deno docker

Signed-off-by: Prabhu Subramanian <[email protected]> Use python3. Adds virtualenv Signed-off-by: Prabhu Subramanian <[email protected]> Couple of deno tests Signed-off-by: Prabhu Subramanian <[email protected]> Debug for troubleshooting Signed-off-by: Prabhu Subramanian <[email protected]> mvnw.cmd for windows Signed-off-by: Prabhu Subramanian <[email protected]> Validation feature Signed-off-by: Prabhu Subramanian <[email protected]> Validation feature Signed-off-by: Prabhu Subramanian <[email protected]> Validation feature Signed-off-by: Prabhu Subramanian <[email protected]> Validation feature Signed-off-by: Prabhu Subramanian <[email protected]> Component evidence feature Signed-off-by: Prabhu Subramanian <[email protected]> Print dependency tree Signed-off-by: Prabhu Subramanian <[email protected]>
CycloneDX · Jul 6, 2023 · 7350072 · 7350072
1 parent c527c2d
commit 7350072
Show file tree

Hide file tree

Showing 25 changed files with 5,894 additions and 457 deletions.
diff --git a/.github/workflows/dockertests.yml b/.github/workflows/dockertests.yml
@@ -42,30 +42,17 @@ jobs:
           path: 'repotests/grafana-operator'
       - name: dockertests
         run: |
-          wget https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.24.2/cyclonedx-linux-x64
-          mv cyclonedx-linux-x64 cyclonedx
-          chmod +x cyclonedx
-          pip install -r contrib/requirements.txt
-          bin/cdxgen.js phpmyadmin@sha256:1092481630056189e43cc0fe66fd01defcc9334d78ab4611b22f65e9a39869bd -p -o bomresults/bom-phpmyadmin.json
-          python contrib/bom-validate.py --json bomresults/bom-phpmyadmin.json
-          bin/cdxgen.js shiftleft/scan-slim -o bomresults/bom-scanslim.json -p -t docker
-          python contrib/bom-validate.py --json bomresults/bom-scanslim.json
-          bin/cdxgen.js redmine@sha256:a5c5f8a64a0d9a436a0a6941bc3fb156be0c89996add834fe33b66ebeed2439e -p -o bomresults/bom-redmine.json
-          python contrib/bom-validate.py --json bomresults/bom-redmine.json
-          bin/cdxgen.js rocket.chat@sha256:379f7afa0e67497c363ac9a9b3e7e6a6d31deee228233307c987e4a0c68b28e6 -p -o bomresults/bom-rocket.json
-          python contrib/bom-validate.py --json bomresults/bom-rocket.json
-          bin/cdxgen.js sonarqube@sha256:7c0edcb99c964984db6d24330db33bb12de1e8ae0d5974d77640b1efea1483d1 -p -o bomresults/bom-sonar.json
-          python contrib/bom-validate.py --json bomresults/bom-sonar.json
-          bin/cdxgen.js zookeeper@sha256:5bf00616677db5ef57d8a2da7c5dadf67f1a6be54b0c33a79be3332c9c80aeb6 -p -o bomresults/bom-zoo.json
-          python contrib/bom-validate.py --json bomresults/bom-zoo.json
+          bin/cdxgen.js phpmyadmin@sha256:1092481630056189e43cc0fe66fd01defcc9334d78ab4611b22f65e9a39869bd -p -o bomresults/bom-phpmyadmin.json --validate
+          bin/cdxgen.js shiftleft/scan-slim -o bomresults/bom-scanslim.json -p -t docker --validate
+          bin/cdxgen.js redmine@sha256:a5c5f8a64a0d9a436a0a6941bc3fb156be0c89996add834fe33b66ebeed2439e -p -o bomresults/bom-redmine.json --validate
+          bin/cdxgen.js rocket.chat@sha256:379f7afa0e67497c363ac9a9b3e7e6a6d31deee228233307c987e4a0c68b28e6 -p -o bomresults/bom-rocket.json --validate
+          bin/cdxgen.js sonarqube@sha256:7c0edcb99c964984db6d24330db33bb12de1e8ae0d5974d77640b1efea1483d1 -p -o bomresults/bom-sonar.json --validate
+          bin/cdxgen.js zookeeper@sha256:5bf00616677db5ef57d8a2da7c5dadf67f1a6be54b0c33a79be3332c9c80aeb6 -p -o bomresults/bom-zoo.json --validate
           docker pull shiftleft/scan-slim:latest
           docker save -o /tmp/scanslim.tar shiftleft/scan-slim:latest
-          bin/cdxgen.js /tmp/scanslim.tar -o bomresults/bom-scanarch.json
-          python contrib/bom-validate.py --json bomresults/bom-scanarch.json
-          bin/cdxgen.js -t docker-compose test/data -o bomresults/bom-dc.json
-          python contrib/bom-validate.py --json bomresults/bom-dc.json
-          bin/cdxgen.js -t operator repotests/grafana-operator -o bomresults/bom-op.json
-          python contrib/bom-validate.py --json bomresults/bom-op.json
+          bin/cdxgen.js /tmp/scanslim.tar -o bomresults/bom-scanarch.json --validate
+          bin/cdxgen.js -t docker-compose test/data -o bomresults/bom-dc.json --validate
+          bin/cdxgen.js -t operator repotests/grafana-operator -o bomresults/bom-op.json --validate
           ls -ltr bomresults
       - uses: actions/upload-artifact@v1
         with:
@@ -99,12 +86,7 @@ jobs:
           CI: true
       - name: ostests
         run: |
-          wget https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.24.2/cyclonedx-linux-x64
-          mv cyclonedx-linux-x64 cyclonedx
-          chmod +x cyclonedx
-          pip install -r contrib/requirements.txt
-          bin/cdxgen.js -t os -o bomresults/bom-os.json
-          python contrib/bom-validate.py --json bomresults/bom-os.json
+          bin/cdxgen.js -t os -o bomresults/bom-os.json --validate
         env:
           CDXGEN_DEBUG_MODE: debug
       - uses: actions/upload-artifact@v1
@@ -139,10 +121,7 @@ jobs:
           CI: true
       - name: wintests
         run: |
-          Invoke-WebRequest -Uri https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.24.2/cyclonedx-win-x64.exe -UseBasicParsing -OutFile cyclonedx.exe
-          node bin/cdxgen.js -t os -o bomresults/bom-win.json
-          python -m pip install -r contrib/requirements.txt
-          python contrib/bom-validate.py --json bomresults/bom-win.json
+          node bin/cdxgen.js -t os -o bomresults/bom-win.json --validate
           dir bomresults
         env:
           CDXGEN_DEBUG_MODE: debug

diff --git a/.github/workflows/npm-release.yml b/.github/workflows/npm-release.yml
@@ -54,10 +54,25 @@ jobs:
         images: |
           ghcr.io/cyclonedx/cdxgen
     - name: Build and push Docker images
-      uses: docker/build-push-action@v3
+      uses: docker/build-push-action@v4
       with:
         context: .
         platforms: linux/amd64,linux/arm64
         push: true
         tags: ${{ steps.meta.outputs.tags }}
         labels: ${{ steps.meta.outputs.labels }}
+    - name: Extract metadata (tags, labels) for Docker
+      id: meta2
+      uses: docker/metadata-action@v4
+      with:
+        images: |
+          ghcr.io/cyclonedx/cdxgen-deno
+    - name: Build and push Docker images
+      uses: docker/build-push-action@v4
+      with:
+        context: .
+        file: Dockerfile-deno
+        platforms: linux/amd64
+        push: true
+        tags: ${{ steps.meta2.outputs.tags }}
+        labels: ${{ steps.meta2.outputs.labels }}
diff --git a/.github/workflows/python-atom-tests.yml b/.github/workflows/python-atom-tests.yml
@@ -62,43 +62,22 @@ jobs:
           path: 'repotests/bandersnatch'
       - name: repotests
         run: |
-          wget https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.24.2/cyclonedx-linux-x64
-          mv cyclonedx-linux-x64 cyclonedx
-          chmod +x cyclonedx
-          pip install -r contrib/requirements.txt
-          bin/cdxgen.js -p -r -t python repotests/scipy -o bomresults/bom-scipy.json
-          python contrib/bom-validate.py --json bomresults/bom-scipy.json
-          bin/cdxgen.js -p -r -t python repotests/black -o bomresults/bom-black.json
-          python contrib/bom-validate.py --json bomresults/bom-black.json
-          bin/cdxgen.js -p -r -t python repotests/pyperf -o bomresults/bom-pyperf.json
-          python contrib/bom-validate.py --json bomresults/bom-pyperf.json
-          bin/cdxgen.js -p -r -t python repotests/cachecontrol -o bomresults/bom-cachecontrol.json
-          python contrib/bom-validate.py --json bomresults/bom-cachecontrol.json
-          bin/cdxgen.js -p -r -t python repotests/flask -o bomresults/bom-flask.json
-          python contrib/bom-validate.py --json bomresults/bom-flask.json
-          bin/cdxgen.js -p -r -t python repotests/click -o bomresults/bom-click.json
-          python contrib/bom-validate.py --json bomresults/bom-click.json
-          bin/cdxgen.js -p -r -t python repotests/jinja -o bomresults/bom-jinja.json
-          python contrib/bom-validate.py --json bomresults/bom-jinja.json
-          bin/cdxgen.js -p -r -t python repotests/bandersnatch -o bomresults/bom-bandersnatch.json
-          python contrib/bom-validate.py --json bomresults/bom-bandersnatch.json
-
-          bin/cdxgen.js --no-install-deps -p -r -t python repotests/scipy -o bomresults/bom-scipy.json
-          python contrib/bom-validate.py --json bomresults/bom-scipy.json
-          bin/cdxgen.js --no-install-deps -p -r -t python repotests/black -o bomresults/bom-black.json
-          python contrib/bom-validate.py --json bomresults/bom-black.json
-          bin/cdxgen.js --no-install-deps -p -r -t python repotests/pyperf -o bomresults/bom-pyperf.json
-          python contrib/bom-validate.py --json bomresults/bom-pyperf.json
-          bin/cdxgen.js --no-install-deps -p -r -t python repotests/cachecontrol -o bomresults/bom-cachecontrol.json
-          python contrib/bom-validate.py --json bomresults/bom-cachecontrol.json
-          bin/cdxgen.js --no-install-deps -p -r -t python repotests/flask -o bomresults/bom-flask.json
-          python contrib/bom-validate.py --json bomresults/bom-flask.json
-          bin/cdxgen.js --no-install-deps -p -r -t python repotests/click -o bomresults/bom-click.json
-          python contrib/bom-validate.py --json bomresults/bom-click.json
-          bin/cdxgen.js --no-install-deps -p -r -t python repotests/jinja -o bomresults/bom-jinja.json
-          python contrib/bom-validate.py --json bomresults/bom-jinja.json
-          bin/cdxgen.js --no-install-deps -p -r -t python repotests/bandersnatch -o bomresults/bom-bandersnatch.json
-          python contrib/bom-validate.py --json bomresults/bom-bandersnatch.json
+          bin/cdxgen.js -p -r -t python repotests/scipy -o bomresults/bom-scipy.json --validate
+          bin/cdxgen.js -p -r -t python repotests/black -o bomresults/bom-black.json --validate
+          bin/cdxgen.js -p -r -t python repotests/pyperf -o bomresults/bom-pyperf.json --validate
+          bin/cdxgen.js -p -r -t python repotests/cachecontrol -o bomresults/bom-cachecontrol.json --validate
+          bin/cdxgen.js -p -r -t python repotests/flask -o bomresults/bom-flask.json --validate
+          bin/cdxgen.js -p -r -t python repotests/click -o bomresults/bom-click.json --validate
+          bin/cdxgen.js -p -r -t python repotests/jinja -o bomresults/bom-jinja.json --validate
+          bin/cdxgen.js -p -r -t python repotests/bandersnatch -o bomresults/bom-bandersnatch.json --validate
+          bin/cdxgen.js --no-install-deps -p -r -t python repotests/scipy -o bomresults/bom-scipy.json --validate
+          bin/cdxgen.js --no-install-deps -p -r -t python repotests/black -o bomresults/bom-black.json --validate
+          bin/cdxgen.js --no-install-deps -p -r -t python repotests/pyperf -o bomresults/bom-pyperf.json --validate
+          bin/cdxgen.js --no-install-deps -p -r -t python repotests/cachecontrol -o bomresults/bom-cachecontrol.json --validate
+          bin/cdxgen.js --no-install-deps -p -r -t python repotests/flask -o bomresults/bom-flask.json --validate
+          bin/cdxgen.js --no-install-deps -p -r -t python repotests/click -o bomresults/bom-click.json --validate
+          bin/cdxgen.js --no-install-deps -p -r -t python repotests/jinja -o bomresults/bom-jinja.json --validate
+          bin/cdxgen.js --no-install-deps -p -r -t python repotests/bandersnatch -o bomresults/bom-bandersnatch.json --validate
 
           # virtualenv tests
           python -m venv venv
@@ -108,8 +87,7 @@ jobs:
           pip install -r repotests/bandersnatch/requirements_swift.txt
           pip install -r repotests/bandersnatch/requirements_test.txt
           pip install -r repotests/bandersnatch/requirements_docs.txt
-          bin/cdxgen.js --no-install-deps -p -r -t python repotests/bandersnatch -o bomresults/bom-bandersnatch.json
-          python contrib/bom-validate.py --json bomresults/bom-bandersnatch.json
+          bin/cdxgen.js --no-install-deps -p -r -t python repotests/bandersnatch -o bomresults/bom-bandersnatch.json --validate
           rm -rf venv
         env:
           CDXGEN_DEBUG_MODE: debug
diff --git a/.github/workflows/repotests.yml b/.github/workflows/repotests.yml
@@ -39,7 +39,7 @@ jobs:
           npm run lint
           npm test
           mkdir -p repotests
-          mkdir -p bomresults
+          mkdir -p bomresults denoresults
         env:
           CI: true
       - uses: swift-actions/setup-swift@v1
@@ -101,68 +101,37 @@ jobs:
           path: 'repotests/microservices-demo'
       - name: repotests
         run: |
-          wget https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.24.2/cyclonedx-linux-x64
-          mv cyclonedx-linux-x64 cyclonedx
-          chmod +x cyclonedx
-          pip install -r contrib/requirements.txt
           bin/cdxgen.js -p -r -t java repotests/shiftleft-java-example -o bomresults/bom-java.json --generate-key-and-sign
-          # python contrib/bom-validate.py --json bomresults/bom-java.json
-
           SBOM_SIGN_ALGORITHM=RS512 SBOM_SIGN_PRIVATE_KEY=bomresults/private.key SBOM_SIGN_PUBLIC_KEY=bomresults/public.key bin/cdxgen.js -p -r -t github repotests/shiftleft-java-example -o bomresults/bom-github.json
-          # python contrib/bom-validate.py --json bomresults/bom-github.json
-
-          FETCH_LICENSE=true bin/cdxgen.js -p -r -t js repotests/shiftleft-ts-example -o bomresults/bom-ts.json
-          python contrib/bom-validate.py --json bomresults/bom-ts.json
-
-          FETCH_LICENSE=1 bin/cdxgen.js -p -r -t js repotests/shiftleft-ts-example --required-only -o bomresults/bom-ts.json
-          python contrib/bom-validate.py --json bomresults/bom-ts.json
-
-          FETCH_LICENSE=false bin/cdxgen.js -p -r -t go repotests/shiftleft-go-example -o bomresults/bom-go.json
-          python contrib/bom-validate.py --json bomresults/bom-go.json
-
-          FETCH_LICENSE=true bin/cdxgen.js -p -r -t csharp repotests/vulnerable_net_core -o bomresults/bom-csharp2.json
-          python contrib/bom-validate.py --json bomresults/bom-csharp2.json
-
-          FETCH_LICENSE=0 bin/cdxgen.js -p -r repotests/Goatly.NET -o bomresults/bom-csharp3.json
-          python contrib/bom-validate.py --json bomresults/bom-csharp3.json
-
-          FETCH_LICENSE=true bin/cdxgen.js -p -r -t python repotests/DjanGoat -o bomresults/bom-python.json
-          python contrib/bom-validate.py --json bomresults/bom-python.json
-
-          bin/cdxgen.js -p -r -t php repotests/Vulnerable-Web-Application -o bomresults/bom-php.json
-          python contrib/bom-validate.py --json bomresults/bom-php.json
-
-          bin/cdxgen.js -p -r -t ruby repotests/railsgoat -o bomresults/bom-ruby.json
-          python contrib/bom-validate.py --json bomresults/bom-ruby.json
-
-          bin/cdxgen.js -p -r -t java repotests/bazel-examples/java-maven -o bomresults/bom-bazel.json
-          python contrib/bom-validate.py --json bomresults/bom-bazel.json
-
-          bin/cdxgen.js -p -r -t dart repotests/gallery -o bomresults/bom-pub.json
-          python contrib/bom-validate.py --json bomresults/bom-pub.json
-
-          CDXGEN_DEBUG_MODE=debug bin/cdxgen.js -p -r -t clojure repotests/ziggurat -o bomresults/bom-clj.json
-          python contrib/bom-validate.py --json bomresults/bom-clj.json
-
-          CDXGEN_DEBUG_MODE=debug bin/cdxgen.js -r -t swift repotests/swift-markdown -o bomresults/bom-swift.json
-          python contrib/bom-validate.py --json bomresults/bom-swift.json
-
-          CDXGEN_DEBUG_MODE=debug bin/cdxgen.js -r repotests/microservices-demo -o bomresults/bom-msd.json
-          python contrib/bom-validate.py --json bomresults/bom-msd.json
-
-          CDXGEN_DEBUG_MODE=debug bin/cdxgen.js -r -t yaml-manifest repotests/microservices-demo -o bomresults/bom-yaml.json
-          python contrib/bom-validate.py --json bomresults/bom-yaml.json
-
+          FETCH_LICENSE=true bin/cdxgen.js -p -r -t js repotests/shiftleft-ts-example -o bomresults/bom-ts.json --validate
+          FETCH_LICENSE=1 bin/cdxgen.js -p -r -t js repotests/shiftleft-ts-example --required-only -o bomresults/bom-ts.json --validate
+          FETCH_LICENSE=false bin/cdxgen.js -p -r -t go repotests/shiftleft-go-example -o bomresults/bom-go.json --validate
+          FETCH_LICENSE=true bin/cdxgen.js -p -r -t csharp repotests/vulnerable_net_core -o bomresults/bom-csharp2.json --validate
+          FETCH_LICENSE=0 bin/cdxgen.js -p -r repotests/Goatly.NET -o bomresults/bom-csharp3.json --validate
+          FETCH_LICENSE=true bin/cdxgen.js -p -r -t python repotests/DjanGoat -o bomresults/bom-python.json --validate
+          bin/cdxgen.js -p -r -t php repotests/Vulnerable-Web-Application -o bomresults/bom-php.json --validate
+          bin/cdxgen.js -p -r -t ruby repotests/railsgoat -o bomresults/bom-ruby.json --validate
+          bin/cdxgen.js -p -r -t java repotests/bazel-examples/java-maven -o bomresults/bom-bazel.json --validate
+          bin/cdxgen.js -p -r -t dart repotests/gallery -o bomresults/bom-pub.json --validate
+          CDXGEN_DEBUG_MODE=debug bin/cdxgen.js -p -r -t clojure repotests/ziggurat -o bomresults/bom-clj.json --validate
+          CDXGEN_DEBUG_MODE=debug bin/cdxgen.js -r -t swift repotests/swift-markdown -o bomresults/bom-swift.json --validate
+          CDXGEN_DEBUG_MODE=debug bin/cdxgen.js -r repotests/microservices-demo -o bomresults/bom-msd.json --validate
+          CDXGEN_DEBUG_MODE=debug bin/cdxgen.js -r -t yaml-manifest repotests/microservices-demo -o bomresults/bom-yaml.json --validate
           mkdir -p jenkins
           wget https://updates.jenkins.io/download/plugins/sonar/2.14/sonar.hpi
           wget https://updates.jenkins.io/download/plugins/bouncycastle-api/2.26/bouncycastle-api.hpi
           wget https://updates.jenkins.io/download/plugins/jsch/0.1.55.61.va_e9ee26616e7/jsch.hpi
           wget https://updates.jenkins.io/download/plugins/momentjs/1.1.1/momentjs.hpi
-
           mv *.hpi jenkins
-          CDXGEN_DEBUG_MODE=debug bin/cdxgen.js -p -r -t jenkins jenkins -o bomresults/bom-jenkins.json
-          python contrib/bom-validate.py --json bomresults/bom-jenkins.json
+          CDXGEN_DEBUG_MODE=debug bin/cdxgen.js -p -r -t jenkins jenkins -o bomresults/bom-jenkins.json --validate
           ls -ltr bomresults
+      - name: denotests
+        # if: github.ref == 'refs/heads/master'
+        run: |
+          docker build -t ghcr.io/cyclonedx/cdxgen-deno -f Dockerfile-deno .
+          docker run --rm -t -e "CDXGEN_DEBUG_MODE=debug" -v $(pwd):/app ghcr.io/cyclonedx/cdxgen-deno -p -r -t java /app/repotests/shiftleft-java-example -o /app/denoresults/bom-java.json
+          docker run --rm -t -e "CDXGEN_DEBUG_MODE=debug" -v $(pwd):/app ghcr.io/cyclonedx/cdxgen-deno -p -r -t python /app/repotests/DjanGoat -o /app/denoresults/bom-python.json
+          ls -ltr denoresults
       - uses: actions/upload-artifact@v1
         with:
           name: bomresults

diff --git a/.gitignore b/.gitignore
@@ -113,3 +113,6 @@ test/obj
 ./cdxgen
 ./cdxgen.exe
 ./cdxgen.app
+.stacker/
+oci/
+roots/