@trustify-da/trustify-da-javascript-client 0.2.4-ea.13 → 0.2.4-ea.4321869
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +49 -1
- package/dist/package.json +7 -3
- package/dist/src/cli.js +56 -1
- package/package.json +7 -3
package/README.md
CHANGED
|
@@ -25,6 +25,14 @@ let stackAnalysis = await exhort.stackAnalysis('/path/to/pom.xml')
|
|
|
25
25
|
let stackAnalysisHtml = await exhort.stackAnalysis('/path/to/pom.xml', true)
|
|
26
26
|
// Get component analysis in JSON format
|
|
27
27
|
let componentAnalysis = await exhort.componentAnalysis('/path/to/pom.xml')
|
|
28
|
+
// Get image analysis in JSON format
|
|
29
|
+
let imageAnalysis = await exhort.imageAnalysis(['docker.io/library/node:18'])
|
|
30
|
+
// Get image analysis in HTML format (string)
|
|
31
|
+
let imageAnalysisHtml = await exhort.imageAnalysis(['docker.io/library/node:18'], true)
|
|
32
|
+
// Analyze multiple images
|
|
33
|
+
let multipleImagesAnalysis = await exhort.imageAnalysis(['docker.io/library/node:18', 'docker.io/library/python:3.9'])
|
|
34
|
+
// Specify architecture using ^^ notation (e.g., httpd:2.4.49^^amd64)
|
|
35
|
+
let imageAnalysisWithArch = await exhort.imageAnalysis(['httpd:2.4.49^^amd64'])
|
|
28
36
|
```
|
|
29
37
|
</li>
|
|
30
38
|
</ul>
|
|
@@ -68,11 +76,12 @@ Use as CLI Script
|
|
|
68
76
|
```shell
|
|
69
77
|
$ npx @trustify-da/trustify-da-javascript-client help
|
|
70
78
|
|
|
71
|
-
Usage: trustify-da-javascript-client {component|stack}
|
|
79
|
+
Usage: trustify-da-javascript-client {component|stack|image|validate-token}
|
|
72
80
|
|
|
73
81
|
Commands:
|
|
74
82
|
trustify-da-javascript-client stack </path/to/manifest> [--html|--summary] produce stack report for manifest path
|
|
75
83
|
trustify-da-javascript-client component <path/to/manifest> [--summary] produce component report for a manifest type and content
|
|
84
|
+
trustify-da-javascript-client image <image-refs..> [--html|--summary] produce image analysis report for OCI image references
|
|
76
85
|
|
|
77
86
|
Options:
|
|
78
87
|
--help Show help [boolean]
|
|
@@ -91,6 +100,22 @@ $ npx @trustify-da/trustify-da-javascript-client stack /path/to/pom.xml --html
|
|
|
91
100
|
|
|
92
101
|
# get component analysis
|
|
93
102
|
$ npx @trustify-da/trustify-da-javascript-client component /path/to/pom.xml
|
|
103
|
+
|
|
104
|
+
# get image analysis in json format
|
|
105
|
+
$ npx @trustify-da/trustify-da-javascript-client image docker.io/library/node:18
|
|
106
|
+
|
|
107
|
+
# get image analysis in json format (summary only)
|
|
108
|
+
# Note: summary returns an object with imageRef as key
|
|
109
|
+
$ npx @trustify-da/trustify-da-javascript-client image docker.io/library/node:18 --summary
|
|
110
|
+
|
|
111
|
+
# get image analysis in html format
|
|
112
|
+
$ npx @trustify-da/trustify-da-javascript-client image docker.io/library/node:18 --html
|
|
113
|
+
|
|
114
|
+
# analyze multiple images
|
|
115
|
+
$ npx @trustify-da/trustify-da-javascript-client image docker.io/library/node:18 docker.io/library/python:3.9
|
|
116
|
+
|
|
117
|
+
# specify architecture using ^^ notation (e.g., httpd:2.4.49^^amd64)
|
|
118
|
+
$ npx @trustify-da/trustify-da-javascript-client image httpd:2.4.49^^amd64
|
|
94
119
|
```
|
|
95
120
|
</li>
|
|
96
121
|
|
|
@@ -113,6 +138,22 @@ $ trustify-da-javascript-client stack /path/to/pom.xml --html
|
|
|
113
138
|
|
|
114
139
|
# get component analysis
|
|
115
140
|
$ trustify-da-javascript-client component /path/to/pom.xml
|
|
141
|
+
|
|
142
|
+
# get image analysis in json format
|
|
143
|
+
$ trustify-da-javascript-client image docker.io/library/node:18
|
|
144
|
+
|
|
145
|
+
# get image analysis in json format (summary only)
|
|
146
|
+
# Note: summary returns an object with imageRef as key
|
|
147
|
+
$ trustify-da-javascript-client image docker.io/library/node:18 --summary
|
|
148
|
+
|
|
149
|
+
# get image analysis in html format
|
|
150
|
+
$ trustify-da-javascript-client image docker.io/library/node:18 --html
|
|
151
|
+
|
|
152
|
+
# analyze multiple images
|
|
153
|
+
$ trustify-da-javascript-client image docker.io/library/node:18 docker.io/library/python:3.9
|
|
154
|
+
|
|
155
|
+
# specify architecture using ^^ notation (e.g., httpd:2.4.49^^amd64)
|
|
156
|
+
$ trustify-da-javascript-client image httpd:2.4.49^^amd64
|
|
116
157
|
```
|
|
117
158
|
</li>
|
|
118
159
|
</ul>
|
|
@@ -288,6 +329,13 @@ let stackAnalysisHtml = await exhort.stackAnalysis('/path/to/pom.xml', true, opt
|
|
|
288
329
|
|
|
289
330
|
// Get component analysis in JSON format
|
|
290
331
|
let componentAnalysis = await exhort.componentAnalysis('/path/to/pom.xml', options)
|
|
332
|
+
|
|
333
|
+
// Get image analysis in JSON format
|
|
334
|
+
let imageAnalysis = await exhort.imageAnalysis(['docker.io/library/node:18'], false, options)
|
|
335
|
+
// Get image analysis in HTML format in string
|
|
336
|
+
let imageAnalysisHtml = await exhort.imageAnalysis(['docker.io/library/node:18'], true, options)
|
|
337
|
+
// Specify architecture using ^^ notation (e.g., httpd:2.4.49^^amd64)
|
|
338
|
+
let imageAnalysisWithArch = await exhort.imageAnalysis(['httpd:2.4.49^^amd64'], false, options)
|
|
291
339
|
```
|
|
292
340
|
**_Environment variables takes precedence._**
|
|
293
341
|
</p>
|
package/dist/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@trustify-da/trustify-da-javascript-client",
|
|
3
|
-
"version": "0.2.4
|
|
3
|
+
"version": "0.2.4",
|
|
4
4
|
"description": "Code-Ready Dependency Analytics JavaScript API.",
|
|
5
5
|
"license": "Apache-2.0",
|
|
6
6
|
"homepage": "https://github.com/guacsec/trustify-da-javascript-client#README.md",
|
|
@@ -15,8 +15,12 @@
|
|
|
15
15
|
"vulnerability"
|
|
16
16
|
],
|
|
17
17
|
"engines": {
|
|
18
|
-
"node": ">=
|
|
19
|
-
"npm": ">=
|
|
18
|
+
"node": ">= 20.0.0",
|
|
19
|
+
"npm": ">= 11.5.1"
|
|
20
|
+
},
|
|
21
|
+
"publishConfig": {
|
|
22
|
+
"access": "public",
|
|
23
|
+
"provenance": true
|
|
20
24
|
},
|
|
21
25
|
"type": "module",
|
|
22
26
|
"bin": "dist/src/cli.js",
|
package/dist/src/cli.js
CHANGED
|
@@ -43,6 +43,60 @@ const validateToken = {
|
|
|
43
43
|
console.log(res);
|
|
44
44
|
}
|
|
45
45
|
};
|
|
46
|
+
// command for image analysis takes OCI image references
|
|
47
|
+
const image = {
|
|
48
|
+
command: 'image <image-refs..>',
|
|
49
|
+
desc: 'produce image analysis report for OCI image references',
|
|
50
|
+
builder: yargs => yargs.positional('image-refs', {
|
|
51
|
+
desc: 'OCI image references to analyze (one or more)',
|
|
52
|
+
type: 'string',
|
|
53
|
+
array: true,
|
|
54
|
+
}).options({
|
|
55
|
+
html: {
|
|
56
|
+
alias: 'r',
|
|
57
|
+
desc: 'Get the report as HTML instead of JSON',
|
|
58
|
+
type: 'boolean',
|
|
59
|
+
conflicts: 'summary'
|
|
60
|
+
},
|
|
61
|
+
summary: {
|
|
62
|
+
alias: 's',
|
|
63
|
+
desc: 'For JSON report, get only the \'summary\'',
|
|
64
|
+
type: 'boolean',
|
|
65
|
+
conflicts: 'html'
|
|
66
|
+
}
|
|
67
|
+
}),
|
|
68
|
+
handler: async (args) => {
|
|
69
|
+
let imageRefs = args['image-refs'];
|
|
70
|
+
if (!Array.isArray(imageRefs)) {
|
|
71
|
+
imageRefs = [imageRefs];
|
|
72
|
+
}
|
|
73
|
+
let html = args['html'];
|
|
74
|
+
let summary = args['summary'];
|
|
75
|
+
let res = await exhort.imageAnalysis(imageRefs, html);
|
|
76
|
+
if (summary && !html) {
|
|
77
|
+
let summaries = {};
|
|
78
|
+
for (let [imageRef, report] of Object.entries(res)) {
|
|
79
|
+
for (let provider in report.providers) {
|
|
80
|
+
if (report.providers[provider].sources !== undefined) {
|
|
81
|
+
for (let source in report.providers[provider].sources) {
|
|
82
|
+
if (report.providers[provider].sources[source].summary) {
|
|
83
|
+
if (!summaries[imageRef]) {
|
|
84
|
+
summaries[imageRef] = {};
|
|
85
|
+
}
|
|
86
|
+
if (!summaries[imageRef][provider]) {
|
|
87
|
+
summaries[imageRef][provider] = {};
|
|
88
|
+
}
|
|
89
|
+
summaries[imageRef][provider][source] = report.providers[provider].sources[source].summary;
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
}
|
|
94
|
+
}
|
|
95
|
+
res = summaries;
|
|
96
|
+
}
|
|
97
|
+
console.log(html ? res : JSON.stringify(res, null, 2));
|
|
98
|
+
}
|
|
99
|
+
};
|
|
46
100
|
// command for stack analysis takes a manifest path
|
|
47
101
|
const stack = {
|
|
48
102
|
command: 'stack </path/to/manifest> [--html|--summary]',
|
|
@@ -91,9 +145,10 @@ const stack = {
|
|
|
91
145
|
};
|
|
92
146
|
// parse and invoke the command
|
|
93
147
|
yargs(hideBin(process.argv))
|
|
94
|
-
.usage(`Usage: ${process.argv[0].includes("node") ? path.parse(process.argv[1]).base : path.parse(process.argv[0]).base} {component|stack|validate-token}`)
|
|
148
|
+
.usage(`Usage: ${process.argv[0].includes("node") ? path.parse(process.argv[1]).base : path.parse(process.argv[0]).base} {component|stack|image|validate-token}`)
|
|
95
149
|
.command(stack)
|
|
96
150
|
.command(component)
|
|
151
|
+
.command(image)
|
|
97
152
|
.command(validateToken)
|
|
98
153
|
.scriptName('')
|
|
99
154
|
.version(false)
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@trustify-da/trustify-da-javascript-client",
|
|
3
|
-
"version": "0.2.4-ea.
|
|
3
|
+
"version": "0.2.4-ea.4321869",
|
|
4
4
|
"description": "Code-Ready Dependency Analytics JavaScript API.",
|
|
5
5
|
"license": "Apache-2.0",
|
|
6
6
|
"homepage": "https://github.com/guacsec/trustify-da-javascript-client#README.md",
|
|
@@ -15,8 +15,12 @@
|
|
|
15
15
|
"vulnerability"
|
|
16
16
|
],
|
|
17
17
|
"engines": {
|
|
18
|
-
"node": ">=
|
|
19
|
-
"npm": ">=
|
|
18
|
+
"node": ">= 20.0.0",
|
|
19
|
+
"npm": ">= 11.5.1"
|
|
20
|
+
},
|
|
21
|
+
"publishConfig": {
|
|
22
|
+
"access": "public",
|
|
23
|
+
"provenance": true
|
|
20
24
|
},
|
|
21
25
|
"type": "module",
|
|
22
26
|
"bin": "dist/src/cli.js",
|