From ced3945a4f1cc69d39d3fd68eafac534606e9b5f Mon Sep 17 00:00:00 2001 From: Sumanth K B Date: Tue, 10 Oct 2023 12:27:06 +0530 Subject: [PATCH 1/2] JfrogPythonDestRepoName field added --- src/LCT.Common/appSettings.json | 1 + 1 file changed, 1 insertion(+) diff --git a/src/LCT.Common/appSettings.json b/src/LCT.Common/appSettings.json index e00c4e32..3a7d9e7b 100644 --- a/src/LCT.Common/appSettings.json +++ b/src/LCT.Common/appSettings.json @@ -18,6 +18,7 @@ "JfrogNugetDestRepoName": "", "JfrogNpmDestRepoName": "", "JfrogMavenDestRepoName": "", + "JfrogPythonDestRepoName": "", "PackageFilePath": "/PathToInputDirectory", //For Docker run set as /mnt/Input "BomFolderPath": "/PathToOutputDirectory", //For Docker run set as /mnt/Output "BomFilePath": "/PathToOutputDirectory/_Bom.cdx.json", From b255468147b91b64fc2dea5030ef071f5f174e4f Mon Sep 17 00:00:00 2001 From: karthika Date: Tue, 10 Oct 2023 16:35:43 +0530 Subject: [PATCH 2/2] UsageDoc/CA_UsageDocument.md Updated --- doc/UsageDoc/CA_UsageDocument.md | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/doc/UsageDoc/CA_UsageDocument.md b/doc/UsageDoc/CA_UsageDocument.md index c57f0346..e5b040da 100644 --- a/doc/UsageDoc/CA_UsageDocument.md +++ b/doc/UsageDoc/CA_UsageDocument.md @@ -46,7 +46,7 @@ # Introduction -The Continuous Clearing Tool helps the Project Manager/Developer to automate the sw360 clearing process of 3rd party components. This tool scans and identifies the third-party components used in a NPM, NUGET, MAVEN and Debian projects and makes an entry in SW360, if it is not present. Continuous Clearing Tool links the components to the respective project and creates job for code scan in FOSSology.The output is an SBOM file which has a nested description of software artifact components and metadata. +The Continuous Clearing Tool helps the Project Manager/Developer to automate the sw360 clearing process of 3rd party components. This tool scans and identifies the third-party components used in a NPM, NUGET, MAVEN,PYTHON and Debian projects and makes an entry in SW360, if it is not present. Continuous Clearing Tool links the components to the respective project and creates job for code scan in FOSSology.The output is an SBOM file which has a nested description of software artifact components and metadata. Continuous Clearing Tool reduces the effort in creating components in SW360 and identifying the matching source codes from the public repository. Tool eliminates the manual error while creating component and identifying correct version of source code from public repository. Continuous Clearing Tool harmonize the creation of 3P components in SW360 by filling necessary information. @@ -161,9 +161,7 @@ Continuous Clearing Tool reduces the effort in creating components in SW360 and - **Project Type :** **Python** * Input file repository should contain **poetry.lock** file. - - `Note : Python package support in clearing tool is currently only for SBOM discovery and classification.Component Creation and Source code identification is not supported currently` - + - **Project Type :** **Debian** **Note** : below steps is required only if you have `tar` file to process , otherwise you can keep `CycloneDx.json` file in the InputDirectory. @@ -208,6 +206,7 @@ Continuous Clearing Tool reduces the effort in creating components in SW360 and "JfrogNugetDestRepoName": "JfrogNugetDestRepo Name", "JfrogNpmDestRepoName": "JfrogNpmDestRepo Name", "JfrogMavenDestRepoName": "JfrogMavenDestRepo Name", + "JfrogPythonDestRepoName": "JfrogPythonDestRepo Name", "PackageFilePath": "/mnt/Input", "BomFolderPath": "/mnt/Output", "BomFilePath":"/mnt/Output/_Bom.cdx.json", @@ -222,9 +221,11 @@ Continuous Clearing Tool reduces the effort in creating components in SW360 and "InternalRepoList": [ "", //This should be the internal repo names in JFrog for NPM "",//This should be the internal repo names in JFrog for Nuget + "",//This should be the internal repo names in JFrog for Maven + "",//This should be the internal repo names in JFrog for Python ], "Npm": { - "Include": [ "p*-lock.json" ], + "Include": [ "p*-lock.json" ,"*.cdx.json"], "Exclude": [ "node_modules" ], "JfrogNpmRepoList": [ "",//This is a mirror repo for npm registry in JFrog @@ -233,7 +234,7 @@ Continuous Clearing Tool reduces the effort in creating components in SW360 and "ExcludedComponents": [] }, "Nuget": { - "Include": [ "pack*.config", "p*.lock.json" ], + "Include": [ "pack*.config", "p*.assets.json", "*.cdx.json" ], "Exclude": [], "JfrogNugetRepoList": [ "",//This is a mirror repo for nuget.org in JFrog @@ -242,7 +243,7 @@ Continuous Clearing Tool reduces the effort in creating components in SW360 and "ExcludedComponents": [] }, "Maven": { - "Include": [ "pom.xml" ], + "Include": [ "*.cdx.json" ], "Exclude": [], "JfrogMavenRepoList": [ "",//This is a mirror repo for repo.maven in JFrog @@ -258,6 +259,10 @@ Continuous Clearing Tool reduces the effort in creating components in SW360 and "Python": { "Include": [ "poetry.lock", "*.cdx.json" ], "Exclude": [], + "JfrogPythonRepoList": [ + , //This is a mirror repo for pypi in JFrog + "" //This should be the release pypi in JFrog + ], "ExcludedComponents": [] } } @@ -286,7 +291,8 @@ Description for the settings in `appSettings.json` file | 17 | --jfrognpmdestreponame | The destination folder name for the NPM package to be copied to | Yes | | 18 | --jfrognugetdestreponame | The destination folder name for the Nuget package to be copied to | Yes | | 19 | --jfrogmavendestreponame | The destination folder name for the Maven package to be copied to | Yes | | -| 20 | --timeout | SW360 response timeout value | No | | +| 20 | --jfrogpythondestreponame | The destination folder name for the Python package to be copied to | Yes | | +| 21 | --timeout | SW360 response timeout value | No | | #### **Method 2**