = q.projectGroup;
+  const queryParams = [
+    "type",
+    "multiProject",
+    "requiredOnly",
+    "noBabel",
+    "installDeps",
+    "project",
+    "projectName",
+    "projectGroup",
+    "projectVersion",
+    "parentUUID",
+    "serverUrl",
+    "apiKey",
+    "specVersion"
+  ];
+  for (const param of queryParams) {
+    if (q[param]) {
+      options[param] = q[param];
+    }
   }
-  if (q.projectVersion) {
-    options.projectVersion = q.projectVersion;
+  // To help dependency track users, we downgrade the spec version to 1.4 automatically
+  if (options.serverUrl || options.apiKey) {
+    options.specVersion = 1.4;
   }
+  options.projectType == options.type;
+  delete options.type;
   return options;
 };
@@ -114,6 +118,10 @@ const start = (options) => {
         res.write(JSON.stringify(bomNSData.bomJson, null, 2));
       }
     }
+    if (options.serverUrl && options.apiKey) {
+      console.log("Publishing SBoM to Dependency Track");
+      submitBom(options, bomNSData.bomJson);
+    }
     res.end("\n");
     if (cleanup && srcDir && srcDir.startsWith(os.tmpdir()) && fs.rmSync) {
       console.log(`Cleaning up ${srcDir}`);

package/utils.test.js CHANGED Viewed

@@ -1143,7 +1143,7 @@ test("parse github actions workflow data", async () => {
   dep_list = parseGitHubWorkflowData(
     readFileSync("./.github/workflows/repotests.yml", { encoding: "utf-8" })
   );
-  expect(dep_list.length).toEqual(6);
+  expect(dep_list.length).toEqual(7);
   expect(dep_list[0]).toEqual({
     group: "actions",
     name: "checkout",