Updated atom. Added messages to promote new maven and gradle features (…

…#1223) * Updated atom. Added messages to promote new maven and gradle features Signed-off-by: Prabhu Subramanian <[email protected]> * Improve container image to install pypi packages to a different target directory Signed-off-by: Prabhu Subramanian <[email protected]> * Use pip target Signed-off-by: Prabhu Subramanian <[email protected]> --------- Signed-off-by: Prabhu Subramanian <[email protected]>
CycloneDX · Jul 8, 2024 · 88ab2de · 88ab2de
1 parent 2fe092e
commit 88ab2de
Show file tree

Hide file tree

Showing 21 changed files with 143 additions and 103 deletions.
diff --git a/README.md b/README.md
@@ -149,7 +149,8 @@ Options:
   [choices: "appsec", "research", "operational", "threat-modeling", "license-compliance", "generic"] [default: "generic"
                                                                                                                        ]
       --exclude                Additional glob pattern(s) to ignore                                              [array]
-      --include-formulation    Generate formulation section using git metadata.               [boolean] [default: false]
+      --include-formulation    Generate formulation section with git metadata and build tools. Defaults to true. Invoke
+                               with --no-include-formulation to disable.                       [boolean] [default: true]
       --include-crypto         Include crypto libraries found under formulation.              [boolean] [default: false]
       --standard               The list of standards which may consist of regulations, industry or organizational-specif
                                ic standards, maturity models, best practices, or any other requirements which can be eva

diff --git a/bin/cdxgen.js b/bin/cdxgen.js
@@ -246,8 +246,9 @@ const args = yargs(hideBin(process.argv))
   })
   .option("include-formulation", {
     type: "boolean",
-    default: false,
-    description: "Generate formulation section using git metadata.",
+    default: true,
+    description:
+      "Generate formulation section with git metadata and build tools. Defaults to true. Invoke with --no-include-formulation to disable.",
   })
   .option("include-crypto", {
     type: "boolean",

diff --git a/ci/Dockerfile b/ci/Dockerfile
@@ -13,8 +13,8 @@ LABEL maintainer="cyclonedx" \
 
 ARG SWIFT_SIGNING_KEY=A62AE125BBBFBB96A6E042EC925CC1CCED3D1561
 ARG SWIFT_PLATFORM=ubi9
-ARG SWIFT_BRANCH=swift-5.8-release
-ARG SWIFT_VERSION=swift-5.8-RELEASE
+ARG SWIFT_BRANCH=swift-5.10.1-release
+ARG SWIFT_VERSION=swift-5.10.1-RELEASE
 ARG SWIFT_WEBROOT=https://download.swift.org
 ARG JAVA_VERSION=22.0.1-tem
 ARG SBT_VERSION=1.9.9
@@ -35,7 +35,7 @@ ENV GOPATH=/opt/app-root/go \
     GRADLE_HOME="/opt/gradle/${GRADLE_VERSION}" \
     SBT_HOME="/opt/sbt/${SBT_VERSION}" \
     PYTHON_VERSION=3.12 \
-    PYTHON_CMD=/usr/bin/python${PYTHON_VERSION} \
+    PYTHON_CMD=/usr/bin/python3.12 \
     PYTHONUNBUFFERED=1 \
     PYTHONIOENCODING="utf-8" \
     COMPOSER_ALLOW_SUPERUSER=1 \
@@ -51,8 +51,13 @@ ENV GOPATH=/opt/app-root/go \
     LANGUAGE=en_US.UTF-8 \
     NVM_DIR="/root/.nvm" \
     TMPDIR=/tmp \
-    NODE_COMPILE_CACHE="/opt/cdxgen-node-cache"
-ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:${JAVA_HOME}/bin:${MAVEN_HOME}/bin:${GRADLE_HOME}/bin:${SBT_HOME}/bin:${GOPATH}/bin:/usr/local/go/bin:/usr/local/bin/:/root/.local/bin:${ANDROID_HOME}/cmdline-tools/latest/bin:${ANDROID_HOME}/tools:${ANDROID_HOME}/tools/bin:${ANDROID_HOME}/platform-tools:/root/.cargo/bin:
+    NODE_COMPILE_CACHE="/opt/cdxgen-node-cache" \
+    PYTHONPATH=/opt/pypi \
+    CDXGEN_IN_CONTAINER=true \
+    npm_config_python=/usr/bin/python3.12
+ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:${JAVA_HOME}/bin:${MAVEN_HOME}/bin:${GRADLE_HOME}/bin:${SBT_HOME}/bin:${GOPATH}/bin:/usr/local/go/bin:/usr/local/bin/:/root/.local/bin:${ANDROID_HOME}/cmdline-tools/latest/bin:${ANDROID_HOME}/tools:${ANDROID_HOME}/tools/bin:${ANDROID_HOME}/platform-tools:/root/.cargo/bin:/opt/pypi/bin:
+
+COPY . /opt/cdxgen
 
 RUN set -e; \
     ARCH_NAME="$(rpm --eval '%{_arch}')"; \
@@ -71,11 +76,14 @@ RUN set -e; \
     && microdnf install -y php php-curl php-zip php-bcmath php-json php-pear php-mbstring php-devel make gcc git-core \
     python${PYTHON_VERSION} python${PYTHON_VERSION}-devel python${PYTHON_VERSION}-pip ruby ruby-devel glibc-common glibc-all-langpacks \
         pcre2 which tar gzip zip unzip bzip2 sudo ncurses sqlite-devel dotnet-sdk-8.0 \
-    && alternatives --install /usr/bin/python3 python /usr/bin/python${PYTHON_VERSION} 1 \
-    && alternatives --install /usr/bin/python3 python3 /usr/bin/python${PYTHON_VERSION} 1 \
-    && python${PYTHON_VERSION} --version \
-    && python${PYTHON_VERSION} -m pip install --no-cache-dir --upgrade pip virtualenv \
-    && python${PYTHON_VERSION} -m pip install --no-cache-dir --user pipenv poetry blint \
+    && alternatives --install /usr/bin/python3 python /usr/bin/python${PYTHON_VERSION} 10 \
+    && alternatives --install /usr/bin/python3 python3 /usr/bin/python${PYTHON_VERSION} 10 \
+    && /usr/bin/python${PYTHON_VERSION} --version \
+    && /usr/bin/python${PYTHON_VERSION} -m pip install --no-cache-dir --upgrade pip virtualenv \
+    && /usr/bin/python${PYTHON_VERSION} -m pip install --no-cache-dir --upgrade pipenv poetry blint --target /opt/pypi \
+    && /opt/pypi/bin/poetry --version \
+    && /opt/pypi/bin/pipenv --version \
+    && /opt/pypi/bin/blint --help \
     && curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \
     && cargo --version \
     && rustc --version \
@@ -135,14 +143,13 @@ RUN set -e; \
     && mv composer.phar /usr/local/bin/composer \
     && gem install bundler \
     && gem --version \
-    && bundler --version
-COPY . /opt/cdxgen
-RUN cd /opt/cdxgen && corepack enable && corepack pnpm install --prod \
+    && bundler --version \
+    && cd /opt/cdxgen && corepack enable && corepack pnpm install --prod \
     && mkdir -p /opt/cdxgen-node-cache \
     && chown -R cyclonedx:cyclonedx /opt/cdxgen /opt/cdxgen-node-cache \
     && chmod a-w -R /opt \
     && node /opt/cdxgen/bin/cdxgen.js --help \
-    && rm -rf /var/cache/yum \
+    && rm -rf /var/cache/yum /root/.cache/pypoetry \
     && microdnf clean all
 
 ENTRYPOINT ["node", "/opt/cdxgen/bin/cdxgen.js"]
diff --git a/ci/Dockerfile-bun b/ci/Dockerfile-bun
@@ -13,8 +13,8 @@ LABEL maintainer="cyclonedx" \
 
 ARG SWIFT_SIGNING_KEY=A62AE125BBBFBB96A6E042EC925CC1CCED3D1561
 ARG SWIFT_PLATFORM=ubi9
-ARG SWIFT_BRANCH=swift-5.8-release
-ARG SWIFT_VERSION=swift-5.8-RELEASE
+ARG SWIFT_BRANCH=swift-5.10.1-release
+ARG SWIFT_VERSION=swift-5.10.1-release
 ARG SWIFT_WEBROOT=https://download.swift.org
 ARG JAVA_VERSION=22.0.1-tem
 ARG SBT_VERSION=1.9.9
@@ -34,7 +34,7 @@ ENV GOPATH=/opt/app-root/go \
     GRADLE_HOME="/opt/gradle/${GRADLE_VERSION}" \
     SBT_HOME="/opt/sbt/${SBT_VERSION}" \
     PYTHON_VERSION=3.12 \
-    PYTHON_CMD=/usr/bin/python${PYTHON_VERSION} \
+    PYTHON_CMD=/usr/bin/python3.12 \
     PYTHONUNBUFFERED=1 \
     PYTHONIOENCODING="utf-8" \
     COMPOSER_ALLOW_SUPERUSER=1 \
@@ -43,8 +43,10 @@ ENV GOPATH=/opt/app-root/go \
     SWIFT_PLATFORM=$SWIFT_PLATFORM \
     SWIFT_BRANCH=$SWIFT_BRANCH \
     SWIFT_VERSION=$SWIFT_VERSION \
-    SWIFT_WEBROOT=$SWIFT_WEBROOT
-ENV PATH=${PATH}:${JAVA_HOME}/bin:${MAVEN_HOME}/bin:${GRADLE_HOME}/bin:${SBT_HOME}/bin:${GOPATH}/bin:/usr/local/go/bin:/usr/local/bin/:/root/.local/bin:${ANDROID_HOME}/cmdline-tools/latest/bin:${ANDROID_HOME}/tools:${ANDROID_HOME}/tools/bin:${ANDROID_HOME}/platform-tools:/root/.bun/bin:/root/.cargo/bin:
+    SWIFT_WEBROOT=$SWIFT_WEBROOT \
+    CDXGEN_IN_CONTAINER=true \
+    PYTHONPATH=/opt/pypi
+ENV PATH=${PATH}:${JAVA_HOME}/bin:${MAVEN_HOME}/bin:${GRADLE_HOME}/bin:${SBT_HOME}/bin:${GOPATH}/bin:/usr/local/go/bin:/usr/local/bin/:/root/.local/bin:${ANDROID_HOME}/cmdline-tools/latest/bin:${ANDROID_HOME}/tools:${ANDROID_HOME}/tools/bin:${ANDROID_HOME}/platform-tools:/root/.bun/bin:/root/.cargo/bin:/opt/pypi/bin:
 
 RUN set -e; \
     ARCH_NAME="$(rpm --eval '%{_arch}')"; \
@@ -63,10 +65,11 @@ RUN set -e; \
     && microdnf install -y php php-curl php-zip php-bcmath php-json php-pear php-mbstring php-devel make gcc git-core \
         python${PYTHON_VERSION} python${PYTHON_VERSION}-devel python${PYTHON_VERSION}-pip ruby ruby-devel \
         pcre2 which tar gzip zip unzip bzip2 sudo ncurses sqlite-devel dotnet-sdk-8.0 \
-    && alternatives --install /usr/bin/python3 python /usr/bin/python${PYTHON_VERSION} 1 \
+    && alternatives --install /usr/bin/python3 python /usr/bin/python${PYTHON_VERSION} 10 \
+    && alternatives --install /usr/bin/python3 python3 /usr/bin/python${PYTHON_VERSION} 10 \
     && python${PYTHON_VERSION} --version \
     && python${PYTHON_VERSION} -m pip install --no-cache-dir --upgrade pip virtualenv \
-    && python${PYTHON_VERSION} -m pip install --no-cache-dir --user pipenv poetry blint \
+    && python${PYTHON_VERSION} -m pip install --no-cache-dir --upgrade pipenv poetry blint --target /opt/pypi \
     && curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \
     && cargo --version \
     && rustc --version \

diff --git a/ci/Dockerfile-deno b/ci/Dockerfile-deno
@@ -13,8 +13,8 @@ LABEL maintainer="cyclonedx" \
 
 ARG SWIFT_SIGNING_KEY=A62AE125BBBFBB96A6E042EC925CC1CCED3D1561
 ARG SWIFT_PLATFORM=ubi9
-ARG SWIFT_BRANCH=swift-5.8-release
-ARG SWIFT_VERSION=swift-5.8-RELEASE
+ARG SWIFT_BRANCH=swift-5.10.1-release
+ARG SWIFT_VERSION=swift-5.10.1-release
 ARG SWIFT_WEBROOT=https://download.swift.org
 ARG JAVA_VERSION=22.0.1-tem
 ARG SBT_VERSION=1.9.9
@@ -34,7 +34,7 @@ ENV GOPATH=/opt/app-root/go \
     GRADLE_HOME="/opt/gradle/${GRADLE_VERSION}" \
     SBT_HOME="/opt/sbt/${SBT_VERSION}" \
     PYTHON_VERSION=3.12 \
-    PYTHON_CMD=/usr/bin/python${PYTHON_VERSION} \
+    PYTHON_CMD=/usr/bin/python3.12 \
     PYTHONUNBUFFERED=1 \
     PYTHONIOENCODING="utf-8" \
     COMPOSER_ALLOW_SUPERUSER=1 \
@@ -45,8 +45,10 @@ ENV GOPATH=/opt/app-root/go \
     SWIFT_PLATFORM=$SWIFT_PLATFORM \
     SWIFT_BRANCH=$SWIFT_BRANCH \
     SWIFT_VERSION=$SWIFT_VERSION \
-    SWIFT_WEBROOT=$SWIFT_WEBROOT
-ENV PATH=${PATH}:${JAVA_HOME}/bin:${MAVEN_HOME}/bin:${GRADLE_HOME}/bin:${SBT_HOME}/bin:${GOPATH}/bin:/usr/local/go/bin:/usr/local/bin/:/root/.local/bin:${ANDROID_HOME}/cmdline-tools/latest/bin:${ANDROID_HOME}/tools:${ANDROID_HOME}/tools/bin:${ANDROID_HOME}/platform-tools:/root/.deno/bin/:/root/.cargo/bin:
+    SWIFT_WEBROOT=$SWIFT_WEBROOT \
+    CDXGEN_IN_CONTAINER=true \
+    PYTHONPATH=/opt/pypi
+ENV PATH=${PATH}:${JAVA_HOME}/bin:${MAVEN_HOME}/bin:${GRADLE_HOME}/bin:${SBT_HOME}/bin:${GOPATH}/bin:/usr/local/go/bin:/usr/local/bin/:/root/.local/bin:${ANDROID_HOME}/cmdline-tools/latest/bin:${ANDROID_HOME}/tools:${ANDROID_HOME}/tools/bin:${ANDROID_HOME}/platform-tools:/root/.deno/bin/:/root/.cargo/bin:/opt/pypi/bin:
 
 RUN set -e; \
     ARCH_NAME="$(rpm --eval '%{_arch}')"; \
@@ -65,11 +67,11 @@ RUN set -e; \
     && microdnf install -y php php-curl php-zip php-bcmath php-json php-pear php-mbstring php-devel make gcc git-core \
         python${PYTHON_VERSION} python${PYTHON_VERSION}-devel python${PYTHON_VERSION}-pip ruby ruby-devel \
         pcre2 which tar gzip zip unzip bzip2 sudo ncurses sqlite-devel dotnet-sdk-8.0 \
-    && alternatives --install /usr/bin/python3 python /usr/bin/python${PYTHON_VERSION} 1 \
-    && alternatives --install /usr/bin/python3 python3 /usr/bin/python${PYTHON_VERSION} 1 \
+    && alternatives --install /usr/bin/python3 python /usr/bin/python${PYTHON_VERSION} 10 \
+    && alternatives --install /usr/bin/python3 python3 /usr/bin/python${PYTHON_VERSION} 10 \
     && python${PYTHON_VERSION} --version \
     && python${PYTHON_VERSION} -m pip install --no-cache-dir --upgrade pip virtualenv \
-    && python${PYTHON_VERSION} -m pip install --no-cache-dir --user pipenv poetry blint \
+    && python${PYTHON_VERSION} -m pip install --no-cache-dir --upgrade pipenv poetry blint --target /opt/pypi \
     && curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \
     && cargo --version \
     && rustc --version \

diff --git a/ci/Dockerfile-ppc64 b/ci/Dockerfile-ppc64
@@ -26,12 +26,14 @@ ENV GOPATH=/opt/app-root/go \
     GRADLE_HOME="/opt/gradle/${GRADLE_VERSION}" \
     SBT_HOME="/opt/sbt/${SBT_VERSION}" \
     PYTHON_VERSION=3.12 \
-    PYTHON_CMD=/usr/bin/python${PYTHON_VERSION} \
+    PYTHON_CMD=/usr/bin/python3.12 \
     PYTHONUNBUFFERED=1 \
     PYTHONIOENCODING="utf-8" \
     COMPOSER_ALLOW_SUPERUSER=1 \
-    ANDROID_HOME=/opt/android-sdk-linux
-ENV PATH=${PATH}:${JAVA_HOME}/bin:${MAVEN_HOME}/bin:${GRADLE_HOME}/bin:${SBT_HOME}/bin:${GOPATH}/bin:/usr/local/go/bin:/usr/local/bin/:/root/.local/bin:${ANDROID_HOME}/cmdline-tools/latest/bin:${ANDROID_HOME}/tools:${ANDROID_HOME}/tools/bin:${ANDROID_HOME}/platform-tools:/${HOME}/.cargo/bin:
+    ANDROID_HOME=/opt/android-sdk-linux \
+    CDXGEN_IN_CONTAINER=true \
+    PYTHONPATH=/opt/pypi
+ENV PATH=${PATH}:${JAVA_HOME}/bin:${MAVEN_HOME}/bin:${GRADLE_HOME}/bin:${SBT_HOME}/bin:${GOPATH}/bin:/usr/local/go/bin:/usr/local/bin/:/root/.local/bin:${ANDROID_HOME}/cmdline-tools/latest/bin:${ANDROID_HOME}/tools:${ANDROID_HOME}/tools/bin:${ANDROID_HOME}/platform-tools:/${HOME}/.cargo/bin:/opt/pypi/bin:
 
 RUN set -e; \
     ARCH_NAME="$(rpm --eval '%{_arch}')"; \
@@ -55,14 +57,15 @@ RUN set -e; \
     && microdnf install -y php php-curl php-zip php-bcmath php-json php-pear php-mbstring php-devel make gcc git-core \
         python${PYTHON_VERSION} python${PYTHON_VERSION}-devel python${PYTHON_VERSION}-pip ruby ruby-devel java-21-openjdk-headless \
         pcre2 which tar gzip zip unzip bzip2 sudo nodejs ncurses sqlite-devel \
-    && alternatives --install /usr/bin/python3 python /usr/bin/python${PYTHON_VERSION} 1 \
+    && alternatives --install /usr/bin/python3 python /usr/bin/python${PYTHON_VERSION} 10 \
+    && alternatives --install /usr/bin/python3 python3 /usr/bin/python${PYTHON_VERSION} 10 \
     && python${PYTHON_VERSION} --version \
     && curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \
     && source "$HOME/.cargo/env" \
     && cargo --version \
     && rustc --version \
     && python${PYTHON_VERSION} -m pip install --no-cache-dir --upgrade pip virtualenv \
-    && python${PYTHON_VERSION} -m pip install --no-cache-dir --user pipenv poetry \
+    && python${PYTHON_VERSION} -m pip install --no-cache-dir --upgrade pipenv poetry --target /opt/pypi \
     && curl -s "https://get.sdkman.io" | bash \
     && source "$HOME/.sdkman/bin/sdkman-init.sh" \
     && echo -e "sdkman_auto_answer=true\nsdkman_selfupdate_feature=false\nsdkman_auto_env=true" >> $HOME/.sdkman/etc/config \

diff --git a/deno.json b/deno.json
@@ -42,7 +42,7 @@
     "gen-types": "npx -p typescript tsc"
   },
   "imports": {
-    "@appthreat/atom": "npm:@appthreat/[email protected].15",
+    "@appthreat/atom": "npm:@appthreat/[email protected].16",
     "@appthreat/cdx-proto": "npm:@appthreat/[email protected]",
     "@babel/parser": "npm:@babel/parser@^7.24.7",
     "@babel/traverse": "npm:@babel/traverse@^7.24.7",
@@ -52,7 +52,7 @@
     "cheerio": "npm:cheerio@^1.0.0-rc.12",
     "edn-data": "npm:[email protected]",
     "find-up": "npm:[email protected]",
-    "glob": "npm:glob@^10.4.2",
+    "glob": "npm:glob@^10.4.3",
     "global-agent": "npm:global-agent@^3.0.0",
     "got": "npm:[email protected]",
     "iconv-lite": "npm:iconv-lite@^0.6.3",

diff --git a/display.js b/display.js
@@ -430,7 +430,10 @@ export const printSummary = (bomJson) => {
   if (!bomPkgTypes.length && !bomPkgNamespaces.length) {
     return;
   }
-  const message = `** Package Types (${bomPkgTypes.length}) **\n${bomPkgTypes.join("\n")}\n\n** Namespaces (${bomPkgNamespaces.length}) **\n${bomPkgNamespaces.join("\n")}`;
+  let message = `** Package Types (${bomPkgTypes.length}) **\n${bomPkgTypes.join("\n")}`;
+  if (bomPkgNamespaces.length) {
+    message = `${message}\n\n** Namespaces (${bomPkgNamespaces.length}) **\n${bomPkgNamespaces.join("\n")}`;
+  }
   const data = [[message]];
   console.log(table(data, config));
 };
diff --git a/docs/CLI.md b/docs/CLI.md
@@ -113,7 +113,8 @@ Options:
   [choices: "appsec", "research", "operational", "threat-modeling", "license-compliance", "generic"] [default: "generic"
                                                                                                                        ]
       --exclude                Additional glob pattern(s) to ignore                                              [array]
-      --include-formulation    Generate formulation section using git metadata.               [boolean] [default: false]
+      --include-formulation    Generate formulation section with git metadata and build tools. Defaults to true. Invoke
+                               with --no-include-formulation to disable.                       [boolean] [default: true]
       --include-crypto         Include crypto libraries found under formulation.              [boolean] [default: false]
       --standard               The list of standards which may consist of regulations, industry or organizational-specif
                                ic standards, maturity models, best practices, or any other requirements which can be eva