diff --git a/.github/workflows/dockertests.yml b/.github/workflows/dockertests.yml index 6a2b8c69b..cdbe57fc3 100644 --- a/.github/workflows/dockertests.yml +++ b/.github/workflows/dockertests.yml @@ -54,11 +54,11 @@ jobs: docker rmi ubuntu:latest bin/cdxgen.js almalinux:9.4-minimal -t docker -o bomresults/bom-almalinux.json docker rmi almalinux:9.4-minimal - bin/cdxgen.js centos:latest -t docker -o bomresults/bom-centos.json + bin/cdxgen.js centos:latest -t oci -o bomresults/bom-centos.json docker rmi centos:latest bin/cdxgen.js phpmyadmin@sha256:1092481630056189e43cc0fe66fd01defcc9334d78ab4611b22f65e9a39869bd -o bomresults/bom-phpmyadmin.json --validate docker rmi phpmyadmin@sha256:1092481630056189e43cc0fe66fd01defcc9334d78ab4611b22f65e9a39869bd - bin/cdxgen.js shiftleft/scan-slim -o bomresults/bom-scanslim.json -t docker --validate + bin/cdxgen.js shiftleft/scan-slim -o bomresults/bom-scanslim.json -t container --validate docker rmi shiftleft/scan-slim bin/cdxgen.js redmine@sha256:a5c5f8a64a0d9a436a0a6941bc3fb156be0c89996add834fe33b66ebeed2439e -o bomresults/bom-redmine.json --validate docker rmi redmine@sha256:a5c5f8a64a0d9a436a0a6941bc3fb156be0c89996add834fe33b66ebeed2439e diff --git a/.github/workflows/repotests.yml b/.github/workflows/repotests.yml index 01a585903..67081ca29 100644 --- a/.github/workflows/repotests.yml +++ b/.github/workflows/repotests.yml @@ -323,7 +323,7 @@ jobs: run: | bin/cdxgen.js -p --no-recurse repotests/microservices-demo -o bomresults/bom-msd-1.json --validate bin/cdxgen.js -p -r repotests/microservices-demo -o bomresults/bom-msd-2.json --validate - bin/cdxgen.js -p -r -t yaml-manifest repotests/microservices-demo -o bomresults/bom-yaml.json --validate + bin/cdxgen.js -p -r -t universal repotests/microservices-demo -o bomresults/bom-yaml.json shell: bash - name: repotests openpbs run: | diff --git a/deno.json b/deno.json index 312c80406..a3ce9c08f 100644 --- a/deno.json +++ b/deno.json @@ -1,6 +1,6 @@ { "name": "@cyclonedx/cdxgen", - "version": "10.8.0", + "version": "10.8.1", "exports": "./index.js", "compilerOptions": { "allowJs": true, diff --git a/docker.js b/docker.js index cc10da961..5aea9af80 100644 --- a/docker.js +++ b/docker.js @@ -17,7 +17,7 @@ import { homedir, tmpdir, } from "node:os"; -import { basename, join } from "node:path"; +import { basename, join, resolve } from "node:path"; import process from "node:process"; import stream from "node:stream/promises"; import { parse } from "node:url"; @@ -1003,6 +1003,14 @@ export const extractFromManifest = async ( * Returns the location of the layers with additional packages related metadata */ export const exportImage = async (fullImageName) => { + // Safely ignore local directories + if ( + !fullImageName || + fullImageName === "." || + existsSync(resolve(fullImageName)) + ) { + return undefined; + } // Try to get the data locally first const localData = await getImage(fullImageName); if (!localData) { diff --git a/index.js b/index.js index 0ed53ed62..1b3aa4211 100644 --- a/index.js +++ b/index.js @@ -6161,14 +6161,17 @@ export async function createBom(path, options) { path.includes(":latest") ) { exportData = await exportImage(path); - if (!exportData) { - console.log( - "BOM generation has failed due to problems with exporting the image", - ); - options.failOnError && process.exit(1); - return {}; + if (exportData) { + isContainerMode = true; + } else { + if (DEBUG_MODE) { + console.log( + path, + "doesn't appear to be a valid container image. Looking for application pacakges.", + ); + } + return await createMultiXBom([path], options); } - isContainerMode = true; } else if (projectType === "oci-dir") { isContainerMode = true; exportData = { diff --git a/jsr.json b/jsr.json index 2a999fa35..59d9e0502 100644 --- a/jsr.json +++ b/jsr.json @@ -1,6 +1,6 @@ { "name": "@cyclonedx/cdxgen", - "version": "10.8.0", + "version": "10.8.1", "exports": "./index.js", "include": ["*.js", "bin/**", "data/**", "types/**"], "exclude": ["test/", "docs/", "contrib/", "ci/", "tools_config/"] diff --git a/package.json b/package.json index 36db4704c..d69f14904 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@cyclonedx/cdxgen", - "version": "10.8.0", + "version": "10.8.1", "description": "Creates CycloneDX Software Bill of Materials (SBOM) from source or container image", "homepage": "http://github.com/cyclonedx/cdxgen", "author": "Prabhu Subramanian ", diff --git a/types/docker.d.ts.map b/types/docker.d.ts.map index cb1cef99e..12dcf02c3 100644 --- a/types/docker.d.ts.map +++ b/types/docker.d.ts.map @@ -1 +1 @@ -{"version":3,"file":"docker.d.ts","sourceRoot":"","sources":["../docker.js"],"names":[],"mappings":"AAoDA;;GAEG;AACH,4CA6CC;AAxED,4BAA6C;AAC7C,8CAA+C;AAkFxC,iCAHI,MAAM,WACN,MAAM,iDAehB;AAqBM,6DAmBN;AAgLM,4EAwGN;AAEM,oFAwBN;AAUM;;;;;;;;EAwEN;AAsBM,2DA8KN;AAEM,2EAsFN;AAMM;;;;;;;;;;;;;GAqDN;AAEM;;;;;;;GAqGN;AAMM,8DAyHN;AAKM,4EAmGN;AAEM,+EAMN;AAEM,4EAyCN;AAEM,iFA0BN"} \ No newline at end of file +{"version":3,"file":"docker.d.ts","sourceRoot":"","sources":["../docker.js"],"names":[],"mappings":"AAoDA;;GAEG;AACH,4CA6CC;AAxED,4BAA6C;AAC7C,8CAA+C;AAkFxC,iCAHI,MAAM,WACN,MAAM,iDAehB;AAqBM,6DAmBN;AAgLM,4EAwGN;AAEM,oFAwBN;AAUM;;;;;;;;EAwEN;AAsBM,2DA8KN;AAEM,2EAsFN;AAMM;;;;;;;;;;;;;GAqDN;AAEM;;;;;;;GAqGN;AAMM,8DAiIN;AAKM,4EAmGN;AAEM,+EAMN;AAEM,4EAyCN;AAEM,iFA0BN"} \ No newline at end of file diff --git a/types/index.d.ts.map b/types/index.d.ts.map index 0f97a024e..f500ee988 100644 --- a/types/index.d.ts.map +++ b/types/index.d.ts.map @@ -1 +1 @@ -{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.js"],"names":[],"mappings":"AAovBA;;;;;;;;GAQG;AACH,gFAFW,MAAM,SAchB;AAyUD;;;;;;;GAOG;AACH,mCALW,MAAM,qBAiEhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;EAKhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM;;;;EAkBhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAs+BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA2chB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA4WhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BAkUhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAqIhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAiDhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBA+KhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBAsHhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,qBAuBhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BAqDhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,8BA4ChB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,8BAwFhB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,qBAgUhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBAwJhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAmFhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BAyWhB;AAED;;;;;GAKG;AACH,2CAHW,MAAM;;;;;;;;;;;;;;;;;;;;GAoChB;AAED;;;;;;;;KA+DC;AAED;;;;;;GAMG;AACH,yDA2CC;AAED;;;;;;;;;GASG;AACH,2GA6BC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,8BAubhB;AAED;;;;;GAKG;AACH,iCAHW,MAAM,8BAkUhB;AAED;;;;;GAKG;AACH,gCAHW,MAAM,qBAkOhB;AAED;;;;;;GAMG;AACH,wDAFY,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,GAAG,SAAS,CAAC,CA2FxE"} \ No newline at end of file +{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.js"],"names":[],"mappings":"AAovBA;;;;;;;;GAQG;AACH,gFAFW,MAAM,SAchB;AAyUD;;;;;;;GAOG;AACH,mCALW,MAAM,qBAiEhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;EAKhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM;;;;EAkBhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAs+BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA2chB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA4WhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BAkUhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAqIhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAiDhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBA+KhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBAsHhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,qBAuBhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BAqDhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,8BA4ChB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,8BAwFhB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,qBAgUhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBAwJhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAmFhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BAyWhB;AAED;;;;;GAKG;AACH,2CAHW,MAAM;;;;;;;;;;;;;;;;;;;;GAoChB;AAED;;;;;;;;KA+DC;AAED;;;;;;GAMG;AACH,yDA2CC;AAED;;;;;;;;;GASG;AACH,2GA6BC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,8BAubhB;AAED;;;;;GAKG;AACH,iCAHW,MAAM,8BAkUhB;AAED;;;;;GAKG;AACH,gCAHW,MAAM,qBAqOhB;AAED;;;;;;GAMG;AACH,wDAFY,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,GAAG,SAAS,CAAC,CA2FxE"} \ No newline at end of file