@datadog/datadog-ci 2.22.1 → 2.23.0

package/dist/commands/sbom/api.d.ts

@@ -1,7 +1,7 @@
 import { AxiosPromise, AxiosResponse } from 'axios';
-import { SBOMPayload } from './protobuf/sbom_intake';
+import { ScaRequest } from './types';
 /**
  * Get the function to upload our results to the intake.
  * @param apiKey
  */
-export declare const getApiHelper: (apiKey: string) => (sbomPayload: SBOMPayload) => AxiosPromise<AxiosResponse>;
+export declare const getApiHelper: (apiKey: string, appKey: string) => (scaRequest: ScaRequest) => AxiosPromise<AxiosResponse>;

package/dist/commands/sbom/api.js

@@ -11,26 +11,31 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getApiHelper = void 0;
 const constants_1 = require("../../constants");
-const api_1 = require("../../helpers/api");
 const utils_1 = require("../../helpers/utils");
+const utils_2 = require("../junit/utils");
 const constants_2 = require("./constants");
-const sbom_intake_1 = require("./protobuf/sbom_intake");
 const maxBodyLength = Infinity;
 /**
  * Get the function to upload our results to the intake.
  * @param apiKey
  */
-const getApiHelper = (apiKey) => {
+const getApiHelper = (apiKey, appKey) => {
     /**
      * function used to marshall and send the data
      * @param request - the AXIOS element used to send the request
      */
-    const uploadSBomPayload = (request) => (payload) => __awaiter(void 0, void 0, void 0, function* () {
-        const buffer = sbom_intake_1.SBOMPayload.encode(payload).finish();
+    const uploadSBomPayload = (request) => (scaPayload) => __awaiter(void 0, void 0, void 0, function* () {
+        // Make sure we follow the API signature
+        const payload = {
+            data: {
+                type: 'scarequests',
+                attributes: scaPayload,
+            },
+        };
         return request({
-            data: buffer,
+            data: JSON.stringify(payload),
             headers: {
-                [constants_1.CONTENT_TYPE_HEADER]: constants_1.CONTENT_TYPE_VALUE_PROTOBUF,
+                [constants_1.CONTENT_TYPE_HEADER]: constants_1.CONTENT_TYPE_VALUE_JSON,
                 'DD-EVP-ORIGIN': 'datadog-ci',
                 'DD-EVP-ORIGIN-VERSION': '0.0.1',
             },
@@ -40,9 +45,9 @@ const getApiHelper = (apiKey) => {
         });
     });
     // Get the intake name
-    const intakeUrl = (0, api_1.getBaseIntakeUrl)(constants_2.INTAKE_NAME);
+    const url = (0, utils_2.getBaseUrl)();
     // Get the AXIOS request/response function
-    const requestIntake = (0, utils_1.getRequestBuilder)({ baseUrl: intakeUrl, apiKey });
+    const requestIntake = (0, utils_1.getRequestBuilder)({ baseUrl: url, apiKey, appKey });
     return uploadSBomPayload(requestIntake);
 };
 exports.getApiHelper = getApiHelper;

package/dist/commands/sbom/api.js.map

@@ -1 +1 @@
-{"version":3,"file":"api.js","sourceRoot":"","sources":["../../../src/commands/sbom/api.ts"],"names":[],"mappings":";;;;;;;;;;;;AAEA,+CAA6F;AAC7F,2CAAkD;AAClD,+CAAqD;AAErD,2CAAqD;AACrD,wDAAkD;AAElD,MAAM,aAAa,GAAG,QAAQ,CAAA;AAE9B;;;GAGG;AACI,MAAM,YAAY,GAAG,CAAC,MAAc,EAA+D,EAAE;IAC1G;;;OAGG;IACH,MAAM,iBAAiB,GAAG,CAAC,OAAkE,EAAE,EAAE,CAAC,CAChG,OAAoB,EACpB,EAAE;QACF,MAAM,MAAM,GAAG,yBAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,CAAA;QAEnD,OAAO,OAAO,CAAC;YACb,IAAI,EAAE,MAAM;YACZ,OAAO,EAAE;gBACP,CAAC,+BAAmB,CAAC,EAAE,uCAA2B;gBAClD,eAAe,EAAE,YAAY;gBAC7B,uBAAuB,EAAE,OAAO;aACjC;YACD,aAAa;YACb,MAAM,EAAE,uBAAW;YACnB,GAAG,EAAE,wBAAY;SAClB,CAAC,CAAA;IACJ,CAAC,CAAA,CAAA;IAED,sBAAsB;IACtB,MAAM,SAAS,GAAG,IAAA,sBAAgB,EAAC,uBAAW,CAAC,CAAA;IAC/C,0CAA0C;IAC1C,MAAM,aAAa,GAAG,IAAA,yBAAiB,EAAC,EAAC,OAAO,EAAE,SAAS,EAAE,MAAM,EAAC,CAAC,CAAA;IAErE,OAAO,iBAAiB,CAAC,aAAa,CAAC,CAAA;AACzC,CAAC,CAAA;AA7BY,QAAA,YAAY,gBA6BxB"}
+{"version":3,"file":"api.js","sourceRoot":"","sources":["../../../src/commands/sbom/api.ts"],"names":[],"mappings":";;;;;;;;;;;;AAEA,+CAAsH;AACtH,+CAAqD;AAErD,0CAAyC;AAEzC,2CAAwC;AAGxC,MAAM,aAAa,GAAG,QAAQ,CAAA;AAE9B;;;GAGG;AACI,MAAM,YAAY,GAAG,CAC1B,MAAc,EACd,MAAc,EAC6C,EAAE;IAC7D;;;OAGG;IACH,MAAM,iBAAiB,GAAG,CAAC,OAAkE,EAAE,EAAE,CAAC,CAChG,UAAsB,EACtB,EAAE;QACF,wCAAwC;QACxC,MAAM,OAAO,GAAG;YACd,IAAI,EAAE;gBACJ,IAAI,EAAE,aAAa;gBACnB,UAAU,EAAE,UAAU;aACvB;SACF,CAAA;QAED,OAAO,OAAO,CAAC;YACb,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;YAC7B,OAAO,EAAE;gBACP,CAAC,+BAAmB,CAAC,EAAE,mCAAuB;gBAC9C,eAAe,EAAE,YAAY;gBAC7B,uBAAuB,EAAE,OAAO;aACjC;YACD,aAAa;YACb,MAAM,EAAE,uBAAW;YACnB,GAAG,EAAE,wBAAY;SAClB,CAAC,CAAA;IACJ,CAAC,CAAA,CAAA;IAED,sBAAsB;IACtB,MAAM,GAAG,GAAG,IAAA,kBAAU,GAAE,CAAA;IACxB,0CAA0C;IAC1C,MAAM,aAAa,GAAG,IAAA,yBAAiB,EAAC,EAAC,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAC,CAAC,CAAA;IAEvE,OAAO,iBAAiB,CAAC,aAAa,CAAC,CAAA;AACzC,CAAC,CAAA;AAtCY,QAAA,YAAY,gBAsCxB"}

package/dist/commands/sbom/constants.d.ts

@@ -1,2 +1 @@
-export declare const API_ENDPOINT = "api/v2/sbom";
-export declare const INTAKE_NAME = "sbom-intake";
+export declare const API_ENDPOINT = "api/v2/static-analysis-sca/dependencies";

package/dist/commands/sbom/constants.js

@@ -1,6 +1,5 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.INTAKE_NAME = exports.API_ENDPOINT = void 0;
-exports.API_ENDPOINT = 'api/v2/sbom';
-exports.INTAKE_NAME = 'sbom-intake';
+exports.API_ENDPOINT = void 0;
+exports.API_ENDPOINT = 'api/v2/static-analysis-sca/dependencies';
 //# sourceMappingURL=constants.js.map

package/dist/commands/sbom/constants.js.map

@@ -1 +1 @@
-{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../../src/commands/sbom/constants.ts"],"names":[],"mappings":";;;AAAa,QAAA,YAAY,GAAG,aAAa,CAAA;AAC5B,QAAA,WAAW,GAAG,aAAa,CAAA"}
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../../src/commands/sbom/constants.ts"],"names":[],"mappings":";;;AAAa,QAAA,YAAY,GAAG,yCAAyC,CAAA"}

package/dist/commands/sbom/language.d.ts

@@ -0,0 +1,2 @@
+import { DependencyLanguage } from './types';
+export declare const getLanguageFromComponent: (component: any) => DependencyLanguage | undefined;

package/dist/commands/sbom/language.js

@@ -0,0 +1,33 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getLanguageFromComponent = void 0;
+const types_1 = require("./types");
+// Attempt to find the language from a SBOM component. For now, we get the source either from
+// the bom-ref or the purl property of the SBOM.
+const getLanguageFromComponent = (component) => {
+    const componentName = component['name'];
+    if (component['bom-ref']) {
+        if (component['bom-ref'].includes('pkg:npm')) {
+            return types_1.DependencyLanguage.NPM;
+        }
+        if (component['purl'].includes('pkg:composer')) {
+            return types_1.DependencyLanguage.PHP;
+        }
+        if (component['purl'].includes('pkg:cargo')) {
+            return types_1.DependencyLanguage.RUST;
+        }
+        if (component['purl'].includes('pkg:gem')) {
+            return types_1.DependencyLanguage.RUBY;
+        }
+        if (component['purl'].includes('pkg:maven')) {
+            return types_1.DependencyLanguage.JVM;
+        }
+        if (component['purl'].includes('pkg:golang')) {
+            return types_1.DependencyLanguage.GO;
+        }
+    }
+    console.debug(`language for component ${componentName} not found`);
+    return undefined;
+};
+exports.getLanguageFromComponent = getLanguageFromComponent;
+//# sourceMappingURL=language.js.map

package/dist/commands/sbom/language.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"language.js","sourceRoot":"","sources":["../../../src/commands/sbom/language.ts"],"names":[],"mappings":";;;AAAA,mCAA0C;AAE1C,6FAA6F;AAC7F,gDAAgD;AACzC,MAAM,wBAAwB,GAAG,CAAC,SAAc,EAAkC,EAAE;IACzF,MAAM,aAAa,GAAG,SAAS,CAAC,MAAM,CAAC,CAAA;IAEvC,IAAI,SAAS,CAAC,SAAS,CAAC,EAAE;QACxB,IAAI,SAAS,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE;YAC5C,OAAO,0BAAkB,CAAC,GAAG,CAAA;SAC9B;QACD,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE;YAC9C,OAAO,0BAAkB,CAAC,GAAG,CAAA;SAC9B;QACD,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE;YAC3C,OAAO,0BAAkB,CAAC,IAAI,CAAA;SAC/B;QACD,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE;YACzC,OAAO,0BAAkB,CAAC,IAAI,CAAA;SAC/B;QACD,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE;YAC3C,OAAO,0BAAkB,CAAC,GAAG,CAAA;SAC9B;QACD,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE;YAC5C,OAAO,0BAAkB,CAAC,EAAE,CAAA;SAC7B;KACF;IAED,OAAO,CAAC,KAAK,CAAC,0BAA0B,aAAa,YAAY,CAAC,CAAA;IAElE,OAAO,SAAS,CAAA;AAClB,CAAC,CAAA;AA3BY,QAAA,wBAAwB,4BA2BpC"}

package/dist/commands/sbom/license.d.ts

@@ -0,0 +1,3 @@
+import { DependencyLicense } from './types';
+export declare const getLicensesFromString: (s: string) => DependencyLicense[];
+export declare const getLicensesFromComponent: (component: any) => DependencyLicense[];

package/dist/commands/sbom/license.js

@@ -0,0 +1,98 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getLicensesFromComponent = exports.getLicensesFromString = void 0;
+const types_1 = require("./types");
+// Get the license from a string. If the license is valid, we return it. Otherwise, we return undefined
+// List of licenses: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/licensing-a-repository
+const getLicenseFromString = (s) => {
+    if (!s) {
+        return undefined;
+    }
+    switch (s.toLowerCase()) {
+        case '0bsd':
+            return types_1.DependencyLicense.ZEROBSD;
+        case 'apache-2.0':
+        case 'apache license, version 2.0':
+        case 'the apache software license, version 2.0':
+            return types_1.DependencyLicense.APACHE2;
+        case 'bsd-2-clause':
+            return types_1.DependencyLicense.BSD2CLAUSE;
+        case 'bsd-3-clause':
+            return types_1.DependencyLicense.BSD3CLAUSE;
+        case 'bsl-1.0':
+            return types_1.DependencyLicense.BSL1;
+        case 'gpl v2':
+            return types_1.DependencyLicense.GPL2_0;
+        case 'gpl v3':
+            return types_1.DependencyLicense.GPL3_0;
+        case 'isc':
+            return types_1.DependencyLicense.ISC;
+        case 'mit':
+        case 'the mit license':
+            return types_1.DependencyLicense.MIT;
+        case 'unlicense':
+            return types_1.DependencyLicense.UNLICENSE;
+        case 'zlib':
+            return types_1.DependencyLicense.ZLIB;
+    }
+    console.debug(`license ${s} not recognized`);
+    return undefined;
+};
+// Get all the licenses from a string. Sometimes, there are two licenses in one string
+// such as "MIT OR Apache-2.0". In this case, we return all the licenses in this condition.
+const getLicensesFromString = (s) => {
+    if (!s) {
+        return [];
+    }
+    const licenses = [];
+    if (s.toLowerCase().includes('or')) {
+        for (const lic of s.toLowerCase().split(' or ')) {
+            const l = getLicenseFromString(lic.trim());
+            if (l) {
+                licenses.push(l);
+            }
+        }
+    }
+    else {
+        const lic = getLicenseFromString(s);
+        if (lic) {
+            licenses.push(lic);
+        }
+    }
+    return licenses;
+};
+exports.getLicensesFromString = getLicensesFromString;
+// Get all the licenses of this component. We extract the "licenses" element from the SBOM component.
+// Unfortunately, depending on the SBOM generator, the licenses are generated in a different manner.
+// We attempt to get as much as possible.
+const getLicensesFromComponent = (component) => {
+    var _a;
+    const elementsForLicense = ['id', 'name'];
+    const componentName = component['name'];
+    const licenses = [];
+    // Get the "licenses" attribute of the SBOM component.
+    if (component['licenses']) {
+        for (const license of component['licenses']) {
+            for (const el of elementsForLicense) {
+                // Handle "license": [ {"license": {"id": <license>}} ]
+                if ((_a = license['license']) === null || _a === void 0 ? void 0 : _a[el]) {
+                    for (const l of (0, exports.getLicensesFromString)(license['license'][el])) {
+                        licenses.push(l);
+                    }
+                }
+                // Handle "license": [ {"expression": "MIT"} ]
+                if (license['expression']) {
+                    for (const l of (0, exports.getLicensesFromString)(license['expression'])) {
+                        licenses.push(l);
+                    }
+                }
+            }
+        }
+    }
+    if (licenses.length === 0) {
+        console.log(`license for component ${componentName} not found`);
+    }
+    return licenses;
+};
+exports.getLicensesFromComponent = getLicensesFromComponent;
+//# sourceMappingURL=license.js.map

package/dist/commands/sbom/license.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"license.js","sourceRoot":"","sources":["../../../src/commands/sbom/license.ts"],"names":[],"mappings":";;;AAAA,mCAAyC;AAEzC,uGAAuG;AACvG,+JAA+J;AAC/J,MAAM,oBAAoB,GAAG,CAAC,CAAS,EAAiC,EAAE;IACxE,IAAI,CAAC,CAAC,EAAE;QACN,OAAO,SAAS,CAAA;KACjB;IAED,QAAQ,CAAC,CAAC,WAAW,EAAE,EAAE;QACvB,KAAK,MAAM;YACT,OAAO,yBAAiB,CAAC,OAAO,CAAA;QAClC,KAAK,YAAY,CAAC;QAClB,KAAK,6BAA6B,CAAC;QACnC,KAAK,0CAA0C;YAC7C,OAAO,yBAAiB,CAAC,OAAO,CAAA;QAClC,KAAK,cAAc;YACjB,OAAO,yBAAiB,CAAC,UAAU,CAAA;QACrC,KAAK,cAAc;YACjB,OAAO,yBAAiB,CAAC,UAAU,CAAA;QACrC,KAAK,SAAS;YACZ,OAAO,yBAAiB,CAAC,IAAI,CAAA;QAC/B,KAAK,QAAQ;YACX,OAAO,yBAAiB,CAAC,MAAM,CAAA;QACjC,KAAK,QAAQ;YACX,OAAO,yBAAiB,CAAC,MAAM,CAAA;QACjC,KAAK,KAAK;YACR,OAAO,yBAAiB,CAAC,GAAG,CAAA;QAC9B,KAAK,KAAK,CAAC;QACX,KAAK,iBAAiB;YACpB,OAAO,yBAAiB,CAAC,GAAG,CAAA;QAC9B,KAAK,WAAW;YACd,OAAO,yBAAiB,CAAC,SAAS,CAAA;QACpC,KAAK,MAAM;YACT,OAAO,yBAAiB,CAAC,IAAI,CAAA;KAChC;IAED,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,iBAAiB,CAAC,CAAA;IAE5C,OAAO,SAAS,CAAA;AAClB,CAAC,CAAA;AAED,sFAAsF;AACtF,2FAA2F;AACpF,MAAM,qBAAqB,GAAG,CAAC,CAAS,EAAuB,EAAE;IACtE,IAAI,CAAC,CAAC,EAAE;QACN,OAAO,EAAE,CAAA;KACV;IACD,MAAM,QAAQ,GAAwB,EAAE,CAAA;IAExC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE;QAClC,KAAK,MAAM,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE;YAC/C,MAAM,CAAC,GAAG,oBAAoB,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAA;YAC1C,IAAI,CAAC,EAAE;gBACL,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;aACjB;SACF;KACF;SAAM;QACL,MAAM,GAAG,GAAG,oBAAoB,CAAC,CAAC,CAAC,CAAA;QACnC,IAAI,GAAG,EAAE;YACP,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;SACnB;KACF;IAED,OAAO,QAAQ,CAAA;AACjB,CAAC,CAAA;AArBY,QAAA,qBAAqB,yBAqBjC;AAED,qGAAqG;AACrG,oGAAoG;AACpG,yCAAyC;AAClC,MAAM,wBAAwB,GAAG,CAAC,SAAc,EAAuB,EAAE;;IAC9E,MAAM,kBAAkB,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;IAEzC,MAAM,aAAa,GAAG,SAAS,CAAC,MAAM,CAAC,CAAA;IACvC,MAAM,QAAQ,GAAwB,EAAE,CAAA;IAExC,sDAAsD;IACtD,IAAI,SAAS,CAAC,UAAU,CAAC,EAAE;QACzB,KAAK,MAAM,OAAO,IAAI,SAAS,CAAC,UAAU,CAAC,EAAE;YAC3C,KAAK,MAAM,EAAE,IAAI,kBAAkB,EAAE;gBACnC,uDAAuD;gBACvD,IAAI,MAAA,OAAO,CAAC,SAAS,CAAC,0CAAG,EAAE,CAAC,EAAE;oBAC5B,KAAK,MAAM,CAAC,IAAI,IAAA,6BAAqB,EAAC,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;wBAC7D,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;qBACjB;iBACF;gBAED,8CAA8C;gBAC9C,IAAI,OAAO,CAAC,YAAY,CAAC,EAAE;oBACzB,KAAK,MAAM,CAAC,IAAI,IAAA,6BAAqB,EAAC,OAAO,CAAC,YAAY,CAAC,CAAC,EAAE;wBAC5D,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;qBACjB;iBACF;aACF;SACF;KACF;IAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;QACzB,OAAO,CAAC,GAAG,CAAC,yBAAyB,aAAa,YAAY,CAAC,CAAA;KAChE;IAED,OAAO,QAAQ,CAAA;AACjB,CAAC,CAAA;AAhCY,QAAA,wBAAwB,4BAgCpC"}

package/dist/commands/sbom/payload.d.ts

@@ -1,4 +1,3 @@
 import { SpanTags } from '../../helpers/interfaces';
-import { SBOMPayload } from './protobuf/sbom_intake';
-import { SbomPayloadData } from './types';
-export declare const generatePayload: (payloadData: SbomPayloadData, service: string, tags: SpanTags) => SBOMPayload;
+import { ScaRequest } from './types';
+export declare const generatePayload: (jsonContent: any, tags: SpanTags) => ScaRequest | undefined;

package/dist/commands/sbom/payload.js

@@ -4,25 +4,59 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.generatePayload = void 0;
-const os_1 = __importDefault(require("os"));
-const bom_1_4_1 = require("./protobuf/bom-1.4");
-const sbom_intake_1 = require("./protobuf/sbom_intake");
-const generatePayload = (payloadData, service, tags) => {
-    const spanTagsAsStringArray = Object.keys(tags).map((key) => `${key}:${tags[key]}`);
-    return sbom_intake_1.SBOMPayload.create({
-        host: os_1.default.hostname(),
-        source: 'CI',
-        entities: [
-            sbom_intake_1.SBOMEntity.create({
-                id: service,
-                type: sbom_intake_1.SBOMSourceType.CI_PIPELINE,
-                inUse: true,
-                generatedAt: new Date(),
-                ddTags: spanTagsAsStringArray,
-                cyclonedx: bom_1_4_1.Bom.fromJSON(payloadData.content),
-            }),
-        ],
-    });
+const crypto_1 = __importDefault(require("crypto"));
+const tags_1 = require("../../helpers/tags");
+const language_1 = require("./language");
+const license_1 = require("./license");
+// Generate the payload we send to the API
+// jsonContent is the SBOM file content read from disk
+// tags are the list of tags we retrieved
+const generatePayload = (jsonContent, tags) => {
+    if (!tags[tags_1.GIT_COMMIT_AUTHOR_EMAIL] ||
+        !tags[tags_1.GIT_COMMIT_AUTHOR_NAME] ||
+        !tags[tags_1.GIT_SHA] ||
+        !tags[tags_1.GIT_BRANCH] ||
+        !tags[tags_1.GIT_REPOSITORY_URL]) {
+        return undefined;
+    }
+    const dependencies = [];
+    if (jsonContent) {
+        if (jsonContent['components']) {
+            for (const component of jsonContent['components']) {
+                if (!component['type'] || !component['name'] || !component['version']) {
+                    continue;
+                }
+                if (component['type'] !== 'library') {
+                    continue;
+                }
+                const lang = (0, language_1.getLanguageFromComponent)(component);
+                if (!lang) {
+                    continue;
+                }
+                const dependency = {
+                    name: component['name'],
+                    version: component['version'],
+                    language: lang,
+                    licenses: (0, license_1.getLicensesFromComponent)(component),
+                };
+                dependencies.push(dependency);
+            }
+        }
+    }
+    return {
+        id: crypto_1.default.randomUUID(),
+        commit: {
+            author_name: tags[tags_1.GIT_COMMIT_AUTHOR_NAME],
+            author_email: tags[tags_1.GIT_COMMIT_AUTHOR_EMAIL],
+            sha: tags[tags_1.GIT_SHA],
+            branch: tags[tags_1.GIT_BRANCH],
+        },
+        repository: {
+            url: tags[tags_1.GIT_REPOSITORY_URL],
+        },
+        tags,
+        dependencies,
+    };
 };
 exports.generatePayload = generatePayload;
 //# sourceMappingURL=payload.js.map

package/dist/commands/sbom/payload.js.map

@@ -1 +1 @@
-{"version":3,"file":"payload.js","sourceRoot":"","sources":["../../../src/commands/sbom/payload.ts"],"names":[],"mappings":";;;;;;AAAA,4CAAmB;AAInB,gDAAsC;AACtC,wDAA8E;AAGvE,MAAM,eAAe,GAAG,CAAC,WAA4B,EAAE,OAAe,EAAE,IAAc,EAAe,EAAE;IAC5G,MAAM,qBAAqB,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,IAAI,CAAC,GAAqB,CAAC,EAAE,CAAC,CAAA;IAErG,OAAO,yBAAW,CAAC,MAAM,CAAC;QACxB,IAAI,EAAE,YAAE,CAAC,QAAQ,EAAE;QACnB,MAAM,EAAE,IAAI;QACZ,QAAQ,EAAE;YACR,wBAAU,CAAC,MAAM,CAAC;gBAChB,EAAE,EAAE,OAAO;gBACX,IAAI,EAAE,4BAAc,CAAC,WAAW;gBAChC,KAAK,EAAE,IAAI;gBACX,WAAW,EAAE,IAAI,IAAI,EAAE;gBACvB,MAAM,EAAE,qBAAqB;gBAC7B,SAAS,EAAE,aAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,OAAO,CAAC;aAC7C,CAAC;SACH;KACF,CAAC,CAAA;AACJ,CAAC,CAAA;AAjBY,QAAA,eAAe,mBAiB3B"}
+{"version":3,"file":"payload.js","sourceRoot":"","sources":["../../../src/commands/sbom/payload.ts"],"names":[],"mappings":";;;;;;AAAA,oDAA2B;AAG3B,6CAM2B;AAE3B,yCAAmD;AACnD,uCAAkD;AAGlD,0CAA0C;AAC1C,sDAAsD;AACtD,yCAAyC;AAClC,MAAM,eAAe,GAAG,CAAC,WAAgB,EAAE,IAAc,EAA0B,EAAE;IAC1F,IACE,CAAC,IAAI,CAAC,8BAAuB,CAAC;QAC9B,CAAC,IAAI,CAAC,6BAAsB,CAAC;QAC7B,CAAC,IAAI,CAAC,cAAO,CAAC;QACd,CAAC,IAAI,CAAC,iBAAU,CAAC;QACjB,CAAC,IAAI,CAAC,yBAAkB,CAAC,EACzB;QACA,OAAO,SAAS,CAAA;KACjB;IAED,MAAM,YAAY,GAAiB,EAAE,CAAA;IAErC,IAAI,WAAW,EAAE;QACf,IAAI,WAAW,CAAC,YAAY,CAAC,EAAE;YAC7B,KAAK,MAAM,SAAS,IAAI,WAAW,CAAC,YAAY,CAAC,EAAE;gBACjD,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE;oBACrE,SAAQ;iBACT;gBACD,IAAI,SAAS,CAAC,MAAM,CAAC,KAAK,SAAS,EAAE;oBACnC,SAAQ;iBACT;gBAED,MAAM,IAAI,GAAG,IAAA,mCAAwB,EAAC,SAAS,CAAC,CAAA;gBAEhD,IAAI,CAAC,IAAI,EAAE;oBACT,SAAQ;iBACT;gBAED,MAAM,UAAU,GAAe;oBAC7B,IAAI,EAAE,SAAS,CAAC,MAAM,CAAC;oBACvB,OAAO,EAAE,SAAS,CAAC,SAAS,CAAC;oBAC7B,QAAQ,EAAE,IAAI;oBACd,QAAQ,EAAE,IAAA,kCAAwB,EAAC,SAAS,CAAC;iBAC9C,CAAA;gBACD,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;aAC9B;SACF;KACF;IAED,OAAO;QACL,EAAE,EAAE,gBAAM,CAAC,UAAU,EAAE;QACvB,MAAM,EAAE;YACN,WAAW,EAAE,IAAI,CAAC,6BAAsB,CAAC;YACzC,YAAY,EAAE,IAAI,CAAC,8BAAuB,CAAC;YAC3C,GAAG,EAAE,IAAI,CAAC,cAAO,CAAC;YAClB,MAAM,EAAE,IAAI,CAAC,iBAAU,CAAC;SACzB;QACD,UAAU,EAAE;YACV,GAAG,EAAE,IAAI,CAAC,yBAAkB,CAAC;SAC9B;QACD,IAAI;QACJ,YAAY;KACb,CAAA;AACH,CAAC,CAAA;AAtDY,QAAA,eAAe,mBAsD3B"}

package/dist/commands/sbom/types.d.ts

@@ -1,4 +1,69 @@
-export interface SbomPayloadData {
-    filePath: string;
-    content: any;
+export declare enum DependencyLanguage {
+    NPM = "node",
+    PYPI = "pypi",
+    PHP = "php",
+    RUST = "rust",
+    RUBY = "ruby",
+    GO = "go",
+    JVM = "jvm"
+}
+export declare enum DependencyLicense {
+    AFL3 = "AFL-3.0",
+    APACHE2 = "Apache-2.0",
+    ARTISTIC2 = "Artistic-2.0",
+    BSL1 = "BSL-1.0",
+    BSD2CLAUSE = "BSD-2-Clause",
+    BSD3CLAUSE = "BSD-3-Clause",
+    BSD3CLAUSECLEAR = "BSD-3-Clause-Clear",
+    BSD4CLAUSE = "BSD-4-Clause",
+    ZEROBSD = "0BSD",
+    CC = "CC",
+    CC0_1_0 = "CC0-1.0",
+    CC_BY_4_0 = "CC-BY-4.0",
+    CC_BY_SA_4_0 = "CC-BY-SA-4.0",
+    WTFPL = "WTFPL",
+    ECL2_0 = "ECL-2.0",
+    EPL1_0 = "EPL-1.0",
+    EPL2_0 = "EPL-2.0",
+    EUPL1_1 = "EUPL-1.1",
+    AGPL3_0 = "AGPL-3.0",
+    GPL = "GPL",
+    GPL2_0 = "GPL-2.0",
+    GPL3_0 = "GPL-3.0",
+    LGPL = "LGPL",
+    LGPL2_1 = "LGPL-2.1",
+    LGPL3_0 = "LGPL-3.0",
+    ISC = "ISC",
+    LPPL_1_3C = "LPPL-1.3c",
+    MS_PL = "MS-PL",
+    MIT = "MIT",
+    MPL_2_0 = "MPL-2.0",
+    OSL_3_0 = "OSL-3.0",
+    POSTGRESQL = "PostgreSQL",
+    OFL_1_1 = "OFL-1.1",
+    NCSA = "NCSA",
+    UNLICENSE = "Unlicense",
+    ZLIB = "Zlib"
+}
+export interface Dependency {
+    name: string;
+    version: string;
+    language: DependencyLanguage;
+    licenses: DependencyLicense[];
+}
+export interface CommitInformation {
+    author_name: string;
+    author_email: string;
+    sha: string;
+    branch: string;
+}
+export interface RepositoryInformation {
+    url: string;
+}
+export interface ScaRequest {
+    id: string;
+    commit: CommitInformation;
+    repository: RepositoryInformation;
+    dependencies: Dependency[];
+    tags: Record<string, string>;
 }

package/dist/commands/sbom/types.js

@@ -1,3 +1,54 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.DependencyLicense = exports.DependencyLanguage = void 0;
+var DependencyLanguage;
+(function (DependencyLanguage) {
+    DependencyLanguage["NPM"] = "node";
+    DependencyLanguage["PYPI"] = "pypi";
+    DependencyLanguage["PHP"] = "php";
+    DependencyLanguage["RUST"] = "rust";
+    DependencyLanguage["RUBY"] = "ruby";
+    DependencyLanguage["GO"] = "go";
+    DependencyLanguage["JVM"] = "jvm";
+})(DependencyLanguage || (exports.DependencyLanguage = DependencyLanguage = {}));
+// List from https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/licensing-a-repository
+var DependencyLicense;
+(function (DependencyLicense) {
+    DependencyLicense["AFL3"] = "AFL-3.0";
+    DependencyLicense["APACHE2"] = "Apache-2.0";
+    DependencyLicense["ARTISTIC2"] = "Artistic-2.0";
+    DependencyLicense["BSL1"] = "BSL-1.0";
+    DependencyLicense["BSD2CLAUSE"] = "BSD-2-Clause";
+    DependencyLicense["BSD3CLAUSE"] = "BSD-3-Clause";
+    DependencyLicense["BSD3CLAUSECLEAR"] = "BSD-3-Clause-Clear";
+    DependencyLicense["BSD4CLAUSE"] = "BSD-4-Clause";
+    DependencyLicense["ZEROBSD"] = "0BSD";
+    DependencyLicense["CC"] = "CC";
+    DependencyLicense["CC0_1_0"] = "CC0-1.0";
+    DependencyLicense["CC_BY_4_0"] = "CC-BY-4.0";
+    DependencyLicense["CC_BY_SA_4_0"] = "CC-BY-SA-4.0";
+    DependencyLicense["WTFPL"] = "WTFPL";
+    DependencyLicense["ECL2_0"] = "ECL-2.0";
+    DependencyLicense["EPL1_0"] = "EPL-1.0";
+    DependencyLicense["EPL2_0"] = "EPL-2.0";
+    DependencyLicense["EUPL1_1"] = "EUPL-1.1";
+    DependencyLicense["AGPL3_0"] = "AGPL-3.0";
+    DependencyLicense["GPL"] = "GPL";
+    DependencyLicense["GPL2_0"] = "GPL-2.0";
+    DependencyLicense["GPL3_0"] = "GPL-3.0";
+    DependencyLicense["LGPL"] = "LGPL";
+    DependencyLicense["LGPL2_1"] = "LGPL-2.1";
+    DependencyLicense["LGPL3_0"] = "LGPL-3.0";
+    DependencyLicense["ISC"] = "ISC";
+    DependencyLicense["LPPL_1_3C"] = "LPPL-1.3c";
+    DependencyLicense["MS_PL"] = "MS-PL";
+    DependencyLicense["MIT"] = "MIT";
+    DependencyLicense["MPL_2_0"] = "MPL-2.0";
+    DependencyLicense["OSL_3_0"] = "OSL-3.0";
+    DependencyLicense["POSTGRESQL"] = "PostgreSQL";
+    DependencyLicense["OFL_1_1"] = "OFL-1.1";
+    DependencyLicense["NCSA"] = "NCSA";
+    DependencyLicense["UNLICENSE"] = "Unlicense";
+    DependencyLicense["ZLIB"] = "Zlib";
+})(DependencyLicense || (exports.DependencyLicense = DependencyLicense = {}));
 //# sourceMappingURL=types.js.map

package/dist/commands/sbom/types.js.map

@@ -1 +1 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/commands/sbom/types.ts"],"names":[],"mappings":""}
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/commands/sbom/types.ts"],"names":[],"mappings":";;;AAAA,IAAY,kBAQX;AARD,WAAY,kBAAkB;IAC5B,kCAAY,CAAA;IACZ,mCAAa,CAAA;IACb,iCAAW,CAAA;IACX,mCAAa,CAAA;IACb,mCAAa,CAAA;IACb,+BAAS,CAAA;IACT,iCAAW,CAAA;AACb,CAAC,EARW,kBAAkB,kCAAlB,kBAAkB,QAQ7B;AAED,uJAAuJ;AACvJ,IAAY,iBAqCX;AArCD,WAAY,iBAAiB;IAC3B,qCAAgB,CAAA;IAChB,2CAAsB,CAAA;IACtB,+CAA0B,CAAA;IAC1B,qCAAgB,CAAA;IAChB,gDAA2B,CAAA;IAC3B,gDAA2B,CAAA;IAC3B,2DAAsC,CAAA;IACtC,gDAA2B,CAAA;IAC3B,qCAAgB,CAAA;IAChB,8BAAS,CAAA;IACT,wCAAmB,CAAA;IACnB,4CAAuB,CAAA;IACvB,kDAA6B,CAAA;IAC7B,oCAAe,CAAA;IACf,uCAAkB,CAAA;IAClB,uCAAkB,CAAA;IAClB,uCAAkB,CAAA;IAClB,yCAAoB,CAAA;IACpB,yCAAoB,CAAA;IACpB,gCAAW,CAAA;IACX,uCAAkB,CAAA;IAClB,uCAAkB,CAAA;IAClB,kCAAa,CAAA;IACb,yCAAoB,CAAA;IACpB,yCAAoB,CAAA;IACpB,gCAAW,CAAA;IACX,4CAAuB,CAAA;IACvB,oCAAe,CAAA;IACf,gCAAW,CAAA;IACX,wCAAmB,CAAA;IACnB,wCAAmB,CAAA;IACnB,8CAAyB,CAAA;IACzB,wCAAmB,CAAA;IACnB,kCAAa,CAAA;IACb,4CAAuB,CAAA;IACvB,kCAAa,CAAA;AACf,CAAC,EArCW,iBAAiB,iCAAjB,iBAAiB,QAqC5B"}

package/dist/commands/sbom/upload.js

@@ -20,7 +20,6 @@ const clipanion_1 = require("clipanion");
 const tags_1 = require("../../helpers/tags");
 const api_1 = require("./api");
 const payload_1 = require("./payload");
-const sbom_intake_1 = require("./protobuf/sbom_intake");
 const validation_1 = require("./validation");
 class UploadSbomCommand extends clipanion_1.Command {
     constructor() {
@@ -32,6 +31,7 @@ class UploadSbomCommand extends clipanion_1.Command {
         this.debug = clipanion_1.Option.Boolean('--debug');
         this.config = {
             apiKey: process_1.default.env.DATADOG_API_KEY || process_1.default.env.DD_API_KEY,
+            appKey: process_1.default.env.DATADOG_APP_KEY || process_1.default.env.DD_APP_KEY || '',
             env: process_1.default.env.DD_ENV,
             envVarTags: process_1.default.env.DD_TAGS,
         };
@@ -60,33 +60,32 @@ class UploadSbomCommand extends clipanion_1.Command {
                 this.context.stderr.write('API key not defined\n');
                 return 1;
             }
-            const api = (0, api_1.getApiHelper)(this.config.apiKey);
-            const spanTags = yield (0, tags_1.getSpanTags)(this.config, this.tags);
+            // Get the API helper to send the payload
+            const api = (0, api_1.getApiHelper)(this.config.apiKey, this.config.appKey);
+            const tags = yield (0, tags_1.getSpanTags)(this.config, this.tags);
             const validator = (0, validation_1.getValidator)();
             for (const basePath of this.basePaths) {
                 if (this.debug) {
                     this.context.stdout.write(`Processing file ${basePath}\n`);
                 }
                 if ((0, validation_1.validateSbomFile)(basePath, validator, !!this.debug)) {
-                    // Get the payload to upload
-                    const payloadData = {
-                        filePath: basePath,
-                        content: JSON.parse(fs_1.default.readFileSync(basePath).toString('utf8')),
-                    };
-                    // If debug mode is activated, we write the payload in a file
-                    if (this.debug) {
-                        const debugFilePath = `${basePath}.payload.pbytes`;
-                        this.context.stdout.write(`Writing payload for debugging in: ${debugFilePath}\n`);
-                        const payloadBytes = sbom_intake_1.SBOMPayload.toJSON((0, payload_1.generatePayload)(payloadData, service, spanTags));
-                        fs_1.default.writeFileSync(debugFilePath, JSON.stringify(payloadBytes));
-                    }
+                    const filePath = basePath;
+                    const jsonContent = JSON.parse(fs_1.default.readFileSync(basePath).toString('utf8'));
                     // Upload content
                     try {
-                        const response = yield api((0, payload_1.generatePayload)(payloadData, service, spanTags));
+                        const scaPayload = (0, payload_1.generatePayload)(jsonContent, tags);
+                        if (!scaPayload) {
+                            console.log(`Cannot generate payload for file ${filePath}`);
+                            continue;
+                        }
+                        const startTimeMs = Date.now();
+                        const response = yield api(scaPayload);
+                        const endTimeMs = Date.now();
                         if (this.debug) {
                             this.context.stdout.write(`Upload done, status: ${response.status}\n`);
                         }
-                        this.context.stdout.write(`File ${basePath} successfully uploaded\n`);
+                        const apiTimeMs = endTimeMs - startTimeMs;
+                        this.context.stdout.write(`File ${basePath} successfully uploaded in ${apiTimeMs} ms\n`);
                     }
                     catch (error) {
                         process_1.default.stderr.write(`Error while writing the payload: ${error.message}\n`);

package/dist/commands/sbom/upload.js.map

@@ -1 +1 @@
-{"version":3,"file":"upload.js","sourceRoot":"","sources":["../../../src/commands/sbom/upload.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,4CAAmB;AACnB,sDAA6B;AAI7B,kDAAyB;AACzB,yCAAyC;AAEzC,6CAA8C;AAE9C,+BAAkC;AAClC,uCAAyC;AACzC,wDAAkD;AAElD,6CAA2D;AAE3D,MAAa,iBAAkB,SAAQ,mBAAO;IAA9C;;QAWU,cAAS,GAAG,kBAAM,CAAC,IAAI,CAAC,EAAC,QAAQ,EAAE,CAAC,EAAC,CAAC,CAAA;QACtC,YAAO,GAAG,kBAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAA;QACpC,QAAG,GAAG,kBAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;QAC5B,SAAI,GAAG,kBAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAA;QAC7B,UAAK,GAAG,kBAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;QAEjC,WAAM,GAAG;YACf,MAAM,EAAE,iBAAO,CAAC,GAAG,CAAC,eAAe,IAAI,iBAAO,CAAC,GAAG,CAAC,UAAU;YAC7D,GAAG,EAAE,iBAAO,CAAC,GAAG,CAAC,MAAM;YACvB,UAAU,EAAE,iBAAO,CAAC,GAAG,CAAC,OAAO;SAChC,CAAA;IAkFH,CAAC;IAhFC;;;OAGG;IACU,OAAO;;YAClB,MAAM,OAAO,GAAuB,IAAI,CAAC,OAAO,IAAI,iBAAO,CAAC,GAAG,CAAC,UAAU,CAAA;YAE1E,IAAI,CAAC,OAAO,EAAE;gBACZ,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAA;gBAE9C,OAAO,CAAC,CAAA;aACT;YAED,IAAI,CAAC,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,CAAA;YAE7C,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE;gBACpB,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,CAAA;gBAE1C,OAAO,CAAC,CAAA;aACT;YAED,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE;gBAC7C,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAA;gBAE/C,OAAO,CAAC,CAAA;aACT;YAED,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;gBACvB,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAA;gBAElD,OAAO,CAAC,CAAA;aACT;YAED,MAAM,GAAG,GAA8D,IAAA,kBAAY,EAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;YAEvG,MAAM,QAAQ,GAAG,MAAM,IAAA,kBAAW,EAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,CAAA;YAE1D,MAAM,SAAS,GAAQ,IAAA,yBAAY,GAAE,CAAA;YACrC,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS,EAAE;gBACrC,IAAI,IAAI,CAAC,KAAK,EAAE;oBACd,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,QAAQ,IAAI,CAAC,CAAA;iBAC3D;gBAED,IAAI,IAAA,6BAAgB,EAAC,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE;oBACvD,4BAA4B;oBAC5B,MAAM,WAAW,GAAoB;wBACnC,QAAQ,EAAE,QAAQ;wBAClB,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,YAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;qBAChE,CAAA;oBAED,6DAA6D;oBAC7D,IAAI,IAAI,CAAC,KAAK,EAAE;wBACd,MAAM,aAAa,GAAG,GAAG,QAAQ,iBAAiB,CAAA;wBAClD,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,qCAAqC,aAAa,IAAI,CAAC,CAAA;wBACjF,MAAM,YAAY,GAAG,yBAAW,CAAC,MAAM,CAAC,IAAA,yBAAe,EAAC,WAAW,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAA;wBACxF,YAAE,CAAC,aAAa,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,CAAA;qBAC9D;oBAED,iBAAiB;oBACjB,IAAI;wBACF,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,IAAA,yBAAe,EAAC,WAAW,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAA;wBAC3E,IAAI,IAAI,CAAC,KAAK,EAAE;4BACd,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,wBAAwB,QAAQ,CAAC,MAAM,IAAI,CAAC,CAAA;yBACvE;wBACD,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,QAAQ,0BAA0B,CAAC,CAAA;qBACtE;oBAAC,OAAO,KAAK,EAAE;wBACd,iBAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oCAAoC,KAAK,CAAC,OAAO,IAAI,CAAC,CAAA;wBAC3E,IAAI,KAAK,CAAC,QAAQ,EAAE;4BAClB,iBAAO,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,KAAK,CAAC,QAAQ,CAAC,MAAM,IAAI,CAAC,CAAA;yBAC/D;qBACF;iBACF;qBAAM;oBACL,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,eAAK,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,8BAA8B,CAAC,CAAA;iBAC1F;aACF;YAED,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAA;YAE9C,OAAO,CAAC,CAAA;QACV,CAAC;KAAA;;AAtGH,8CAuGC;AAtGe,uBAAK,GAAG,CAAC,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,AAAvB,CAAuB;AAE5B,uBAAK,GAAG,mBAAO,CAAC,KAAK,CAAC;IAClC,WAAW,EAAE,+BAA+B;IAC5C,OAAO,EAAE;;KAER;IACD,QAAQ,EAAE,CAAC,CAAC,gCAAgC,EAAE,uDAAuD,CAAC,CAAC;CACxG,CAAC,AANiB,CAMjB"}
+{"version":3,"file":"upload.js","sourceRoot":"","sources":["../../../src/commands/sbom/upload.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,4CAAmB;AACnB,sDAA6B;AAI7B,kDAAyB;AACzB,yCAAyC;AAEzC,6CAA8C;AAE9C,+BAAkC;AAClC,uCAAyC;AAEzC,6CAA2D;AAE3D,MAAa,iBAAkB,SAAQ,mBAAO;IAA9C;;QAWU,cAAS,GAAG,kBAAM,CAAC,IAAI,CAAC,EAAC,QAAQ,EAAE,CAAC,EAAC,CAAC,CAAA;QACtC,YAAO,GAAG,kBAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAA;QACpC,QAAG,GAAG,kBAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;QAC5B,SAAI,GAAG,kBAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAA;QAC7B,UAAK,GAAG,kBAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;QAEjC,WAAM,GAAG;YACf,MAAM,EAAE,iBAAO,CAAC,GAAG,CAAC,eAAe,IAAI,iBAAO,CAAC,GAAG,CAAC,UAAU;YAC7D,MAAM,EAAE,iBAAO,CAAC,GAAG,CAAC,eAAe,IAAI,iBAAO,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE;YACnE,GAAG,EAAE,iBAAO,CAAC,GAAG,CAAC,MAAM;YACvB,UAAU,EAAE,iBAAO,CAAC,GAAG,CAAC,OAAO;SAChC,CAAA;IAqFH,CAAC;IAnFC;;;OAGG;IACU,OAAO;;YAClB,MAAM,OAAO,GAAuB,IAAI,CAAC,OAAO,IAAI,iBAAO,CAAC,GAAG,CAAC,UAAU,CAAA;YAE1E,IAAI,CAAC,OAAO,EAAE;gBACZ,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAA;gBAE9C,OAAO,CAAC,CAAA;aACT;YAED,IAAI,CAAC,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,CAAA;YAE7C,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE;gBACpB,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,CAAA;gBAE1C,OAAO,CAAC,CAAA;aACT;YAED,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE;gBAC7C,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAA;gBAE/C,OAAO,CAAC,CAAA;aACT;YAED,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;gBACvB,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAA;gBAElD,OAAO,CAAC,CAAA;aACT;YAED,yCAAyC;YACzC,MAAM,GAAG,GAA6D,IAAA,kBAAY,EAChF,IAAI,CAAC,MAAM,CAAC,MAAM,EAClB,IAAI,CAAC,MAAM,CAAC,MAAM,CACnB,CAAA;YAED,MAAM,IAAI,GAAG,MAAM,IAAA,kBAAW,EAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,CAAA;YAEtD,MAAM,SAAS,GAAQ,IAAA,yBAAY,GAAE,CAAA;YACrC,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS,EAAE;gBACrC,IAAI,IAAI,CAAC,KAAK,EAAE;oBACd,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,QAAQ,IAAI,CAAC,CAAA;iBAC3D;gBAED,IAAI,IAAA,6BAAgB,EAAC,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE;oBACvD,MAAM,QAAQ,GAAG,QAAQ,CAAA;oBACzB,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,YAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAA;oBAE1E,iBAAiB;oBACjB,IAAI;wBACF,MAAM,UAAU,GAAG,IAAA,yBAAe,EAAC,WAAW,EAAE,IAAI,CAAC,CAAA;wBAErD,IAAI,CAAC,UAAU,EAAE;4BACf,OAAO,CAAC,GAAG,CAAC,oCAAoC,QAAQ,EAAE,CAAC,CAAA;4BAC3D,SAAQ;yBACT;wBAED,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;wBAC9B,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,CAAA;wBACtC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;wBAC5B,IAAI,IAAI,CAAC,KAAK,EAAE;4BACd,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,wBAAwB,QAAQ,CAAC,MAAM,IAAI,CAAC,CAAA;yBACvE;wBACD,MAAM,SAAS,GAAG,SAAS,GAAG,WAAW,CAAA;wBACzC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,QAAQ,6BAA6B,SAAS,OAAO,CAAC,CAAA;qBACzF;oBAAC,OAAO,KAAK,EAAE;wBACd,iBAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oCAAoC,KAAK,CAAC,OAAO,IAAI,CAAC,CAAA;wBAC3E,IAAI,KAAK,CAAC,QAAQ,EAAE;4BAClB,iBAAO,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,KAAK,CAAC,QAAQ,CAAC,MAAM,IAAI,CAAC,CAAA;yBAC/D;qBACF;iBACF;qBAAM;oBACL,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,eAAK,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,8BAA8B,CAAC,CAAA;iBAC1F;aACF;YAED,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAA;YAE9C,OAAO,CAAC,CAAA;QACV,CAAC;KAAA;;AA1GH,8CA2GC;AA1Ge,uBAAK,GAAG,CAAC,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,AAAvB,CAAuB;AAE5B,uBAAK,GAAG,mBAAO,CAAC,KAAK,CAAC;IAClC,WAAW,EAAE,+BAA+B;IAC5C,OAAO,EAAE;;KAER;IACD,QAAQ,EAAE,CAAC,CAAC,gCAAgC,EAAE,uDAAuD,CAAC,CAAC;CACxG,CAAC,AANiB,CAMjB"}

package/dist/constants.d.ts

@@ -7,6 +7,7 @@ export declare const DATADOG_SITE_GOV = "ddog-gov.com";
 export declare const DATADOG_SITES: string[];
 export declare const CONTENT_TYPE_HEADER = "Content-Type";
 export declare const CONTENT_TYPE_VALUE_PROTOBUF = "application/x-protobuf";
+export declare const CONTENT_TYPE_VALUE_JSON = "application/json";
 export declare const METHOD_POST = "post";
 export declare const SERVICE_ENV_VAR = "DD_SERVICE";
 export declare const ENVIRONMENT_ENV_VAR = "DD_ENV";

package/dist/constants.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.FLARE_PROJECT_FILES = exports.FLARE_ENDPOINT_PATH = exports.INSIGHTS_FILE_NAME = exports.ADDITIONAL_FILES_DIRECTORY = exports.PROJECT_FILES_DIRECTORY = exports.LOGS_DIRECTORY = exports.FLARE_OUTPUT_DIRECTORY = exports.SITE_ENV_VAR = exports.CI_SITE_ENV_VAR = exports.CI_API_KEY_ENV_VAR = exports.API_KEY_ENV_VAR = exports.VERSION_ENV_VAR = exports.ENVIRONMENT_ENV_VAR = exports.SERVICE_ENV_VAR = exports.METHOD_POST = exports.CONTENT_TYPE_VALUE_PROTOBUF = exports.CONTENT_TYPE_HEADER = exports.DATADOG_SITES = exports.DATADOG_SITE_GOV = exports.DATADOG_SITE_AP1 = exports.DATADOG_SITE_US5 = exports.DATADOG_SITE_US3 = exports.DATADOG_SITE_EU1 = exports.DATADOG_SITE_US1 = void 0;
+exports.FLARE_PROJECT_FILES = exports.FLARE_ENDPOINT_PATH = exports.INSIGHTS_FILE_NAME = exports.ADDITIONAL_FILES_DIRECTORY = exports.PROJECT_FILES_DIRECTORY = exports.LOGS_DIRECTORY = exports.FLARE_OUTPUT_DIRECTORY = exports.SITE_ENV_VAR = exports.CI_SITE_ENV_VAR = exports.CI_API_KEY_ENV_VAR = exports.API_KEY_ENV_VAR = exports.VERSION_ENV_VAR = exports.ENVIRONMENT_ENV_VAR = exports.SERVICE_ENV_VAR = exports.METHOD_POST = exports.CONTENT_TYPE_VALUE_JSON = exports.CONTENT_TYPE_VALUE_PROTOBUF = exports.CONTENT_TYPE_HEADER = exports.DATADOG_SITES = exports.DATADOG_SITE_GOV = exports.DATADOG_SITE_AP1 = exports.DATADOG_SITE_US5 = exports.DATADOG_SITE_US3 = exports.DATADOG_SITE_EU1 = exports.DATADOG_SITE_US1 = void 0;
 exports.DATADOG_SITE_US1 = 'datadoghq.com';
 exports.DATADOG_SITE_EU1 = 'datadoghq.eu';
 exports.DATADOG_SITE_US3 = 'us3.datadoghq.com';
@@ -17,6 +17,7 @@ exports.DATADOG_SITES = [
 ];
 exports.CONTENT_TYPE_HEADER = 'Content-Type';
 exports.CONTENT_TYPE_VALUE_PROTOBUF = 'application/x-protobuf';
+exports.CONTENT_TYPE_VALUE_JSON = 'application/json';
 exports.METHOD_POST = 'post';
 // Tagging env vars
 exports.SERVICE_ENV_VAR = 'DD_SERVICE';

package/dist/constants.js.map

@@ -1 +1 @@
-{"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":";;;AAAa,QAAA,gBAAgB,GAAG,eAAe,CAAA;AAClC,QAAA,gBAAgB,GAAG,cAAc,CAAA;AACjC,QAAA,gBAAgB,GAAG,mBAAmB,CAAA;AACtC,QAAA,gBAAgB,GAAG,mBAAmB,CAAA;AACtC,QAAA,gBAAgB,GAAG,mBAAmB,CAAA;AACtC,QAAA,gBAAgB,GAAG,cAAc,CAAA;AAEjC,QAAA,aAAa,GAAa;IACrC,wBAAgB;IAChB,wBAAgB;IAChB,wBAAgB;IAChB,wBAAgB;IAChB,wBAAgB;IAChB,wBAAgB;CACjB,CAAA;AAEY,QAAA,mBAAmB,GAAG,cAAc,CAAA;AACpC,QAAA,2BAA2B,GAAG,wBAAwB,CAAA;AAEtD,QAAA,WAAW,GAAG,MAAM,CAAA;AAEjC,mBAAmB;AACN,QAAA,eAAe,GAAG,YAAY,CAAA;AAC9B,QAAA,mBAAmB,GAAG,QAAQ,CAAA;AAC9B,QAAA,eAAe,GAAG,YAAY,CAAA;AAE3C,iDAAiD;AACpC,QAAA,eAAe,GAAG,YAAY,CAAA;AAC9B,QAAA,kBAAkB,GAAG,iBAAiB,CAAA;AACtC,QAAA,eAAe,GAAG,cAAc,CAAA;AAChC,QAAA,YAAY,GAAG,SAAS,CAAA;AAErC,kBAAkB;AACL,QAAA,sBAAsB,GAAG,aAAa,CAAA;AACtC,QAAA,cAAc,GAAG,MAAM,CAAA;AACvB,QAAA,uBAAuB,GAAG,eAAe,CAAA;AACzC,QAAA,0BAA0B,GAAG,kBAAkB,CAAA;AAC/C,QAAA,kBAAkB,GAAG,aAAa,CAAA;AAClC,QAAA,mBAAmB,GAAG,kCAAkC,CAAA;AAErE,uCAAuC;AAC1B,QAAA,mBAAmB,GAAG;IACjC,kCAAkC;IAClC,kCAAkC;IAClC,iCAAiC;IACjC,mCAAmC;IACnC,UAAU;IACV,cAAc;IACd,mBAAmB;IACnB,WAAW;IACX,QAAQ;IACR,SAAS;IACT,kBAAkB;IAClB,SAAS;IACT,cAAc;IACd,gBAAgB;IAChB,OAAO;IACP,SAAS;IACT,cAAc;IACd,SAAS;IACT,aAAa;IACb,KAAK;IACL,UAAU;IACV,QAAQ;IACR,QAAQ;IACR,YAAY;IACZ,UAAU;IACV,OAAO;IACP,SAAS;IACT,cAAc;IACd,OAAO;IACP,cAAc;IACd,iBAAiB;IACjB,kBAAkB;IAClB,aAAa;IACb,SAAS;IACT,YAAY;IACZ,qBAAqB;IACrB,oBAAoB;IACpB,oBAAoB;IACpB,mBAAmB;IACnB,UAAU;IACV,eAAe;IACf,mBAAmB;CACpB,CAAA"}
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":";;;AAAa,QAAA,gBAAgB,GAAG,eAAe,CAAA;AAClC,QAAA,gBAAgB,GAAG,cAAc,CAAA;AACjC,QAAA,gBAAgB,GAAG,mBAAmB,CAAA;AACtC,QAAA,gBAAgB,GAAG,mBAAmB,CAAA;AACtC,QAAA,gBAAgB,GAAG,mBAAmB,CAAA;AACtC,QAAA,gBAAgB,GAAG,cAAc,CAAA;AAEjC,QAAA,aAAa,GAAa;IACrC,wBAAgB;IAChB,wBAAgB;IAChB,wBAAgB;IAChB,wBAAgB;IAChB,wBAAgB;IAChB,wBAAgB;CACjB,CAAA;AAEY,QAAA,mBAAmB,GAAG,cAAc,CAAA;AACpC,QAAA,2BAA2B,GAAG,wBAAwB,CAAA;AACtD,QAAA,uBAAuB,GAAG,kBAAkB,CAAA;AAE5C,QAAA,WAAW,GAAG,MAAM,CAAA;AAEjC,mBAAmB;AACN,QAAA,eAAe,GAAG,YAAY,CAAA;AAC9B,QAAA,mBAAmB,GAAG,QAAQ,CAAA;AAC9B,QAAA,eAAe,GAAG,YAAY,CAAA;AAE3C,iDAAiD;AACpC,QAAA,eAAe,GAAG,YAAY,CAAA;AAC9B,QAAA,kBAAkB,GAAG,iBAAiB,CAAA;AACtC,QAAA,eAAe,GAAG,cAAc,CAAA;AAChC,QAAA,YAAY,GAAG,SAAS,CAAA;AAErC,kBAAkB;AACL,QAAA,sBAAsB,GAAG,aAAa,CAAA;AACtC,QAAA,cAAc,GAAG,MAAM,CAAA;AACvB,QAAA,uBAAuB,GAAG,eAAe,CAAA;AACzC,QAAA,0BAA0B,GAAG,kBAAkB,CAAA;AAC/C,QAAA,kBAAkB,GAAG,aAAa,CAAA;AAClC,QAAA,mBAAmB,GAAG,kCAAkC,CAAA;AAErE,uCAAuC;AAC1B,QAAA,mBAAmB,GAAG;IACjC,kCAAkC;IAClC,kCAAkC;IAClC,iCAAiC;IACjC,mCAAmC;IACnC,UAAU;IACV,cAAc;IACd,mBAAmB;IACnB,WAAW;IACX,QAAQ;IACR,SAAS;IACT,kBAAkB;IAClB,SAAS;IACT,cAAc;IACd,gBAAgB;IAChB,OAAO;IACP,SAAS;IACT,cAAc;IACd,SAAS;IACT,aAAa;IACb,KAAK;IACL,UAAU;IACV,QAAQ;IACR,QAAQ;IACR,YAAY;IACZ,UAAU;IACV,OAAO;IACP,SAAS;IACT,cAAc;IACd,OAAO;IACP,cAAc;IACd,iBAAiB;IACjB,kBAAkB;IAClB,aAAa;IACb,SAAS;IACT,YAAY;IACZ,qBAAqB;IACrB,oBAAoB;IACpB,oBAAoB;IACpB,mBAAmB;IACnB,UAAU;IACV,eAAe;IACf,mBAAmB;CACpB,CAAA"}

package/dist/helpers/ci.js

@@ -50,6 +50,7 @@ const resolveTilde = (filePath) => {
     return filePath;
 };
 const getCISpanTags = () => {
+    var _a;
     const env = process.env;
     let tags = {};
     if (env.CIRCLECI) {
@@ -355,6 +356,14 @@ const getCISpanTags = () => {
         const ref = (0, utils_1.normalizeRef)(CF_BRANCH);
         tags[refKey] = ref;
     }
+    if ((_a = env.CODEBUILD_INITIATOR) === null || _a === void 0 ? void 0 : _a.startsWith('codepipeline')) {
+        const { CODEBUILD_BUILD_ARN, DD_ACTION_EXECUTION_ID, DD_PIPELINE_EXECUTION_ID } = env;
+        tags = {
+            [tags_1.CI_PROVIDER_NAME]: 'awscodepipeline',
+            [tags_1.CI_PIPELINE_ID]: DD_PIPELINE_EXECUTION_ID,
+            [tags_1.CI_ENV_VARS]: JSON.stringify({ CODEBUILD_BUILD_ARN, DD_PIPELINE_EXECUTION_ID, DD_ACTION_EXECUTION_ID }),
+        };
+    }
     if (tags[tags_1.CI_WORKSPACE_PATH]) {
         tags[tags_1.CI_WORKSPACE_PATH] = resolveTilde(tags[tags_1.CI_WORKSPACE_PATH]);
     }