@soos-io/soos-sbom 0.1.12-pre.1 → 0.1.12-pre.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/constants.d.ts +3 -0
- package/bin/constants.js +6 -0
- package/bin/index.d.ts +2 -0
- package/bin/index.js +150 -0
- package/package.json +1 -1
package/bin/constants.js
ADDED
package/bin/index.d.ts
ADDED
package/bin/index.js
ADDED
|
@@ -0,0 +1,150 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
"use strict";
|
|
3
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
4
|
+
const tslib_1 = require("tslib");
|
|
5
|
+
const api_client_1 = require("@soos-io/api-client");
|
|
6
|
+
const utilities_1 = require("@soos-io/api-client/dist/utilities");
|
|
7
|
+
const FileSystem = tslib_1.__importStar(require("fs"));
|
|
8
|
+
const Path = tslib_1.__importStar(require("path"));
|
|
9
|
+
const process_1 = require("process");
|
|
10
|
+
const AnalysisArgumentParser_1 = tslib_1.__importDefault(require("@soos-io/api-client/dist/services/AnalysisArgumentParser"));
|
|
11
|
+
const package_json_1 = require("../package.json");
|
|
12
|
+
const AnalysisService_1 = tslib_1.__importDefault(require("@soos-io/api-client/dist/services/AnalysisService"));
|
|
13
|
+
const constants_1 = require("./constants");
|
|
14
|
+
class SOOSSBOMAnalysis {
|
|
15
|
+
constructor(args) {
|
|
16
|
+
this.args = args;
|
|
17
|
+
}
|
|
18
|
+
static parseArgs() {
|
|
19
|
+
const analysisArgumentParser = AnalysisArgumentParser_1.default.create(api_client_1.IntegrationName.SoosSbom, api_client_1.IntegrationType.Script, api_client_1.ScanType.SBOM, package_json_1.version);
|
|
20
|
+
analysisArgumentParser.addBaseScanArguments();
|
|
21
|
+
analysisArgumentParser.argumentParser.add_argument("sbomPath", {
|
|
22
|
+
help: "The SBOM File to scan, it could be the location of the file or the file itself. When location is specified only the first file found will be scanned.",
|
|
23
|
+
});
|
|
24
|
+
api_client_1.soosLogger.info("Parsing arguments");
|
|
25
|
+
return analysisArgumentParser.parseArguments();
|
|
26
|
+
}
|
|
27
|
+
async runAnalysis() {
|
|
28
|
+
const scanType = api_client_1.ScanType.SBOM;
|
|
29
|
+
const soosAnalysisService = AnalysisService_1.default.create(this.args.apiKey, this.args.apiURL);
|
|
30
|
+
let projectHash;
|
|
31
|
+
let branchHash;
|
|
32
|
+
let analysisId;
|
|
33
|
+
let scanStatusUrl;
|
|
34
|
+
const sbomFilePath = await this.findSbomFilePath();
|
|
35
|
+
try {
|
|
36
|
+
const result = await soosAnalysisService.setupScan({
|
|
37
|
+
clientId: this.args.clientId,
|
|
38
|
+
projectName: this.args.projectName,
|
|
39
|
+
branchName: this.args.branchName,
|
|
40
|
+
commitHash: this.args.commitHash,
|
|
41
|
+
buildVersion: this.args.buildVersion,
|
|
42
|
+
buildUri: this.args.buildURI,
|
|
43
|
+
branchUri: this.args.branchURI,
|
|
44
|
+
operatingEnvironment: this.args.operatingEnvironment,
|
|
45
|
+
integrationName: this.args.integrationName,
|
|
46
|
+
integrationType: this.args.integrationType,
|
|
47
|
+
appVersion: this.args.appVersion,
|
|
48
|
+
scriptVersion: this.args.scriptVersion,
|
|
49
|
+
contributingDeveloperAudit: !this.args.contributingDeveloperId ||
|
|
50
|
+
!this.args.contributingDeveloperSource ||
|
|
51
|
+
!this.args.contributingDeveloperSourceName
|
|
52
|
+
? []
|
|
53
|
+
: [
|
|
54
|
+
{
|
|
55
|
+
contributingDeveloperId: this.args.contributingDeveloperId,
|
|
56
|
+
source: this.args.contributingDeveloperSource,
|
|
57
|
+
sourceName: this.args.contributingDeveloperSourceName,
|
|
58
|
+
},
|
|
59
|
+
],
|
|
60
|
+
scanType,
|
|
61
|
+
toolName: undefined,
|
|
62
|
+
toolVersion: undefined,
|
|
63
|
+
});
|
|
64
|
+
projectHash = result.projectHash;
|
|
65
|
+
branchHash = result.branchHash;
|
|
66
|
+
analysisId = result.analysisId;
|
|
67
|
+
scanStatusUrl = result.scanStatusUrl;
|
|
68
|
+
api_client_1.soosLogger.logLineSeparator();
|
|
69
|
+
api_client_1.soosLogger.info("Uploading SBOM File...");
|
|
70
|
+
const formData = await soosAnalysisService.getAnalysisFilesAsFormData([sbomFilePath], this.args.sbomPath);
|
|
71
|
+
const manifestUploadResponse = await soosAnalysisService.analysisApiClient.uploadManifestFiles({
|
|
72
|
+
clientId: this.args.clientId,
|
|
73
|
+
projectHash,
|
|
74
|
+
branchHash,
|
|
75
|
+
analysisId,
|
|
76
|
+
manifestFiles: formData,
|
|
77
|
+
hasMoreThanMaximumManifests: false,
|
|
78
|
+
});
|
|
79
|
+
api_client_1.soosLogger.info(` SBOM Files: \n`, ` ${manifestUploadResponse.message} \n`, manifestUploadResponse.manifests?.map((m) => ` ${m.name}: ${m.statusMessage}`).join("\n"));
|
|
80
|
+
api_client_1.soosLogger.logLineSeparator();
|
|
81
|
+
await soosAnalysisService.startScan({
|
|
82
|
+
clientId: this.args.clientId,
|
|
83
|
+
projectHash,
|
|
84
|
+
analysisId,
|
|
85
|
+
scanType,
|
|
86
|
+
scanUrl: result.scanUrl,
|
|
87
|
+
});
|
|
88
|
+
const scanStatus = await soosAnalysisService.waitForScanToFinish({
|
|
89
|
+
scanStatusUrl: result.scanStatusUrl,
|
|
90
|
+
scanUrl: result.scanUrl,
|
|
91
|
+
scanType,
|
|
92
|
+
});
|
|
93
|
+
const exitCodeWithMessage = (0, utilities_1.getAnalysisExitCodeWithMessage)(scanStatus, this.args.integrationName, this.args.onFailure);
|
|
94
|
+
api_client_1.soosLogger.always(`${exitCodeWithMessage.message} - exit ${exitCodeWithMessage.exitCode}`);
|
|
95
|
+
(0, process_1.exit)(exitCodeWithMessage.exitCode);
|
|
96
|
+
}
|
|
97
|
+
catch (error) {
|
|
98
|
+
if (projectHash && branchHash && analysisId) {
|
|
99
|
+
await soosAnalysisService.updateScanStatus({
|
|
100
|
+
clientId: this.args.clientId,
|
|
101
|
+
projectHash,
|
|
102
|
+
branchHash,
|
|
103
|
+
scanType,
|
|
104
|
+
analysisId: analysisId,
|
|
105
|
+
status: api_client_1.ScanStatus.Error,
|
|
106
|
+
message: "Error while performing scan.",
|
|
107
|
+
scanStatusUrl,
|
|
108
|
+
});
|
|
109
|
+
}
|
|
110
|
+
api_client_1.soosLogger.error(error);
|
|
111
|
+
api_client_1.soosLogger.always(`${error} - exit 1`);
|
|
112
|
+
(0, process_1.exit)(1);
|
|
113
|
+
}
|
|
114
|
+
}
|
|
115
|
+
async findSbomFilePath() {
|
|
116
|
+
const sbomPathStat = await FileSystem.statSync(this.args.sbomPath);
|
|
117
|
+
if (sbomPathStat.isDirectory()) {
|
|
118
|
+
const files = await FileSystem.promises.readdir(this.args.sbomPath);
|
|
119
|
+
const sbomFile = files.find((file) => constants_1.SOOS_SBOM_CONSTANTS.FileRegex.test(file));
|
|
120
|
+
if (!sbomFile) {
|
|
121
|
+
throw new Error("No SBOM file found in the directory.");
|
|
122
|
+
}
|
|
123
|
+
return Path.join(this.args.sbomPath, sbomFile);
|
|
124
|
+
}
|
|
125
|
+
if (!constants_1.SOOS_SBOM_CONSTANTS.FileRegex.test(this.args.sbomPath)) {
|
|
126
|
+
throw new Error("The file does not match the required SBOM pattern.");
|
|
127
|
+
}
|
|
128
|
+
return this.args.sbomPath;
|
|
129
|
+
}
|
|
130
|
+
static async createAndRun() {
|
|
131
|
+
api_client_1.soosLogger.info("Starting SOOS SBOM Analysis");
|
|
132
|
+
api_client_1.soosLogger.logLineSeparator();
|
|
133
|
+
try {
|
|
134
|
+
const args = this.parseArgs();
|
|
135
|
+
api_client_1.soosLogger.setMinLogLevel(args.logLevel);
|
|
136
|
+
api_client_1.soosLogger.setVerbose(args.verbose);
|
|
137
|
+
api_client_1.soosLogger.info("Configuration read");
|
|
138
|
+
api_client_1.soosLogger.verboseDebug(JSON.stringify((0, utilities_1.obfuscateProperties)(args, ["apiKey"]), null, 2));
|
|
139
|
+
api_client_1.soosLogger.logLineSeparator();
|
|
140
|
+
const soosSBOMAnalysis = new SOOSSBOMAnalysis(args);
|
|
141
|
+
await soosSBOMAnalysis.runAnalysis();
|
|
142
|
+
}
|
|
143
|
+
catch (error) {
|
|
144
|
+
api_client_1.soosLogger.error(`Error on createAndRun: ${error}`);
|
|
145
|
+
api_client_1.soosLogger.always(`Error on createAndRun: ${error} - exit 1`);
|
|
146
|
+
(0, process_1.exit)(1);
|
|
147
|
+
}
|
|
148
|
+
}
|
|
149
|
+
}
|
|
150
|
+
SOOSSBOMAnalysis.createAndRun();
|