@cyclonedx/cdxgen 9.9.4 → 9.9.6

package/README.md

@@ -86,10 +86,10 @@ For go, `go mod why` command is used to identify required packages. For php, com
 ## Installing
 
 ```shell
-sudo npm install -g @cyclonedx/cdxgen
+npm install -g @cyclonedx/cdxgen
 
 # For CycloneDX 1.4 compatibility use version 8.6.0 or pass the argument `--spec-version 1.4`
-sudo npm install -g @cyclonedx/cdxgen@8.6.0
+npm install -g @cyclonedx/cdxgen@8.6.0
 ```
 
 If you are a [Homebrew](https://brew.sh/) user, you can also install [cdxgen](https://formulae.brew.sh/formula/cdxgen) via:
@@ -327,7 +327,7 @@ This would create a bom.json.map file with the jar - class name mapping. Refer t
 
 ## Resolving licenses
 
-cdxgen can automatically query public registries such as maven, npm, or nuget to resolve the package licenses. This is a time-consuming operation and is disabled by default. To enable, set the environment variable `FETCH_LICENSE` to `true`, as shown.
+cdxgen can automatically query public registries such as maven, npm, or nuget to resolve the package licenses. This is a time-consuming operation and is disabled by default. To enable, set the environment variable `FETCH_LICENSE` to `true`, as shown. Ensure that `GITHUB_TOKEN` is set or provided by [built-in GITHUB_TOKEN in GitHub Actions](https://docs.github.com/en/rest/overview/rate-limits-for-the-rest-api#primary-rate-limit-for-github_token-in-github-actions), otherwise rate limiting might prevent license resolving.
 
 ```bash
 export FETCH_LICENSE=true
@@ -445,7 +445,7 @@ This feature is powered by osquery, which is [installed](https://github.com/cycl
 
 See [evinse mode](./ADVANCED.md) in the advanced documentation.
 
-## BoM signing
+## BOM signing
 
 cdxgen can sign the generated BOM json file to increase authenticity and non-repudiation capabilities. To enable this, set the following environment variables.
 

package/analyzer.js

@@ -108,7 +108,7 @@ const setFileRef = (allImports, src, file, pathnode, specifiers = []) => {
   }
   const fileRelativeLoc = relative(src, file);
   // remove unexpected extension imports
-  if (/\.(svg|png|jpg|d\.ts)/.test(pathway)) {
+  if (/\.(svg|png|jpg|json|d\.ts)/.test(pathway)) {
     return;
   }
   const importedModules = specifiers

package/data/frameworks-list.json

@@ -141,6 +141,25 @@
     "pkg:cargo/nickel",
     "pkg:cargo/yew",
     "pkg:cargo/azul",
-    "pkg:cargo/conrod"
+    "pkg:cargo/conrod",
+    "pkg:generic/Aws",
+    "pkg:generic/Azure",
+    "pkg:generic/google",
+    "pkg:generic/CivetServer",
+    "pkg:generic/civetweb",
+    "pkg:generic/cpprest",
+    "pkg:generic/QCoreApplication",
+    "pkg:generic/drogon",
+    "pkg:generic/wfrest",
+    "pkg:generic/http",
+    "pkg:generic/fio",
+    "pkg:generic/onion",
+    "pkg:generic/lwan",
+    "pkg:generic/oatpp",
+    "pkg:generic/QDjango",
+    "pkg:generic/userver",
+    "pkg:generic/Wt/",
+    "pkg:generic/klone",
+    "pkg:generic/kcgi"
   ]
 }

package/data/known-licenses.json

@@ -1,31 +1,82 @@
 [
-  { "license": "Apache-2.0", "group": "cloud.google.com", "name": "go" },
-  { "license": "Apache-2.0", "group": "cloud.google.com/go", "name": "*" },
-  { "license": "Apache-2.0", "group": "cuelang.org", "name": "go" },
-  { "license": "MIT", "group": "pack.ag", "name": "amqp" },
-  { "license": "Apache-2.0", "group": "google.golang.org", "name": "*" },
-  { "license": "BSD-3-Clause", "group": "golang.org/x", "name": "*" },
   {
-    "license": "BSD-3-Clause",
-    "group": "dmitri.shuralyov.com/gpu",
-    "name": "*"
+    "packageNamespace": "*",
+    "knownLicenses": [{ "license": "MIT", "urlIncludes": "mit-license" }]
   },
-  { "license": "Apache-2.0", "group": "contrib.go.opencensus.io", "name": "*" },
-  { "license": "Apache-2.0", "group": "git.apache.org", "name": "*" },
-  { "license": "Apache-2.0", "group": ".", "name": "go.opencensus.io" },
-  { "license": "MIT", "group": "sigs.k8s.io", "name": "*" },
-  { "license": "BSD-3-Clause", "group": "rsc.io", "name": "*" },
-  { "license": "Apache-2.0", "group": "openpitrix.io", "name": "*" },
-  { "license": "BSD-3-Clause", "group": "modernc.org", "name": "*" },
-  { "license": "Apache-2.0", "group": "kubesphere.io", "name": "*" },
-  { "license": "Apache-2.0", "group": "k8s.io", "name": "*" },
-  { "license": "Apache-2.0", "group": "istio.io", "name": "*" },
-  { "license": "MIT", "group": "honnef.co/go", "name": "*" },
-  { "license": "Apache-2.0", "group": ".", "name": "gotest.tools" },
-  { "license": "Apache-2.0", "group": "gopkg.in", "name": "*" },
-  { "license": "Apache-2.0", "group": "code.cloudfoundry.org", "name": "*" },
-  { "license": "BSD-3-Clause", "group": "gonum.org/v1", "name": "*" },
-  { "license": "Apache-2.0", "group": "gomodules.xyz/jsonpatch", "name": "*" },
-  { "license": "MIT", "group": "go.uber.org", "name": "*" },
-  { "license": "MIT", "group": "go.etcd.io", "name": "*" }
+  {
+    "packageNamespace": "pkg:golang/",
+    "knownLicenses": [
+      { "license": "Apache-2.0", "group": "cloud.google.com", "name": "go" },
+      { "license": "Apache-2.0", "group": "cloud.google.com/go", "name": "*" },
+      { "license": "Apache-2.0", "group": "cuelang.org", "name": "go" },
+      { "license": "MIT", "group": "pack.ag", "name": "amqp" },
+      { "license": "Apache-2.0", "group": "google.golang.org", "name": "*" },
+      { "license": "BSD-3-Clause", "group": "golang.org/x", "name": "*" },
+      {
+        "license": "BSD-3-Clause",
+        "group": "dmitri.shuralyov.com/gpu",
+        "name": "*"
+      },
+      {
+        "license": "Apache-2.0",
+        "group": "contrib.go.opencensus.io",
+        "name": "*"
+      },
+      { "license": "Apache-2.0", "group": "git.apache.org", "name": "*" },
+      { "license": "Apache-2.0", "group": ".", "name": "go.opencensus.io" },
+      { "license": "MIT", "group": "sigs.k8s.io", "name": "*" },
+      { "license": "BSD-3-Clause", "group": "rsc.io", "name": "*" },
+      { "license": "Apache-2.0", "group": "openpitrix.io", "name": "*" },
+      { "license": "BSD-3-Clause", "group": "modernc.org", "name": "*" },
+      { "license": "Apache-2.0", "group": "kubesphere.io", "name": "*" },
+      { "license": "Apache-2.0", "group": "k8s.io", "name": "*" },
+      { "license": "Apache-2.0", "group": "istio.io", "name": "*" },
+      { "license": "MIT", "group": "honnef.co/go", "name": "*" },
+      { "license": "Apache-2.0", "group": ".", "name": "gotest.tools" },
+      { "license": "Apache-2.0", "group": "gopkg.in", "name": "*" },
+      {
+        "license": "Apache-2.0",
+        "group": "code.cloudfoundry.org",
+        "name": "*"
+      },
+      { "license": "BSD-3-Clause", "group": "gonum.org/v1", "name": "*" },
+      {
+        "license": "Apache-2.0",
+        "group": "gomodules.xyz/jsonpatch",
+        "name": "*"
+      },
+      { "license": "MIT", "group": "go.uber.org", "name": "*" },
+      { "license": "MIT", "group": "go.etcd.io", "name": "*" }
+    ]
+  },
+  {
+    "packageNamespace": "pkg:nuget/",
+    "knownLicenses": [
+      {
+        "license": "MIT",
+        "urlIncludes": "//github.com/dotnet/standard/",
+        "licenseEvidence": "https://github.com/dotnet/standard/blob/release/3.0/LICENSE.TXT"
+      },
+      {
+        "license": "MIT",
+        "urlIncludes": "//github.com/dotnet/corefx/",
+        "licenseEvidence": "https://github.com/dotnet/corefx/blob/release/2.0.0/LICENSE.TXT"
+      },
+      {
+        "license": "MIT",
+        "urlIncludes": "//github.com/dotnet/core-setup/",
+        "licenseEvidence": "https://github.com/dotnet/core-setup/blob/release/2.0.0/LICENSE.TXT"
+      },
+      {
+        "licenseName": ".NET Library License",
+        "urlEndswith": "?LinkId=329770",
+        "licenseEvidence": "https://go.microsoft.com/fwlink/?LinkId=329770"
+      },
+      {
+        "licenseName": ".NET Library License",
+        "urlEndswith": "dotnet_library_license.htm",
+        "licenseEvidence": "https://dotnet.microsoft.com/en-us/dotnet_library_license.htm"
+      }
+    ]
+  }
 ]

package/docker.js

@@ -30,9 +30,25 @@ let dockerConn = undefined;
 let isPodman = false;
 let isPodmanRootless = true;
 let isDockerRootless = false;
+// https://github.com/containerd/containerd
+let isContainerd = !!process.env.CONTAINERD_ADDRESS;
 const WIN_LOCAL_TLS = "http://localhost:2375";
 let isWinLocalTLS = false;
 
+if (
+  !process.env.DOCKER_HOST &&
+  (process.env.CONTAINERD_ADDRESS ||
+    (process.env.XDG_RUNTIME_DIR &&
+      existsSync(
+        join(process.env.XDG_RUNTIME_DIR, "containerd-rootless", "api.sock")
+      )))
+) {
+  isContainerd = true;
+}
+
+// Cache the registry auth keys
+const registry_auth_keys = {};
+
 /**
  * Method to get all dirs matching a name
  *
@@ -94,7 +110,17 @@ export const getOnlyDirs = (srcpath, dirName) => {
   ].filter((d) => d.endsWith(dirName));
 };
 
-const getDefaultOptions = () => {
+const getDefaultOptions = (forRegistry) => {
+  let authTokenSet = false;
+  if (!forRegistry && process.env.DOCKER_SERVER_ADDRESS) {
+    forRegistry = process.env.DOCKER_SERVER_ADDRESS;
+  }
+  if (forRegistry) {
+    forRegistry = forRegistry.replace("http://", "").replace("https://", "");
+    if (forRegistry.includes("/")) {
+      forRegistry = forRegistry.split("/")[0];
+    }
+  }
   const opts = {
     enableUnixSockets: true,
     throwHttpErrors: true,
@@ -102,6 +128,97 @@ const getDefaultOptions = () => {
     hooks: { beforeError: [] },
     mutableDefaults: true
   };
+  const DOCKER_CONFIG = process.env.DOCKER_CONFIG || join(homedir(), ".docker");
+  // Support for private registry
+  if (process.env.DOCKER_AUTH_CONFIG) {
+    opts.headers = {
+      "X-Registry-Auth": process.env.DOCKER_AUTH_CONFIG
+    };
+    authTokenSet = true;
+  }
+  if (
+    !authTokenSet &&
+    process.env.DOCKER_USER &&
+    process.env.DOCKER_PASSWORD &&
+    process.env.DOCKER_EMAIL &&
+    forRegistry
+  ) {
+    const authPayload = {
+      username: process.env.DOCKER_USER,
+      email: process.env.DOCKER_EMAIL,
+      serveraddress: forRegistry
+    };
+    if (process.env.DOCKER_USER === "<token>") {
+      authPayload.IdentityToken = process.env.DOCKER_PASSWORD;
+    } else {
+      authPayload.password = process.env.DOCKER_PASSWORD;
+    }
+    opts.headers = {
+      "X-Registry-Auth": Buffer.from(JSON.stringify(authPayload)).toString(
+        "base64"
+      )
+    };
+  }
+  if (!authTokenSet && existsSync(join(DOCKER_CONFIG, "config.json"))) {
+    const configData = readFileSync(
+      join(DOCKER_CONFIG, "config.json"),
+      "utf-8"
+    );
+    if (configData) {
+      try {
+        const configJson = JSON.parse(configData);
+        if (configJson.auths) {
+          // Check if there are hardcoded tokens
+          for (const serverAddress of Object.keys(configJson.auths)) {
+            if (forRegistry && !serverAddress.includes(forRegistry)) {
+              continue;
+            }
+            if (configJson.auths[serverAddress].auth) {
+              opts.headers = {
+                "X-Registry-Auth": configJson.auths[serverAddress].auth
+              };
+              authTokenSet = true;
+              break;
+            } else if (configJson.credsStore) {
+              const helperAuthToken = getCredsFromHelper(
+                configJson.credsStore,
+                serverAddress
+              );
+              if (helperAuthToken) {
+                opts.headers = {
+                  "X-Registry-Auth": helperAuthToken
+                };
+                authTokenSet = true;
+                break;
+              }
+            }
+          }
+        } else if (configJson.credHelpers) {
+          // Support for credential helpers
+          for (const serverAddress of Object.keys(configJson.credHelpers)) {
+            if (forRegistry && !serverAddress.includes(forRegistry)) {
+              continue;
+            }
+            if (configJson.credHelpers[serverAddress]) {
+              const helperAuthToken = getCredsFromHelper(
+                configJson.credHelpers[serverAddress],
+                serverAddress
+              );
+              if (helperAuthToken) {
+                opts.headers = {
+                  "X-Registry-Auth": helperAuthToken
+                };
+                authTokenSet = true;
+                break;
+              }
+            }
+          }
+        }
+      } catch (err) {
+        // pass
+      }
+    }
+  }
   const userInfo = _userInfo();
   opts.podmanPrefixUrl = isWin ? "" : `http://unix:/run/podman/podman.sock:`;
   opts.podmanRootlessPrefixUrl = isWin
@@ -148,22 +265,34 @@ const getDefaultOptions = () => {
         ),
         key: readFileSync(join(process.env.DOCKER_CERT_PATH, "key.pem"), "utf8")
       };
+      // Disable tls on empty values
+      // From the docker docs: Setting the DOCKER_TLS_VERIFY environment variable to any value other than the empty string is equivalent to setting the --tlsverify flag
+      if (
+        process.env.DOCKER_TLS_VERIFY &&
+        process.env.DOCKER_TLS_VERIFY === ""
+      ) {
+        opts.https.rejectUnauthorized = false;
+        console.log("TLS Verification disabled for", hostStr);
+      }
     }
   }
 
   return opts;
 };
 
-export const getConnection = async (options) => {
-  if (!dockerConn) {
-    const defaultOptions = getDefaultOptions();
+export const getConnection = async (options, forRegistry) => {
+  if (isContainerd) {
+    return undefined;
+  } else if (!dockerConn) {
+    const defaultOptions = getDefaultOptions(forRegistry);
     const opts = Object.assign(
       {},
       {
         enableUnixSockets: defaultOptions.enableUnixSockets,
         throwHttpErrors: defaultOptions.throwHttpErrors,
         method: defaultOptions.method,
-        prefixUrl: defaultOptions.prefixUrl
+        prefixUrl: defaultOptions.prefixUrl,
+        headers: defaultOptions.headers
       },
       options
     );
@@ -247,8 +376,8 @@ export const getConnection = async (options) => {
   return dockerConn;
 };
 
-export const makeRequest = async (path, method = "GET") => {
-  const client = await getConnection();
+export const makeRequest = async (path, method = "GET", forRegistry) => {
+  const client = await getConnection({}, forRegistry);
   if (!client) {
     return undefined;
   }
@@ -258,14 +387,15 @@ export const makeRequest = async (path, method = "GET") => {
     enableUnixSockets: true,
     method
   };
-  const defaultOptions = getDefaultOptions();
+  const defaultOptions = getDefaultOptions(forRegistry);
   const opts = Object.assign(
     {},
     {
       enableUnixSockets: defaultOptions.enableUnixSockets,
       throwHttpErrors: defaultOptions.throwHttpErrors,
       method: defaultOptions.method,
-      prefixUrl: defaultOptions.prefixUrl
+      prefixUrl: defaultOptions.prefixUrl,
+      headers: defaultOptions.headers
     },
     extraOptions
   );
@@ -286,11 +416,16 @@ export const parseImageName = (fullImageName) => {
     repo: "",
     tag: "",
     digest: "",
-    platform: ""
+    platform: "",
+    group: "",
+    name: ""
   };
   if (!fullImageName) {
     return nameObj;
   }
+  // ensure it's lowercased
+  fullImageName = fullImageName.toLowerCase();
+
   // Extract registry name
   if (
     fullImageName.includes("/") &&
@@ -307,6 +442,7 @@ export const parseImageName = (fullImageName) => {
       fullImageName = fullImageName.replace(tmpA[0] + "/", "");
     }
   }
+
   // Extract digest name
   if (fullImageName.includes("@sha256:")) {
     const tmpA = fullImageName.split("@sha256:");
@@ -315,6 +451,7 @@ export const parseImageName = (fullImageName) => {
       fullImageName = fullImageName.replace("@sha256:" + nameObj.digest, "");
     }
   }
+
   // Extract tag name
   if (fullImageName.includes(":")) {
     const tmpA = fullImageName.split(":");
@@ -323,28 +460,61 @@ export const parseImageName = (fullImageName) => {
       fullImageName = fullImageName.replace(":" + nameObj.tag, "");
     }
   }
-  if (fullImageName && fullImageName.startsWith("library/")) {
-    fullImageName = fullImageName.replace("library/", "");
-  }
+
   // The left over string is the repo name
   nameObj.repo = fullImageName;
+  nameObj.name = fullImageName;
+
+  // extract group name
+  if (fullImageName.includes("/")) {
+    const tmpA = fullImageName.split("/");
+    if (tmpA.length > 1) {
+      nameObj.name = tmpA[tmpA.length - 1];
+      nameObj.group = fullImageName.replace("/" + tmpA[tmpA.length - 1], "");
+    }
+  }
+
   return nameObj;
 };
 
+/**
+ * Prefer cli on windows or when using tcp/ssh based host.
+ *
+ * @returns boolean true if we should use the cli. false otherwise
+ */
+const needsCliFallback = () => {
+  return (
+    isWin ||
+    (process.env.DOCKER_HOST &&
+      (process.env.DOCKER_HOST.startsWith("tcp://") ||
+        process.env.DOCKER_HOST.startsWith("ssh://")))
+  );
+};
+
 /**
  * Method to get image to the local registry by pulling from the remote if required
  */
 export const getImage = async (fullImageName) => {
   let localData = undefined;
   let pullData = undefined;
-  const { repo, tag, digest } = parseImageName(fullImageName);
-  let repoWithTag = `${repo}:${tag !== "" ? tag : ":latest"}`;
+  const { registry, repo, tag, digest } = parseImageName(fullImageName);
+  let repoWithTag =
+    registry && registry !== "docker.io"
+      ? fullImageName
+      : `${repo}:${tag !== "" ? tag : ":latest"}`;
   // Fetch only the latest tag if none is specified
   if (tag === "" && digest === "") {
     fullImageName = fullImageName + ":latest";
   }
-  if (isWin) {
-    let result = spawnSync("docker", ["pull", fullImageName], {
+  if (isContainerd) {
+    console.log(
+      "containerd/nerdctl is currently unsupported. Export the image manually and run cdxgen against the tar image."
+    );
+    return undefined;
+  }
+  if (needsCliFallback()) {
+    const dockerCmd = process.env.DOCKER_CMD || "docker";
+    let result = spawnSync(dockerCmd, ["pull", fullImageName], {
       encoding: "utf-8"
     });
     if (result.status !== 0 || result.error) {
@@ -355,12 +525,16 @@ export const getImage = async (fullImageName) => {
         console.log(
           "Ensure Docker for Desktop is running as an administrator with 'Exposing daemon on TCP without TLS' setting turned on."
         );
+      } else if (result.stderr && result.stderr.includes("not found")) {
+        console.log(
+          "Set the environment variable DOCKER_CMD to use an alternative command such as nerdctl or podman."
+        );
       } else {
         console.log(result.stderr);
       }
       return localData;
     } else {
-      result = spawnSync("docker", ["inspect", fullImageName], {
+      result = spawnSync(dockerCmd, ["inspect", fullImageName], {
         encoding: "utf-8"
       });
       if (result.status !== 0 || result.error) {
@@ -385,7 +559,11 @@ export const getImage = async (fullImageName) => {
     }
   }
   try {
-    localData = await makeRequest(`images/${repoWithTag}/json`);
+    localData = await makeRequest(
+      `images/${repoWithTag}/json`,
+      "GET",
+      registry
+    );
     if (localData) {
       return localData;
     }
@@ -393,10 +571,14 @@ export const getImage = async (fullImageName) => {
     // ignore
   }
   try {
-    localData = await makeRequest(`images/${repo}/json`);
+    localData = await makeRequest(`images/${repo}/json`, "GET", registry);
   } catch (err) {
     try {
-      localData = await makeRequest(`images/${fullImageName}/json`);
+      localData = await makeRequest(
+        `images/${fullImageName}/json`,
+        "GET",
+        registry
+      );
       if (localData) {
         return localData;
       }
@@ -412,7 +594,8 @@ export const getImage = async (fullImageName) => {
     try {
       pullData = await makeRequest(
         `images/create?fromImage=${fullImageName}`,
-        "POST"
+        "POST",
+        registry
       );
       if (
         pullData &&
@@ -434,7 +617,8 @@ export const getImage = async (fullImageName) => {
         }
         pullData = await makeRequest(
           `images/create?fromImage=${repoWithTag}`,
-          "POST"
+          "POST",
+          registry
         );
       } catch (err) {
         // continue regardless of error
@@ -444,7 +628,11 @@ export const getImage = async (fullImageName) => {
       if (DEBUG_MODE) {
         console.log(`Trying with ${repoWithTag}`);
       }
-      localData = await makeRequest(`images/${repoWithTag}/json`);
+      localData = await makeRequest(
+        `images/${repoWithTag}/json`,
+        "GET",
+        registry
+      );
       if (localData) {
         return localData;
       }
@@ -453,7 +641,7 @@ export const getImage = async (fullImageName) => {
         if (DEBUG_MODE) {
           console.log(`Trying with ${repo}`);
         }
-        localData = await makeRequest(`images/${repo}/json`);
+        localData = await makeRequest(`images/${repo}/json`, "GET", registry);
         if (localData) {
           return localData;
         }
@@ -464,7 +652,11 @@ export const getImage = async (fullImageName) => {
         if (DEBUG_MODE) {
           console.log(`Trying with ${fullImageName}`);
         }
-        localData = await makeRequest(`images/${fullImageName}/json`);
+        localData = await makeRequest(
+          `images/${fullImageName}/json`,
+          "GET",
+          registry
+        );
       } catch (err) {
         // continue regardless of error
       }
@@ -684,7 +876,7 @@ export const exportImage = async (fullImageName) => {
   if (!localData) {
     return undefined;
   }
-  const { tag, digest } = parseImageName(fullImageName);
+  const { registry, tag, digest } = parseImageName(fullImageName);
   // Fetch only the latest tag if none is specified
   if (tag === "" && digest === "") {
     fullImageName = fullImageName + ":latest";
@@ -695,7 +887,7 @@ export const exportImage = async (fullImageName) => {
   // Windows containers use index.json
   const manifestIndexFile = join(tempDir, "index.json");
   // On Windows, fallback to invoking cli
-  if (isWin) {
+  if (needsCliFallback()) {
     const imageTarFile = join(tempDir, "image.tar");
     console.log(
       `About to export image ${fullImageName} to ${imageTarFile} using docker cli`
@@ -722,10 +914,16 @@ export const exportImage = async (fullImageName) => {
       }
     }
   } else {
-    const client = await getConnection();
+    const client = await getConnection({}, registry);
     try {
       if (DEBUG_MODE) {
-        console.log(`About to export image ${fullImageName} to ${tempDir}`);
+        if (registry && registry.trim().length) {
+          console.log(
+            `About to export image ${fullImageName} from ${registry} to ${tempDir}`
+          );
+        } else {
+          console.log(`About to export image ${fullImageName} to ${tempDir}`);
+        }
       }
       await stream.pipeline(
         client.stream(`images/${fullImageName}/get`),
@@ -896,3 +1094,46 @@ export const removeImage = async (fullImageName, force = false) => {
   );
   return removeData;
 };
+
+export const getCredsFromHelper = (exeSuffix, serverAddress) => {
+  if (registry_auth_keys[serverAddress]) {
+    return registry_auth_keys[serverAddress];
+  }
+  let credHelperExe = `docker-credential-${exeSuffix}`;
+  if (isWin) {
+    credHelperExe = credHelperExe + ".exe";
+  }
+  const result = spawnSync(credHelperExe, ["get"], {
+    input: serverAddress,
+    encoding: "utf-8"
+  });
+  if (result.status !== 0 || result.error) {
+    console.log(result.stdout, result.stderr);
+  } else if (result.stdout) {
+    const cmdOutput = Buffer.from(result.stdout).toString();
+    try {
+      const authPayload = JSON.parse(cmdOutput);
+      const fixedAuthPayload = {
+        username:
+          authPayload.username ||
+          authPayload.Username ||
+          process.env.DOCKER_USER,
+        password:
+          authPayload.password ||
+          authPayload.Secret ||
+          process.env.DOCKER_PASSWORD,
+        email:
+          authPayload.email || authPayload.username || process.env.DOCKER_USER,
+        serveraddress: serverAddress
+      };
+      const authKey = Buffer.from(JSON.stringify(fixedAuthPayload)).toString(
+        "base64"
+      );
+      registry_auth_keys[serverAddress] = authKey;
+      return authKey;
+    } catch (err) {
+      return undefined;
+    }
+  }
+  return undefined;
+};