@soos-io/soos-sbom 0.1.10-pre.1 → 0.1.10

package/README.md

@@ -1,42 +1,42 @@
-# [SOOS SBOM](https://soos.io/products/sbom-manager)
-
-SOOS is an independent software security company, located in Winooski, VT USA, building security software for your team. [SOOS, Software security, simplified](https://soos.io).
-
-Use SOOS to scan your software for [vulnerabilities](https://app.soos.io/research/vulnerabilities) and [open source license](https://app.soos.io/research/licenses) issues with [SOOS Core SCA](https://soos.io/products/sca). [Generate and ingest SBOMs](https://soos.io/products/sbom-manager). [Export reports](https://kb.soos.io/help/soos-reports-for-export) to industry standards. Govern your open source dependencies. Run the [SOOS DAST vulnerability scanner](https://soos.io/products/dast) against your web apps or APIs. [Scan your Docker containers](https://soos.io/products/containers) for vulnerabilities. Check your source code for issues with [SAST Analysis](https://soos.io/products/sast).
-
-[Demo SOOS](https://app.soos.io/demo) or [Register for a Free Trial](https://app.soos.io/register).
-
-If you maintain an Open Source project, sign up for the Free as in Beer [SOOS Community Edition](https://soos.io/products/community-edition).
-
-## Requirements
-  - [npm](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm)
-  
-## Installation
-
-### Globally
-run `npm i -g @soos-io/soos-sbom@latest`
-Then Run `soos-sbom` from any terminal and add the parameters you want.
-
-### Locally
-run `npm install --prefix ./soos @soos-io/soos-sbom`
-Then run from the same terminal `node ./soos/node_modules/@soos-io/soos-sbom/bin/index.js`
-
-## Client Parameters
-
-
-| Argument                | Default                                   | Description                                                                                                                          |
-| ----------------------- | ----------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ |
-| `--apiKey`              |  | SOOS API Key - get yours from [SOOS Integration](https://app.soos.io/integrate/sbom). Uses `SOOS_API_KEY` env value if present.      |
-| `--branchName`          |                                     | The name of the branch from the SCM System.                                                                                         |
-| `--branchURI`           |                                     | The URI to the branch from the SCM System.                                                                                          |
-| `--buildURI`            |                                     | URI to CI build info.                                                                                                               |
-| `--buildVersion`        |                                     | Version of application build artifacts.                                                                                             |
-| `--clientId`            |  | SOOS Client ID - get yours from [SOOS Integration](https://app.soos.io/integrate/sbom). Uses `SOOS_API_CLIENT` env value if present.                                           |
-| `--commitHash`          |                                     | The commit hash value from the SCM System.                                                                                         |
-| `--logLevel`            | `INFO`                          | Minimum level to show logs: PASS, IGNORE, INFO, WARN, or FAIL.                                                                      |
-| `--onFailure`            | `continue_on_failure`                     | Action to perform when the scan fails. Options: fail_the_build, continue_on_failure.                                                 |
-| `--operatingEnvironment`|                                     | Set Operating environment for information purposes only.                                                                           |
-| `--otherOptions`        |                                     | Other Options to pass to syft.                                                                                                      |
-| `--projectName`         |                                        | Project Name - this is what will be displayed in the SOOS app.                                                                     |
-| `--verbose`             | `false`                                   | Enable verbose logging.                                                                                                             |
-| `sbomPath`              |                                        | The SBOM File to scan, it could be the location of the file or the file itself. When location is specified only the first file found will be scanned. |
+# [SOOS SBOM](https://soos.io/products/sbom-manager)
+
+SOOS is an independent software security company, located in Winooski, VT USA, building security software for your team. [SOOS, Software security, simplified](https://soos.io).
+
+Use SOOS to scan your software for [vulnerabilities](https://app.soos.io/research/vulnerabilities) and [open source license](https://app.soos.io/research/licenses) issues with [SOOS Core SCA](https://soos.io/products/sca). [Generate and ingest SBOMs](https://soos.io/products/sbom-manager). [Export reports](https://kb.soos.io/help/soos-reports-for-export) to industry standards. Govern your open source dependencies. Run the [SOOS DAST vulnerability scanner](https://soos.io/products/dast) against your web apps or APIs. [Scan your Docker containers](https://soos.io/products/containers) for vulnerabilities. Check your source code for issues with [SAST Analysis](https://soos.io/products/sast).
+
+[Demo SOOS](https://app.soos.io/demo) or [Register for a Free Trial](https://app.soos.io/register).
+
+If you maintain an Open Source project, sign up for the Free as in Beer [SOOS Community Edition](https://soos.io/products/community-edition).
+
+## Requirements
+  - [npm](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm)
+  
+## Installation
+
+### Globally
+run `npm i -g @soos-io/soos-sbom@latest`
+Then Run `soos-sbom` from any terminal and add the parameters you want.
+
+### Locally
+run `npm install --prefix ./soos @soos-io/soos-sbom`
+Then run from the same terminal `node ./soos/node_modules/@soos-io/soos-sbom/bin/index.js`
+
+## Client Parameters
+
+
+| Argument                | Default                                   | Description                                                                                                                          |
+| ----------------------- | ----------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ |
+| `--apiKey`              |  | SOOS API Key - get yours from [SOOS Integration](https://app.soos.io/integrate/sbom). Uses `SOOS_API_KEY` env value if present.      |
+| `--branchName`          |                                     | The name of the branch from the SCM System.                                                                                         |
+| `--branchURI`           |                                     | The URI to the branch from the SCM System.                                                                                          |
+| `--buildURI`            |                                     | URI to CI build info.                                                                                                               |
+| `--buildVersion`        |                                     | Version of application build artifacts.                                                                                             |
+| `--clientId`            |  | SOOS Client ID - get yours from [SOOS Integration](https://app.soos.io/integrate/sbom). Uses `SOOS_API_CLIENT` env value if present.                                           |
+| `--commitHash`          |                                     | The commit hash value from the SCM System.                                                                                         |
+| `--logLevel`            | `INFO`                          | Minimum level to show logs: PASS, IGNORE, INFO, WARN, or FAIL.                                                                      |
+| `--onFailure`            | `continue_on_failure`                     | Action to perform when the scan fails. Options: fail_the_build, continue_on_failure.                                                 |
+| `--operatingEnvironment`|                                     | Set Operating environment for information purposes only.                                                                           |
+| `--otherOptions`        |                                     | Other Options to pass to syft.                                                                                                      |
+| `--projectName`         |                                        | Project Name - this is what will be displayed in the SOOS app.                                                                     |
+| `--verbose`             | `false`                                   | Enable verbose logging.                                                                                                             |
+| `sbomPath`              |                                        | The SBOM File to scan, it could be the location of the file or the file itself. When location is specified only the first file found will be scanned. |

package/package.json

@@ -1,44 +1,44 @@
-{
-  "name": "@soos-io/soos-sbom",
-  "version": "0.1.10-pre.1",
-  "description": "SOOS wrapper script to upload SBOMs.",
-  "main": "bin/index.js",
-  "scripts": {
-    "setup:install": "npm install",
-    "setup:clean-install": "npm ci",
-    "setup:update": "npx npm-check -u",
-    "setup:clean": "npx rimraf node_modules && npx rimraf package-lock.json",
-    "build": "tsc",
-    "build:clean": "npx rimraf build",
-    "format": "prettier ./src --check",
-    "format:fix": "prettier ./src --write",
-    "typecheck": "tsc --noEmit",
-    "check": "npm run format && npm run typecheck && npm outdated",
-    "patch-api-client": "npm version patch --no-git-tag-version && npm run setup:clean && npm install @soos-io/api-client@latest --save-exact && npm install && npm run check"
-  },
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/soos-io/soos-sbom.git"
-  },
-  "author": "SOOS",
-  "license": "MIT",
-  "bugs": {
-    "url": "https://github.com/soos-io/soos-sbom/issues"
-  },
-  "homepage": "https://github.com/soos-io/soos-sbom#readme",
-  "dependencies": {
-    "@soos-io/api-client": "0.2.29",
-    "argparse": "^2.0.1",
-    "glob": "^10.3.10",
-    "tslib": "^2.6.2"
-  },
-  "devDependencies": {
-    "@types/argparse": "^2.0.14",
-    "@types/node": "^20.11.5",
-    "prettier": "^3.2.4",
-    "typescript": "^5.3.3"
-  },
-  "bin": {
-    "soos-sbom": "bin/index.js"
-  }
-}
+{
+  "name": "@soos-io/soos-sbom",
+  "version": "0.1.10",
+  "description": "SOOS wrapper script to upload SBOMs.",
+  "main": "bin/index.js",
+  "scripts": {
+    "setup:install": "npm install",
+    "setup:clean-install": "npm ci",
+    "setup:update": "npx npm-check -u",
+    "setup:clean": "npx rimraf node_modules && npx rimraf package-lock.json",
+    "build": "tsc",
+    "build:clean": "npx rimraf build",
+    "format": "prettier ./src --check",
+    "format:fix": "prettier ./src --write",
+    "typecheck": "tsc --noEmit",
+    "check": "npm run format && npm run typecheck && npm outdated",
+    "patch-api-client": "npm version patch --no-git-tag-version && npm run setup:clean && npm install @soos-io/api-client@latest --save-exact && npm install && npm run check"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/soos-io/soos-sbom.git"
+  },
+  "author": "SOOS",
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/soos-io/soos-sbom/issues"
+  },
+  "homepage": "https://github.com/soos-io/soos-sbom#readme",
+  "dependencies": {
+    "@soos-io/api-client": "0.2.29",
+    "argparse": "^2.0.1",
+    "glob": "^10.3.10",
+    "tslib": "^2.6.2"
+  },
+  "devDependencies": {
+    "@types/argparse": "^2.0.14",
+    "@types/node": "^20.11.5",
+    "prettier": "^3.2.4",
+    "typescript": "^5.3.3"
+  },
+  "bin": {
+    "soos-sbom": "bin/index.js"
+  }
+}

package/test-files/graphql.cdx.json

@@ -1,105 +1,105 @@
-{
-  "bomFormat": "CycloneDX",
-  "specVersion": "1.4",
-  "serialNumber": "urn:uuid:d01162e3-dadf-40cd-bbc8-6a5c1ec4e2f3",
-  "version": 1,
-  "metadata": {
-    "timestamp": "2023-09-27T00:24:23Z",
-    "tools": [
-      {
-        "vendor": "SOOS",
-        "name": "SOOS SCA",
-        "version": "31.12.0.1",
-        "externalReferences": [
-          {
-            "url": "https://soos.io/",
-            "type": "website"
-          },
-          {
-            "url": "https://soos.io/terms-of-service",
-            "type": "license",
-            "comment": "SOOS is providing this SBOM for non-commercial use. By downloading an SBOM from SOOS, you agree to all applicable terms at https://soos.io/terms-of-service. If you are interested in commercial SBOM access please contact sales@soos.io"
-          }
-        ]
-      }
-    ],
-    "authors": [
-      {
-        "email": "support@soos.io"
-      }
-    ],
-    "component": {
-      "type": "application",
-      "author": "  (support@soos.io)",
-      "publisher": "SOOS",
-      "name": "graphql",
-      "description": "SOOS SCA scan against pkg:npm/graphql@16.8.1",
-      "hashes": [
-        {
-          "alg": "SHA-256",
-          "content": "fc511a27f8e66409eaad43c808737eed838a6c72640b71bb32c602267c155c4b"
-        }
-      ]
-    },
-    "licenses": [
-      {
-        "license": {
-          "id": "CC0-1.0"
-        }
-      }
-    ]
-  },
-  "components": [
-    {
-      "type": "library",
-      "bom-ref": "pkg:npm/graphql@16.8.1",
-      "supplier": {
-        "name": "graphql",
-        "url": [
-          "https://github.com/graphql/graphql-js"
-        ],
-        "contact": []
-      },
-      "name": "graphql",
-      "version": "16.8.1",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "1930a965bef1170603702acdb68aedd3f3cf6f07"
-        }
-      ],
-      "licenses": [
-        {
-          "license": {
-            "id": "MIT"
-          }
-        }
-      ],
-      "purl": "pkg:npm/graphql@16.8.1",
-      "externalReferences": [
-        {
-          "url": "https://www.npmjs.com/package/graphql/v/16.8.1",
-          "type": "website"
-        }
-      ]
-    }
-  ],
-  "dependencies": [
-    {
-      "ref": "pkg:npm/graphql@16.8.1",
-      "dependsOn": []
-    }
-  ],
-  "compositions": [
-    {
-      "aggregate": "complete",
-      "dependencies": [
-        "pkg:npm/graphql@16.8.1"
-      ]
-    },
-    {
-      "aggregate": "incomplete",
-      "dependencies": []
-    }
-  ]
+{
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.4",
+  "serialNumber": "urn:uuid:d01162e3-dadf-40cd-bbc8-6a5c1ec4e2f3",
+  "version": 1,
+  "metadata": {
+    "timestamp": "2023-09-27T00:24:23Z",
+    "tools": [
+      {
+        "vendor": "SOOS",
+        "name": "SOOS SCA",
+        "version": "31.12.0.1",
+        "externalReferences": [
+          {
+            "url": "https://soos.io/",
+            "type": "website"
+          },
+          {
+            "url": "https://soos.io/terms-of-service",
+            "type": "license",
+            "comment": "SOOS is providing this SBOM for non-commercial use. By downloading an SBOM from SOOS, you agree to all applicable terms at https://soos.io/terms-of-service. If you are interested in commercial SBOM access please contact sales@soos.io"
+          }
+        ]
+      }
+    ],
+    "authors": [
+      {
+        "email": "support@soos.io"
+      }
+    ],
+    "component": {
+      "type": "application",
+      "author": "  (support@soos.io)",
+      "publisher": "SOOS",
+      "name": "graphql",
+      "description": "SOOS SCA scan against pkg:npm/graphql@16.8.1",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "fc511a27f8e66409eaad43c808737eed838a6c72640b71bb32c602267c155c4b"
+        }
+      ]
+    },
+    "licenses": [
+      {
+        "license": {
+          "id": "CC0-1.0"
+        }
+      }
+    ]
+  },
+  "components": [
+    {
+      "type": "library",
+      "bom-ref": "pkg:npm/graphql@16.8.1",
+      "supplier": {
+        "name": "graphql",
+        "url": [
+          "https://github.com/graphql/graphql-js"
+        ],
+        "contact": []
+      },
+      "name": "graphql",
+      "version": "16.8.1",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "1930a965bef1170603702acdb68aedd3f3cf6f07"
+        }
+      ],
+      "licenses": [
+        {
+          "license": {
+            "id": "MIT"
+          }
+        }
+      ],
+      "purl": "pkg:npm/graphql@16.8.1",
+      "externalReferences": [
+        {
+          "url": "https://www.npmjs.com/package/graphql/v/16.8.1",
+          "type": "website"
+        }
+      ]
+    }
+  ],
+  "dependencies": [
+    {
+      "ref": "pkg:npm/graphql@16.8.1",
+      "dependsOn": []
+    }
+  ],
+  "compositions": [
+    {
+      "aggregate": "complete",
+      "dependencies": [
+        "pkg:npm/graphql@16.8.1"
+      ]
+    },
+    {
+      "aggregate": "incomplete",
+      "dependencies": []
+    }
+  ]
 }