Merge Release v5.1.0 -SBOM Conan

.github/workflows/compile.yml

@@ -94,7 +94,7 @@ jobs:
         $sourceFolder = Join-Path $env:GITHUB_WORKSPACE "out" | Join-Path -ChildPath "*"
         $outFolder = Join-Path $env:GITHUB_WORKSPACE "out" | Join-Path -ChildPath "continuous-clearing" 
         New-Item -ItemType Directory -Force -Path $outFolder
-        $fileName = "continuous-clearing-5.0.0.zip"
+        $fileName = "continuous-clearing-5.1.0.zip"
         Write-Host "Filename: '$fileName'"
         Write-Host "sourceFolder: '$sourceFolder'"
         Write-Host "Outfolder: '$outFolder'"
@@ -138,8 +138,8 @@ jobs:
     - name: Create Nuget Packages 
       id: createNupkg
       run: |
-        nuget pack CA.nuspec -Version 5.0.0
-        Write-Host "::set-output name=nupkg-LicenseClearingTool::continuous-clearing.5.0.0.nupkg"
+        nuget pack CA.nuspec -Version 5.1.0
+        Write-Host "::set-output name=nupkg-LicenseClearingTool::continuous-clearing.5.1.0.nupkg"
 
     - name: Archive NuGet Packages
       uses: actions/upload-artifact@v2
@@ -152,9 +152,9 @@ jobs:
       id: builddocker
       #if: ${{ false }}  # disable for now
       run: |
-        docker build . --file Dockerfile --tag ${{ github.repository }}:continuous-clearing-v5.0.0
-        docker save ${{ github.repository }}:continuous-clearing-v5.0.0 -o continuous-clearing-v5.0.0.tar
-        Write-Host "::set-output name=docker-LicenseClearingTool::continuous-clearing-v5.0.0.tar"
+        docker build . --file Dockerfile --tag ${{ github.repository }}:continuous-clearing-v5.1.0
+        docker save ${{ github.repository }}:continuous-clearing-v5.1.0 -o continuous-clearing-v5.1.0.tar
+        Write-Host "::set-output name=docker-LicenseClearingTool::continuous-clearing-v5.1.0.tar"
 
     - name: Archive docker image      
       #if: ${{ false }}  # disable for now
@@ -195,9 +195,9 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 
         with:
-          tag_name: v5.0.0
+          tag_name: v5.1.0
           #tag_name: ${{ needs.build.outputs.semver }}
-          release_name: Release v5.0.0
+          release_name: Release v5.1.0
           body: |
             ${{ github.event.head_commit.message }}
           draft: true

CA.nuspec

@@ -4,7 +4,7 @@
 <package >
   <metadata>
     <id>continuous-clearing</id>
-    <version>5.0.0</version>
+    <version>5.1.0</version>
     <authors>Siemens AG</authors>
     <owners>continuous-clearing contributors</owners>
     <projectUrl>https://github.com/siemens/continuous-clearing</projectUrl>
@@ -13,7 +13,7 @@
     <requireLicenseAcceptance>false</requireLicenseAcceptance>
     <description>
       The License clearing tool helps the Project Manager/Developer, to reduce the manual effort and enable the faster license clearing process,
-      by automatically identifying the third party oss components used in their project(i.e., npm, nuget, maven,python and Debian type) and it creates them in the sw360 and fossology
+      by automatically identifying the third party oss components used in their project(i.e., npm, nuget, maven, python, conan and Debian type) and it creates them in the sw360 and fossology
       for clearing license
     </description>
     <releaseNotes></releaseNotes>

ReadmeOSS_continuous-clearing_DockerImage.html

@@ -77,7 +77,7 @@
     </title>
 </head>
 <body>
-    <h1>Clearing Automation Docker Image V5.0.0</h1>
+    <h1>Clearing Automation Docker Image V5.1.0</h1>
     <h2>Open Source Software</h2>
     English / English
 <br>

ReadmeOSS_continuous-clearing_nupkg.html

@@ -77,7 +77,7 @@
     </title>
 </head>
 <body>
-    <h1>continuous-clearing V5.0.0</h1>
+    <h1>continuous-clearing V5.1.0</h1>
     <h2>Open Source Software</h2>
     English / English
 <br>

doc/UsageDoc/CA_UsageDocument.md

@@ -46,20 +46,21 @@
 <!--te-->
 # Introduction
 
-The Continuous Clearing Tool helps the Project Manager/Developer to automate the sw360 clearing process of 3rd party components. This tool scans and identifies the third-party components used in a NPM, NUGET, MAVEN,PYTHON and Debian  projects and makes an entry in SW360, if it is not present. Continuous Clearing Tool links the components to the respective project and creates job for code scan in FOSSology.The output is an SBOM file which has a nested description of software artifact components and metadata.
+The Continuous Clearing Tool helps the Project Manager/Developer to automate the sw360 clearing process of 3rd party components. This tool scans and identifies the third-party components used in a NPM, NUGET, MAVEN, PYTHON, CONAN and Debian  projects and makes an entry in SW360, if it is not present. Continuous Clearing Tool links the components to the respective project and creates job for code scan in FOSSology.The output is an SBOM file which has a nested description of software artifact components and metadata.
 
 Continuous Clearing Tool reduces the effort in creating components in SW360 and identifying the matching source codes from the public repository. Tool eliminates the manual error while creating component and identifying correct version of source code from public repository. Continuous Clearing Tool harmonize the creation of 3P components in SW360 by filling necessary information.
 
 # Continuous Clearing Tool workflow diagram
 
 - Package Identifier
-   - [NPM/NUGET/MAVEN/PYTHON](../usagedocimg/packageIdentifiernpmnuget.PNG)
+
+   - [NPM/NUGET/MAVEN/PYTHON/CONAN](../usagedocimg/packageIdentifiernpmnuget.PNG)
    - [Debian](../usagedocimg/packageIdentifierdebian.PNG)
 - SW360 Package Creator
-  - [NPM/NUGET/MAVEN/PYTHON](../usagedocimg/packageCreatirnpmnuget.PNG)
+  - [NPM/NUGET/MAVEN/PYTHON/CONAN](../usagedocimg/packageCreatirnpmnuget.PNG)
   - [Debian](../usagedocimg/packagecreatordebian.PNG)
 - Artifactory Uploader
-  - [NPM/NUGET/MAVEN/PYTHON](../usagedocimg/artifactoryuploader.PNG)
+  - [NPM/NUGET/MAVEN/PYTHON/CONAN](../usagedocimg/artifactoryuploader.PNG)
 
 # Prerequisite
 
@@ -158,11 +159,18 @@ Continuous Clearing Tool reduces the effort in creating components in SW360 and
 
                  mvn clean install -DskipTests=true 
 
-       - **Project Type :** **Python** 
+      - **Project Type :** **Python** 
 
           * Input file repository should contain **poetry.lock** file. 
-
-     - **Project Type :**  **Debian** 
+
+
+	  - **Project Type :** **Conan** 
+
+          * Input file repository should contain **conan.lock** file. 
+
+		  `Note : Conan package support in clearing tool is currently only for SBOM discovery and classification.Component Creation and Source code identification is not supported currently`
+
+      - **Project Type :**  **Debian** 
 
    	      **Note** : below steps is required only if you have `tar` file to process , otherwise you can keep `CycloneDx.json` file in the InputDirectory.
           *  Create `InputImage` directory for keeping `tar` images and `InputDirectory` for resulted file storing .
@@ -260,11 +268,21 @@ Continuous Clearing Tool reduces the effort in creating components in SW360 and
     "Include": [ "poetry.lock", "*.cdx.json" ],
     "Exclude": [],
     "JfrogPythonRepoList": [
-      <Python Remote Cache Repo Name>, //This is a mirror repo for pypi in JFrog
-      "<Python Release Repo Name>" //This should be the release pypi in JFrog
+      "<Python Remote Cache Repo Name>",
+      "<Python Release Repo Name>",//This should be the release repo in JFrog
+    ],
+    "ExcludedComponents": []
+  },
+  "Conan": {
+    "Include": [ "conan.lock"],
+    "Exclude": [],
+	"JfrogConanRepoList": [
+      "<Conan Remote Cache Repo Name>",
+      "<Conan Release Repo Name>",
     ],
     "ExcludedComponents": []
   }
+
 }
 ```
 

src/LCT.APICommunications/ApiConstant.cs

@@ -29,6 +29,7 @@ public static class ApiConstant
         public const string ComponentNameUrl = "?name=";
         public const string NPMExternalID = "pkg:npm/";
         public const string NugetExternalID = "pkg:nuget/";
+        public const string ConanExternalID = "pkg:conan/";
         public const string NpmExtension = ".tgz";
         public const string NugetExtension = ".nupkg";
         public const string MavenExtension = "-sources.jar";

src/LCT.Common/CommonAppSettings.cs

@@ -65,6 +65,7 @@ public CommonAppSettings(IFolderAction iFolderAction)
         public Config Maven { get; set; }
         public Config Debian { get; set; }
         public Config Python { get; set; }
+        public Config Conan { get; set; }
         public string CaVersion { get; set; }
         public string CycloneDxSBomTemplatePath { get; set; }
         public string[] InternalRepoList { get; set; }

src/LCT.Common/CommonHelper.cs

@@ -5,6 +5,7 @@
 // -------------------------------------------------------------------------------------------------------------------- 
 
 using CycloneDX.Models;
+using LCT.Common.Constants;
 using LCT.Common.Model;
 using log4net;
 using log4net.Core;
@@ -228,5 +229,18 @@ public static bool ComponentPropertyCheck(Component component, string constant)
             }
             return component.Properties.Exists(x => x.Name == constant);
         }
+
+        public static void GetDetailsforManuallyAdded(List<Component> componentsForBOM, List<Component> listComponentForBOM)
+        {
+            foreach (var component in componentsForBOM)
+            {
+                component.Properties = new List<Property>();
+                Property isDev = new() { Name = Dataconstant.Cdx_IsDevelopment, Value = "false" };
+                Property identifierType = new() { Name = Dataconstant.Cdx_IdentifierType, Value = Dataconstant.ManullayAdded };
+                component.Properties.Add(isDev);
+                component.Properties.Add(identifierType);
+                listComponentForBOM.Add(component);
+            }
+        }
     }
 }

src/LCT.Common/Constants/Dataconstant.cs

@@ -22,6 +22,7 @@ public static class Dataconstant
         {"DEBIAN", "pkg:deb/debian"},
         {"MAVEN", "pkg:maven"},
         {"PYTHON", "pkg:pypi"},
+        {"CONAN", "pkg:conan"},
          };
 
         //Identified types

src/LCT.Common/CycloneDXBomParser.cs

@@ -72,8 +72,8 @@ public static Bom ExtractSBOMDetailsFromTemplate(Bom template)
             }
 
             //Taking SBOM Template Metadata
-            bom.Metadata = template?.Metadata;
-            bom.Dependencies = template?.Dependencies;
+            bom.Metadata = template.Metadata;
+            bom.Dependencies = template.Dependencies;
             return bom;
         }
 

src/LCT.Common/Model/Config.cs

@@ -22,6 +22,7 @@ public class Config
         public string[] JfrogNugetRepoList { get; set; }
         public string[] JfrogMavenRepoList { get; set; }
         public string[] JfrogPythonRepoList { get; set; }
+        public string[] JfrogConanRepoList { get; set; }
         public string[] DevDependentScopeList { get; set; }
 
     }

src/LCT.Common/appSettings.json

@@ -75,5 +75,14 @@
       "<Python Release Repo Name>" //This should be the release pypi in JFrog
     ],
     "ExcludedComponents": []
+  },
+  "Conan": {
+    "Include": [ "conan.lock" ],
+    "Exclude": [],
+    "JfrogConanRepoList": [
+      "<Conan Remote Cache Repo Name>", //This is a mirror repo for conan in JFrog
+      "<Conan Release Repo Name>" //This should be the release repo in JFrog
+    ],
+    "ExcludedComponents": []
   }
 }