├── .codacy.yml ├── .devcontainer.json ├── .dockerignore ├── .envrc ├── .github ├── CODEOWNERS ├── ISSUE_TEMPLATE │ ├── config.yml │ └── premium-issue.md ├── actions │ ├── build-docker-image │ │ └── action.yml │ ├── build-docker-images-generate-attach-sboms │ │ └── action.yml │ └── generate-attach-sbom │ │ └── action.yml ├── release.yml └── workflows │ ├── binary-builds.yml │ ├── build-images.yml │ ├── build-rolling-image.yml │ ├── dockertests.yml │ ├── image-build.yml │ ├── java-reachables-test.yml │ ├── lint.yml │ ├── nodejs.yml │ ├── npm-release.yml │ ├── nydus-demo.yml │ ├── python-atom-tests.yml │ ├── repotests.yml │ ├── rerun-workflow.yml │ └── snapshot-tests.yml ├── .gitignore ├── .npmignore ├── .nvmrc ├── .pnpmfile.cjs ├── .vscode └── settings.json ├── ADVANCED.md ├── LICENSE ├── README.md ├── bin ├── cdxgen.js ├── evinse.js ├── repl.js └── verify.js ├── biome.json ├── ci ├── Dockerfile ├── Dockerfile-bun ├── Dockerfile-deno ├── Dockerfile-ppc64 ├── Dockerfile-secure ├── containerd-config.toml ├── images │ ├── Dockerfile.dotnet7 │ ├── Dockerfile.dotnet8 │ ├── Dockerfile.dotnet9 │ ├── Dockerfile.java11 │ ├── Dockerfile.java17 │ ├── Dockerfile.java17-slim │ ├── Dockerfile.node20 │ ├── Dockerfile.python311 │ ├── Dockerfile.python312 │ ├── Dockerfile.python313 │ ├── Dockerfile.python36 │ ├── Dockerfile.ruby25 │ ├── README.md │ ├── al10 │ │ └── Dockerfile.ruby-builder │ ├── alpine │ │ ├── Dockerfile.dotnet9 │ │ ├── Dockerfile.golang123 │ │ ├── Dockerfile.golang124 │ │ ├── Dockerfile.java21 │ │ ├── Dockerfile.java24 │ │ └── Dockerfile.ruby344 │ ├── debian │ │ ├── Dockerfile.dotnet10 │ │ ├── Dockerfile.dotnet6 │ │ ├── Dockerfile.dotnet8 │ │ ├── Dockerfile.dotnet9 │ │ ├── Dockerfile.golang123 │ │ ├── Dockerfile.golang124 │ │ ├── Dockerfile.php83 │ │ ├── Dockerfile.ruby26 │ │ ├── Dockerfile.ruby33 │ │ ├── Dockerfile.ruby34 │ │ ├── Dockerfile.rust1 │ │ ├── Dockerfile.swift6 │ │ └── install.sh │ ├── nuget │ │ ├── Lucene.Net.dll │ │ ├── Microsoft.Web.XmlTransform.dll │ │ ├── NuGet-COPYRIGHT.txt │ │ ├── NuGet-LICENSE.txt │ │ ├── NuGet.Commands.dll │ │ ├── NuGet.Common.dll │ │ ├── NuGet.Configuration.dll │ │ ├── NuGet.DependencyResolver.Core.dll │ │ ├── NuGet.Frameworks.dll │ │ ├── NuGet.Indexing.dll │ │ ├── NuGet.LibraryModel.dll │ │ ├── NuGet.PackageManagement.dll │ │ ├── NuGet.Packaging.Core.dll │ │ ├── NuGet.Packaging.dll │ │ ├── NuGet.ProjectModel.dll │ │ ├── NuGet.Protocol.dll │ │ ├── NuGet.Resolver.dll │ │ ├── NuGet.Versioning.dll │ │ ├── README.md │ │ └── nuget.exe │ ├── opensuse │ │ ├── Dockerfile.python310 │ │ ├── Dockerfile.python39 │ │ └── Dockerfile.rolling │ └── temurin │ │ ├── Dockerfile.java21 │ │ ├── Dockerfile.java24 │ │ └── Dockerfile.java8 └── nydusd-config.fusedev.json ├── contrib ├── README.md ├── bom-1.5.schema.json ├── bom-signer │ ├── README.md │ └── public.key ├── bom-validate.py ├── bulk-generate │ ├── README.md │ └── index.js ├── cdx1 │ └── REPORT.md ├── cdxgenGPT │ ├── README.md │ ├── cdxgen-for-bots.md │ ├── media │ │ ├── general-spec-questions.jpg │ │ ├── grok2-test1.jpg │ │ ├── grok2-test2.jpg │ │ └── open-router-config.jpg │ └── rate-my-xbom.md ├── cloud-init.txt ├── deno │ ├── README.md │ ├── deps.ts │ └── main.ts ├── dependency-track │ ├── README.md │ └── docker-compose.yml ├── fine-tuning │ ├── .gitignore │ ├── Modelfile │ ├── README.md │ ├── cdxgen-docs │ │ ├── advanced.jsonl │ │ ├── cdxgen-for-bots.jsonl │ │ ├── ci-base-images.jsonl │ │ ├── cli.jsonl │ │ ├── env.jsonl │ │ ├── index-js.jsonl │ │ ├── lesson1.jsonl │ │ ├── permissions.jsonl │ │ ├── rate-my-xbom.jsonl │ │ ├── readme.jsonl │ │ ├── server.jsonl │ │ └── utils-js.jsonl │ ├── convert-gguf.sh │ ├── fine-tune-mlx.sh │ ├── guides │ │ ├── attestations.jsonl │ │ ├── cbom.jsonl │ │ └── sbom.jsonl │ ├── prepare.js │ ├── semantics │ │ ├── bazel-build.jsonl │ │ ├── cyclonedx-101.jsonl │ │ ├── cyclonedx-102.jsonl │ │ ├── dotnet-framework.jsonl │ │ ├── dotnet-install.jsonl │ │ ├── npm-ci.jsonl │ │ ├── npm-install.jsonl │ │ ├── pip-install.jsonl │ │ ├── purl-101.jsonl │ │ ├── purl-102.jsonl │ │ └── uv-troubleshooting.jsonl │ ├── upload-hf.sh │ └── validator.js ├── flatpak │ ├── org.cyclonedx.cdxgen.yaml │ └── sources.json ├── free_disk_space.sh ├── jsf-0.82.schema.json ├── lima │ ├── README.md │ ├── cdxgen-alpine.yaml │ ├── cdxgen-opensuse.yaml │ └── cdxgen-ubuntu.yaml ├── piptree.py ├── py-modules.py ├── requirements.txt ├── wrapdb.py └── xBOMEval │ ├── README.md │ ├── cdx1-NOTES.md │ └── tests │ ├── logic │ └── purl1.toml │ └── standards │ └── cyclonedx1.toml ├── data ├── README.md ├── bom-1.4.schema.json ├── bom-1.5.schema.json ├── bom-1.6.schema.json ├── cbomosdb-queries.json ├── component-tags.json ├── cosdb-queries.json ├── crypto-oid.json ├── frameworks-list.json ├── glibc-stdlib.json ├── helpers │ └── init.gradle ├── jsf-0.82.schema.json ├── known-licenses.json ├── lic-mapping.json ├── pypi-pkg-aliases.json ├── python-stdlib.json ├── queries-darwin.json ├── queries-win.json ├── queries.json ├── ruby-known-modules.json ├── spdx-licenses.json ├── spdx.schema.json ├── templates │ ├── README.md │ ├── asvs-4.0.3.cdx.json │ ├── asvs-5.0.cdx.json │ ├── bsimm-v13.cdx.json │ ├── masvs-2.0.0.cdx.json │ ├── nist-ssdf-1.1.cdx.json │ ├── pcissc-secure-slc-1.1.cdx.json │ ├── scvs-1.0.0.cdx.json │ └── ssaf-DRAFT-2023-11.cdx.json ├── vendor-alias.json └── wrapdb-releases.json ├── deno.json ├── devenv.lock ├── devenv.nix ├── devenv.yaml ├── docker-compose.yml ├── docs ├── .nojekyll ├── ADVANCED.md ├── CLI.md ├── ENV.md ├── GETTING_STARTED.md ├── LESSON1.md ├── LESSON2.md ├── LESSON3.md ├── LESSON4.md ├── LESSON5.md ├── PERMISSIONS.md ├── PROJECT_TYPES.md ├── README.md ├── SERVER.md ├── SUPPORT.md ├── _coverpage.md ├── _media │ ├── LevoLogo-LightBg.jpg │ ├── callstack-evidence.png │ ├── cdxgen-tree.jpg │ ├── cdxgen.png │ ├── occurrence-evidence.png │ ├── saasbom-services.png │ ├── sbom-sign.jpg │ └── why-cdxgen.jpg ├── _sidebar.md ├── index.html └── ml_profiles.md ├── index.cjs ├── jest.config.js ├── jsr.json ├── lib ├── cli │ └── index.js ├── evinser │ ├── evinser.js │ ├── evinser.test.js │ ├── scalasem.js │ ├── swiftsem.js │ └── swiftsem.test.js ├── helpers │ ├── analyzer.js │ ├── cbomutils.js │ ├── cbomutils.test.js │ ├── db.js │ ├── display.js │ ├── display.test.js │ ├── envcontext.js │ ├── envcontext.test.js │ ├── logger.js │ ├── protobom.js │ ├── protobom.test.js │ ├── utils.js │ ├── utils.test.js │ └── validator.js ├── managers │ ├── binary.js │ ├── docker.js │ ├── docker.test.js │ ├── oci.js │ └── piptree.js ├── server │ ├── openapi.yaml │ └── server.js └── stages │ ├── postgen │ ├── annotator.js │ ├── annotator.test.js │ ├── postgen.js │ └── postgen.test.js │ └── pregen │ └── pregen.js ├── package.json ├── plugins ├── .gitkeep └── .npmignore ├── pnpm-lock.yaml ├── test ├── Cargo.lock ├── Podfile ├── Podfile.json ├── Podfile.lock ├── data │ ├── CMakeLists.txt │ ├── Cargo1.toml │ ├── Cargo2.toml │ ├── Cargo3.toml │ ├── Cargom.lock │ ├── Chart.yaml │ ├── Dockerfile │ ├── Gemfile.lock │ ├── Gemfile1.lock │ ├── Gemfile2.lock │ ├── Gemfile4.lock │ ├── Gemfile5.lock │ ├── Gemfile6.lock │ ├── Logging.csproj │ ├── METADATA │ ├── Microsoft.Web.Infrastructure.1.0.0.0.nupkg │ ├── Microsoft.Web.Infrastructure.1.0.0.0.nuspec │ ├── Package.resolved │ ├── Package2.resolved │ ├── Pipfile.lock │ ├── Server.csproj │ ├── WindowsFormsApplication1.csproj │ ├── activerecord-import.gemspec │ ├── adservice.yaml │ ├── alpine-installed │ ├── appthreat_depscan-2.0.2-py3-none-any.whl │ ├── apt-search-out.txt │ ├── atom-sbt-list.txt │ ├── atom-sbt-tree.txt │ ├── bazel │ │ ├── BUILD │ │ ├── bazel-action-graph.txt │ │ └── bazel-state.txt │ ├── bitbucket-pipelines.yml │ ├── bom-deps.json │ ├── bom-deps.xml │ ├── bom-gradle-deps.json │ ├── bom-gradle-deps.xml │ ├── bom-gradle.json.map │ ├── bom-java.json │ ├── bom-maven.json.map │ ├── bom-mavenplugins.json │ ├── bom-mavenplugins.xml │ ├── bom-maventree.json │ ├── bom-maventree.xml │ ├── bom-postgen-test.json │ ├── bom-postgen-test2.json │ ├── bower.json │ ├── build.sbt.lock │ ├── bun.lockb │ ├── cabal-2.project.freeze │ ├── cabal.project.freeze │ ├── cargo-auditable.txt │ ├── chen-science-requirements.txt │ ├── clj-tree.txt │ ├── cloudbuild.yaml │ ├── cmake-debug.txt │ ├── cmakes │ │ ├── CMakeLists-tpl.txt │ │ ├── CMakeLists-version.txt │ │ ├── CMakeLists.txt │ │ ├── DownloadPThreadPool.cmake │ │ ├── conanfile.txt │ │ ├── conanfile1.txt │ │ ├── fbVersion.cmake │ │ └── mongoc-config.cmake │ ├── compile_commands.json │ ├── composer-2.json │ ├── composer-2.lock │ ├── composer-3.lock │ ├── composer-4.lock │ ├── composer.json │ ├── composer.lock │ ├── conan.lock │ ├── conan.with_custom_pkg_user_channel.lock │ ├── conanfile.txt │ ├── conanfile.with_custom_pkg_user_channel.txt │ ├── conda-list.json │ ├── conda.yml │ ├── ddc-sbom.json │ ├── ddc-sbom.xml │ ├── debian-status │ ├── deno-test.lock.json │ ├── deployment.yaml │ ├── deps.edn │ ├── deps.edn.1 │ ├── deps.edn.2 │ ├── df.json │ ├── docker-compose-cr.yml │ ├── docker-compose-mysql.yml │ ├── docker-compose-ng.yml │ ├── docker-compose.yml │ ├── emailservice.yaml │ ├── go-dvwa.mod │ ├── go-syft.mod │ ├── golist-dep.txt │ ├── golist-dep2.txt │ ├── gomod-dvwa-graph.txt │ ├── gomod-graph.txt │ ├── gomod-graph2.txt │ ├── gomod-syft-graph.txt │ ├── gomodwhy.txt │ ├── gomodwhynot.txt │ ├── goversion.txt │ ├── goversion2.txt │ ├── gradle-android-app.dep │ ├── gradle-android-dep.out │ ├── gradle-android-jetify.dep │ ├── gradle-core.out │ ├── gradle-dependencies-559.txt │ ├── gradle-out-249.dep │ ├── gradle-out1.dep │ ├── gradle-projects.out │ ├── gradle-projects1.out │ ├── gradle-projects2.out │ ├── gradle-properties-559.txt │ ├── gradle-properties-android.txt │ ├── gradle-properties-elastic.txt │ ├── gradle-properties-single.txt │ ├── gradle-properties-single2.txt │ ├── gradle-properties-sm.txt │ ├── gradle-properties.txt │ ├── gradle-rich1.dep │ ├── gradle-rich2.dep │ ├── gradle-rich3.dep │ ├── gradle-rich4.dep │ ├── gradle-rich5.dep │ ├── gradle-s.out │ ├── gradle-service.out │ ├── gradle-single.out │ ├── gradle-sm.dep │ ├── ivy-2.11.0.xml │ ├── jquery.3.6.0.nupkg │ ├── jt-sbom.json │ ├── jt-sbom.xml │ ├── kustomization.yaml │ ├── lein-tree.txt │ ├── loofah-2.3.1.gemspec │ ├── mercurial-5.5.2-py3.8.egg-info │ ├── meson-1.build │ ├── meson.build │ ├── mill │ │ └── out │ │ │ ├── bar │ │ │ ├── ivyDepsTree.log │ │ │ └── test │ │ │ │ └── ivyDepsTree.log │ │ │ └── foo │ │ │ ├── ivyDepsTree.log │ │ │ └── test │ │ │ └── ivyDepsTree.log │ ├── mix.lock │ ├── mix.lock.1 │ ├── modules.txt │ ├── msgpack.mk │ ├── mvn-dep-tree-simple.txt │ ├── mvn-metrics-tree.txt │ ├── mvn-p2-plugin.txt │ ├── mvn-sbstarter-tree.txt │ ├── nokogiri-1.10.10.gemspec │ ├── openapi │ │ ├── openapi-oai.yaml │ │ └── openapi-spec.json │ ├── os-release │ ├── package-json │ │ ├── theia │ │ │ └── package-lock.json │ │ ├── v1 │ │ │ ├── package-lock.json │ │ │ └── package.json │ │ ├── v2-workspace │ │ │ ├── app │ │ │ │ └── package.json │ │ │ ├── package-lock.json │ │ │ ├── package.json │ │ │ └── scripts │ │ │ │ └── package.json │ │ ├── v2 │ │ │ ├── package-lock.json │ │ │ └── package.json │ │ └── v3 │ │ │ ├── package-lock.json │ │ │ └── package.json │ ├── package-lock-v1.json │ ├── package-lock-v2.json │ ├── package-lock-v3.json │ ├── package-lock2.json │ ├── package-lock4.json │ ├── packages.config │ ├── packages.lock.json │ ├── packages2.config │ ├── packages2.lock.json │ ├── packages3.lock.json │ ├── paket.lock │ ├── pdm.lock │ ├── pnpm-lock.yaml │ ├── pnpm-lock2.yaml │ ├── pnpm-lock3.yaml │ ├── pnpm-lock4.yaml │ ├── pnpm-lock6.yaml │ ├── pnpm-lock6a.yaml │ ├── pnpm-lock6b.yaml │ ├── pnpm-lock9a.yaml │ ├── pnpm-lock9b.yaml │ ├── pnpm-lock9c.yaml │ ├── pnpm_locks │ │ ├── bytemd-pnpm-lock.yaml │ │ ├── bytemd-pnpm-workspace.yaml │ │ └── pnpm-workspace.yaml │ ├── poetry-cpggen.lock │ ├── poetry.lock │ ├── poetry1.lock │ ├── pom-quarkus-modules.xml │ ├── pom-quarkus.xml │ ├── postgrescluster.yaml │ ├── privado.json │ ├── project.assets.json │ ├── project.assets1.json │ ├── project.clj │ ├── project.clj.1 │ ├── project.clj.2 │ ├── prometheus-community-index.yaml │ ├── pubspec.lock │ ├── pubspec.yaml │ ├── pyproject-author-comma.toml │ ├── pyproject.toml │ ├── pyproject_uv-workspace.toml │ ├── pyproject_uv.toml │ ├── pyproject_uv2.toml │ ├── pyproject_with_custom_poetry_source.toml │ ├── redis.yaml │ ├── requirements-lock.linux_py3.txt │ ├── requirements.comments.txt │ ├── requirements.complex.txt │ ├── requirements.freeze.txt │ ├── sample-dotnet.csproj │ ├── sample-mvn-tree.txt │ ├── sbt-dl.list │ ├── service.yaml │ ├── setup-impacket.py │ ├── skaffold-ms.yaml │ ├── skaffold.yaml │ ├── swift-deps.json │ ├── swift-deps1.json │ ├── swiftsem │ │ ├── bom-hakit.json │ │ ├── output-file-map.json │ │ ├── package.swift-structure.json │ │ ├── semantics.slices.json │ │ ├── swift-build-output1.txt │ │ ├── swift-dump-package.json │ │ ├── swift-index-speech.json │ │ ├── swift-index-starscream.json │ │ ├── swift-index-starscream2.json │ │ ├── swift-module-info.json │ │ ├── swift-module-info2.json │ │ ├── swift-structure-grdb.json │ │ ├── swift-structure-speech.json │ │ ├── swift-structure-starscream.json │ │ └── swift-structure-starscream2.json │ ├── tekton-task.yml │ ├── tslite.dot │ ├── ubuntu-status │ ├── usages.json │ ├── uv-workspace.lock │ ├── uv.lock │ ├── vcpkg.json │ ├── vcpkg2.json │ ├── vuln-spring-1.5.bom.json │ ├── xmlrpc.gemspec │ ├── xunit.nuspec │ ├── xunit.runner.utility.nuspec │ ├── yarn_locks │ │ ├── yarn-at.lock │ │ ├── yarn-light.lock │ │ ├── yarn-multi.lock │ │ ├── yarn.lock │ │ ├── yarn3.lock │ │ ├── yarn4.lock │ │ ├── yarn5.lock │ │ ├── yarn6.lock │ │ ├── yarn7.lock │ │ ├── yarnv1-empty.lock │ │ ├── yarnv1-fs.lock │ │ ├── yarnv2.lock │ │ ├── yarnv3.lock │ │ ├── yarnv4.1.lock │ │ └── yarnv4.lock │ └── zstd_sys-dc50c4de2e4e7df8.d ├── diff │ ├── README.md │ ├── container-tests-repos.csv │ ├── diff_tests.py │ ├── generate.py │ ├── repos.csv │ └── requirements.txt ├── gomod │ ├── go.mod │ └── go.sum ├── gopkg │ └── Gopkg.lock ├── gradle-build-env-dep.out ├── gradle-dep-parallel.out ├── gradle-dep.out ├── gradle-prop-parallel.out ├── package-lock.json ├── pnpm-lock.yaml ├── pom.xml ├── sample.csproj ├── shrinkwrap-deps.json └── yarn.lock ├── tools_config └── org.cyclonedx.cdxgen.appdata.xml ├── tsconfig.json └── types ├── jest.config.d.ts ├── jest.config.d.ts.map └── lib ├── cli ├── index.d.ts └── index.d.ts.map ├── evinser ├── evinser.d.ts ├── evinser.d.ts.map ├── scalasem.d.ts ├── scalasem.d.ts.map ├── swiftsem.d.ts └── swiftsem.d.ts.map ├── helpers ├── analyzer.d.ts ├── analyzer.d.ts.map ├── cbomutils.d.ts ├── cbomutils.d.ts.map ├── db.d.ts ├── db.d.ts.map ├── display.d.ts ├── display.d.ts.map ├── envcontext.d.ts ├── envcontext.d.ts.map ├── logger.d.ts ├── logger.d.ts.map ├── package_specific │ ├── gradleutils.d.ts │ └── gradleutils.d.ts.map ├── protobom.d.ts ├── protobom.d.ts.map ├── utils.d.ts ├── utils.d.ts.map ├── validator.d.ts └── validator.d.ts.map ├── managers ├── binary.d.ts ├── binary.d.ts.map ├── docker.d.ts ├── docker.d.ts.map ├── oci.d.ts ├── oci.d.ts.map ├── piptree.d.ts └── piptree.d.ts.map ├── server ├── server.d.ts └── server.d.ts.map └── stages ├── postgen ├── annotator.d.ts ├── annotator.d.ts.map ├── postgen.d.ts └── postgen.d.ts.map └── pregen ├── pregen.d.ts └── pregen.d.ts.map /.codacy.yml: -------------------------------------------------------------------------------- 1 | --- 2 | exclude_paths: 3 | - "test/**/*" 4 | - "ci/**/*" 5 | - "contrib/**/*" 6 | - "docs/**/*" 7 | - "types/**/*" 8 | -------------------------------------------------------------------------------- /.devcontainer.json: -------------------------------------------------------------------------------- 1 | { 2 | "customizations": { 3 | "vscode": { 4 | "extensions": [ 5 | "mkhl.direnv" 6 | ] 7 | } 8 | }, 9 | "image": "ghcr.io/cachix/devenv/devcontainer:latest", 10 | "overrideCommand": false, 11 | "updateContentCommand": "devenv test" 12 | } 13 | -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | **/.git 2 | .github/ 3 | .vscode/ 4 | .deno/ 5 | test/ 6 | docs/ 7 | contrib/ 8 | **/node_modules 9 | private.key 10 | -------------------------------------------------------------------------------- /.envrc: -------------------------------------------------------------------------------- 1 | export DIRENV_WARN_TIMEOUT=20s 2 | 3 | eval "$(devenv direnvrc)" 4 | 5 | # The use_devenv function supports passing flags to the devenv command 6 | # For example: use devenv --impure --option services.postgres.enable:bool true 7 | use devenv 8 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @prabhu -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- 1 | blank_issues_enabled: true 2 | contact_links: 3 | - name: cdxgen GPT 4 | url: https://chatgpt.com/g/g-673bfeb4037481919be8a2cd1bf868d2-cyclonedx-generator-cdxgen 5 | about: Use cdxgen GPT specially trained with cdxgen documentation and tutorials. 6 | - name: Discussions 7 | url: https://github.com/CycloneDX/cdxgen/discussions 8 | about: Please ask and answer questions here. 9 | - name: Specification Discussions 10 | url: https://github.com/CycloneDX/specification/discussions 11 | about: Questions and comments about the CycloneDX specification here. 12 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/premium-issue.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Premium Issue 3 | about: You need a fix for the issue with a high priority 4 | title: '' 5 | labels: Premium 6 | assignees: prabhu, cerrussell 7 | 8 | --- 9 | 10 | Thank you for considering premium issues. Your contribution and sponsorship help support our work on all projects and activities of CycloneDX. 11 | 12 | *Premium issues can be used to get a higher priority resolution for users and organizations.* 13 | *In return, you need to contribute to the project with an action:* 14 | 15 | - Writing a guest blog post or sharing it on social media. (GitHub stars or re-tweets do not count) 16 | - Sponsoring [OWASP CycloneDX](https://owasp.org/donate/?reponame=www-project-cyclonedx&title=OWASP+CycloneDX) for the fair market value of the work. 17 | 18 | *Premium issues will be highlighted in the changelog and the release blog post with your name/logo* 19 | 20 | ---------------------------------- 21 | 22 | **Description** 23 | 24 | *Please describe the issue/request that needs to be addressed* 25 | 26 | **Context** 27 | 28 | *Please provide the version of cdxgen, the operating system as well as the repo associated with the issue 29 | (it can be sent by email as well)* 30 | 31 | ---------------------------------- 32 | 33 | 34 | **Reach out to `prabhu.subramanian@owasp.org` **to discuss the timeline**/contribution.** 35 | -------------------------------------------------------------------------------- /.github/actions/build-docker-image/action.yml: -------------------------------------------------------------------------------- 1 | name: Build a Docker image 2 | description: | 3 | This action does the actual building of an image, based on the given 4 | parameters. Depending on the configured 'action', the image is then pushed 5 | to a registry or loaded into the local Docker. 6 | 7 | inputs: 8 | action: 9 | description: Action to run on completion of the build -- either 'load' or 'push'' 10 | required: true 11 | dockerfile: 12 | description: Dockerfile that describes the image 13 | required: true 14 | labels: 15 | description: Labels to add to the image 16 | platforms: 17 | description: The platforms for which to build the image 18 | required: true 19 | tags: 20 | description: All tags for the image 21 | required: true 22 | target: 23 | description: Which stage in the Dockerfile to build 24 | required: true 25 | 26 | runs: 27 | using: composite 28 | steps: 29 | - name: Build Docker image 30 | uses: docker/build-push-action@v6 31 | with: 32 | context: . 33 | file: ${{ inputs.dockerfile }} 34 | labels: ${{ inputs.labels }} 35 | load: ${{ inputs.action == 'load' }} 36 | platforms: ${{ inputs.platforms }} 37 | push: ${{ inputs.action == 'push' }} 38 | tags: ${{ inputs.tags }} 39 | target: ${{ inputs.target }} 40 | -------------------------------------------------------------------------------- /.github/actions/generate-attach-sbom/action.yml: -------------------------------------------------------------------------------- 1 | name: Generate and attach SBOM 2 | description: | 3 | Generate and attach an SBOM to the configured platform-version of an image 4 | in its registry. 5 | 6 | inputs: 7 | dockerfile: 8 | description: Dockerfile that describes the image 9 | required: true 10 | platform: 11 | description: The platforms for which to build the image 12 | required: true 13 | tag: 14 | description: All tags for the image 15 | required: true 16 | signing-key: 17 | description: The key to use for signing the SBOM, base64 encoded 18 | required: true 19 | target: 20 | description: Which stage in the Dockerfile to build 21 | required: true 22 | 23 | runs: 24 | using: composite 25 | steps: 26 | - name: Build and load image 27 | uses: ./.github/actions/build-docker-image 28 | with: 29 | action: load 30 | dockerfile: ${{ inputs.dockerfile }} 31 | platforms: ${{ inputs.platform }} 32 | tags: ${{ inputs.tag }} 33 | target: ${{ inputs.target }} 34 | - name: Generate and attach SBOM 35 | shell: bash 36 | run: | 37 | node bin/cdxgen.js -t docker -o sbom-oci-image.cdx.json ${{ inputs.tag }} 38 | node bin/verify.js -i sbom-oci-image.cdx.json --public-key contrib/bom-signer/public.key 39 | oras attach --artifact-type sbom/cyclonedx --platform ${{ inputs.platform }} ${{ inputs.tag }} ./sbom-oci-image.cdx.json:application/json 40 | oras discover --format tree --platform ${{ inputs.platform }} ${{ inputs.tag }} 41 | node bin/verify.js -i ${{ inputs.tag }} --platform ${{ inputs.platform }} --public-key contrib/bom-signer/public.key 42 | docker rmi ${{ inputs.tag }} 43 | rm sbom-oci-image.cdx.json 44 | env: 45 | CDXGEN_TEMP_DIR: ${{ runner.temp }}/cdxgen-sboms 46 | DOCKER_USE_CLI: true 47 | SBOM_SIGN_ALGORITHM: RS512 48 | SBOM_SIGN_PRIVATE_KEY_BASE64: ${{ inputs.signing-key }} 49 | -------------------------------------------------------------------------------- /.github/release.yml: -------------------------------------------------------------------------------- 1 | changelog: 2 | categories: 3 | - title: Breaking Changes 🛠 4 | labels: 5 | - breaking 6 | - possibly breaking 7 | - title: 🚀 Features 8 | labels: 9 | - enhancement 10 | - title: 🐛 Bug Fixes 11 | labels: 12 | - bug 13 | - title: 🧼 Code Refactoring 14 | labels: 15 | - refactor 16 | - title: 📚 Documentation 17 | labels: 18 | - documentation 19 | - title: 🧪 Testing 20 | labels: 21 | - test 22 | - title: 🏗️ Build System 23 | labels: 24 | - build 25 | - title: 📦 Dependency Updates 26 | labels: 27 | - dependency 28 | - title: 💳 Sponsored Work 29 | labels: 30 | - sponsored 31 | - title: Other Changes 32 | labels: 33 | - "*" 34 | -------------------------------------------------------------------------------- /.github/workflows/build-rolling-image.yml: -------------------------------------------------------------------------------- 1 | name: Build rolling image 2 | 3 | # This workflow builds a fresh image for the current 'master'-branch every day 4 | # and on pushes. 5 | # 6 | # Similar to `build-images`, this workflow only defines the image and building 7 | # is handled in `image-build.yml`. 8 | # 9 | # The definition is the same as in `build-images.yml`, except for the fact it 10 | # must be defined in a JSON-String, since parameters can only be transferred as 11 | # simple types! 12 | 13 | on: 14 | schedule: 15 | - cron: "0 8 * * *" 16 | push: 17 | branches: 18 | - master 19 | paths-ignore: 20 | - 'docs/**' 21 | - 'contrib/**' 22 | - '*.md' 23 | workflow_dispatch: 24 | 25 | concurrency: 26 | group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} 27 | cancel-in-progress: true 28 | 29 | jobs: 30 | image: 31 | if: github.repository == 'CycloneDX/cdxgen' 32 | permissions: 33 | contents: read 34 | packages: write 35 | uses: ./.github/workflows/image-build.yml 36 | secrets: inherit 37 | with: 38 | image: | 39 | { 40 | "lang": "rolling", 41 | "distro": "opensuse", 42 | "runner": "macos-hosted", 43 | "base-image": { 44 | "lang": "lang" 45 | } 46 | } 47 | 48 | retry: 49 | needs: image 50 | if: failure() && fromJSON(github.run_attempt) < 3 51 | runs-on: ubuntu-latest 52 | steps: 53 | - run: gh workflow run rerun-workflow.yml -F run_id=${{ github.run_id }} 54 | env: 55 | GH_REPO: ${{ github.repository }} 56 | GH_TOKEN: ${{ secrets.WORKFLOW_TOKEN }} 57 | -------------------------------------------------------------------------------- /.github/workflows/lint.yml: -------------------------------------------------------------------------------- 1 | name: Biome 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | tags: 8 | - 'v*' 9 | workflow_dispatch: 10 | pull_request: 11 | jobs: 12 | lint: 13 | runs-on: ubuntu-24.04 14 | steps: 15 | - uses: actions/checkout@v4 16 | - uses: actions/setup-node@v4 17 | with: 18 | node-version-file: .nvmrc 19 | - name: Check Linting 20 | run: | 21 | npm install --global corepack@latest 22 | corepack enable 23 | corepack pnpm install --config.strict-dep-builds=true 24 | corepack pnpm run lint:check 25 | env: 26 | CI: true 27 | -------------------------------------------------------------------------------- /.github/workflows/rerun-workflow.yml: -------------------------------------------------------------------------------- 1 | name: Re-run failed workflow 2 | 3 | # This workflow CAN NOT be called directly. It is supposed to be called by 4 | # other workflows when they fail and this workflow will trigger a re-run. 5 | 6 | on: 7 | workflow_dispatch: 8 | inputs: 9 | run_id: 10 | required: true 11 | type: string 12 | 13 | jobs: 14 | rerun: 15 | runs-on: ubuntu-latest 16 | steps: 17 | - name: rerun ${{ inputs.run_id }} 18 | run: | 19 | gh run watch ${{ inputs.run_id }} > /dev/null 2>&1 20 | gh run rerun ${{ inputs.run_id }} --failed 21 | env: 22 | GH_REPO: ${{ github.repository }} 23 | GH_TOKEN: ${{ secrets.WORKFLOW_TOKEN }} 24 | -------------------------------------------------------------------------------- /.nvmrc: -------------------------------------------------------------------------------- 1 | 23 -------------------------------------------------------------------------------- /.pnpmfile.cjs: -------------------------------------------------------------------------------- 1 | function readPackage(pkg) { 2 | // pnpm fetched metadata doesn't include libc. So we patch it based on the name to reduce duplicate binaries 3 | if (pkg.name?.includes("cdxgen-plugins-bin") && pkg.name.includes("linux")) { 4 | if (pkg.name?.includes("linuxmusl-") && !pkg.libc) { 5 | pkg.libc = "musl"; 6 | } else if (pkg.name?.includes("linux-") && !pkg.libc) { 7 | pkg.libc = "glibc"; 8 | } 9 | } 10 | return pkg; 11 | } 12 | 13 | module.exports = { 14 | hooks: { 15 | readPackage, 16 | }, 17 | }; 18 | -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "git.alwaysSignOff": true, 3 | "editor.codeActionsOnSave": { 4 | "quickfix.biome": "explicit", 5 | "source.organizeImports.biome": "explicit" 6 | }, 7 | "editor.defaultFormatter": "biomejs.biome", 8 | "deno.enable": false 9 | } 10 | -------------------------------------------------------------------------------- /biome.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://biomejs.dev/schemas/1.9.4/schema.json", 3 | "organizeImports": { 4 | "enabled": true, 5 | "ignore": ["contrib/**"] 6 | }, 7 | "linter": { 8 | "enabled": true, 9 | "ignore": ["types/**", "contrib/**", "data/**"], 10 | "rules": { 11 | "recommended": true, 12 | "complexity": { 13 | "noForEach": "off", 14 | "useLiteralKeys": "off", 15 | "noUselessTernary": "warn" 16 | }, 17 | "correctness": { 18 | "noUndeclaredVariables": "error", 19 | "noUnnecessaryContinue": "warn", 20 | "noConstAssign": "error", 21 | "noConstantCondition": "error", 22 | "noUnreachable": "info", 23 | "noUnusedFunctionParameters": "warn" 24 | }, 25 | "performance": { 26 | "noDelete": "off" 27 | }, 28 | "style": { 29 | "noParameterAssign": "off", 30 | "noShoutyConstants": "warn", 31 | "noUselessElse": "warn" 32 | }, 33 | "suspicious": { 34 | "noAssignInExpressions": "off", 35 | "noDoubleEquals": "warn", 36 | "noAsyncPromiseExecutor": "warn", 37 | "noControlCharactersInRegex": "warn", 38 | "noDebugger": "error", 39 | "noEmptyBlockStatements": "warn" 40 | }, 41 | "nursery": { 42 | "noDuplicateElseIf": "warn" 43 | } 44 | } 45 | }, 46 | "vcs": { 47 | "enabled": true, 48 | "clientKind": "git", 49 | "useIgnoreFile": true 50 | }, 51 | "formatter": { 52 | "enabled": true, 53 | "ignore": ["types/**", "contrib/**", ".devcontainer.json"], 54 | "indentStyle": "space", 55 | "indentWidth": 2 56 | }, 57 | "files": { 58 | "maxSize": 5242880 59 | } 60 | } 61 | -------------------------------------------------------------------------------- /ci/Dockerfile-secure: -------------------------------------------------------------------------------- 1 | FROM ghcr.io/cyclonedx/cdxgen:master 2 | 3 | LABEL maintainer="cyclonedx" \ 4 | org.opencontainers.image.authors="Prabhu Subramanian " \ 5 | org.opencontainers.image.source="https://github.com/cyclonedx/cdxgen" \ 6 | org.opencontainers.image.url="https://github.com/cyclonedx/cdxgen" \ 7 | org.opencontainers.image.version="11.4.x" \ 8 | org.opencontainers.image.vendor="cyclonedx" \ 9 | org.opencontainers.image.licenses="Apache-2.0" \ 10 | org.opencontainers.image.title="cdxgen" \ 11 | org.opencontainers.image.description="Container image for cdxgen SBOM generator packing latest build tools with secure defaults." \ 12 | org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-secure -r /app --server" 13 | 14 | ENV NODE_OPTIONS='--permission --allow-fs-read="/app/*" --allow-fs-read="/opt/*" --allow-fs-read="/home/cyclonedx/*" --allow-fs-read="/tmp/cdxgen-temp/*" --allow-fs-write="/tmp/cdxgen-temp/*" --allow-fs-write="/app/*.json" --allow-child-process --trace-warnings' \ 15 | NODE_NO_WARNINGS=1 \ 16 | CDXGEN_SECURE_MODE=true \ 17 | COMPOSER_ALLOW_SUPERUSER=0 18 | USER cyclonedx 19 | WORKDIR /app 20 | ENTRYPOINT ["cdxgen"] 21 | -------------------------------------------------------------------------------- /ci/containerd-config.toml: -------------------------------------------------------------------------------- 1 | [proxy_plugins] 2 | [proxy_plugins.nydus] 3 | type = "snapshot" 4 | address = "/run/containerd-nydus/containerd-nydus-grpc.sock" 5 | -------------------------------------------------------------------------------- /ci/images/Dockerfile.dotnet9: -------------------------------------------------------------------------------- 1 | # Base-image 2 | FROM registry.suse.com/bci/dotnet-sdk:9.0 AS base 3 | 4 | ENV DOTNET_GENERATE_ASPNET_CERTIFICATE=false \ 5 | DOTNET_NOLOGO=true \ 6 | DOTNET_USE_POLLING_FILE_WATCHER=false \ 7 | NUGET_XMLDOC_MODE=skip \ 8 | DOTNET_RUNNING_IN_CONTAINER=true \ 9 | DOTNET_CLI_TELEMETRY_OPTOUT=1 \ 10 | npm_config_python=/usr/bin/python3.11 11 | 12 | RUN zypper refresh && zypper --non-interactive update && zypper --non-interactive install -l --no-recommends git-core nodejs20 npm20 python311 python311-pip wget zip unzip make gawk java-21-openjdk-devel \ 13 | && dotnet --list-sdks \ 14 | && npm install -g corepack \ 15 | && zypper clean -a 16 | 17 | CMD ["/bin/bash"] 18 | 19 | 20 | 21 | # cdxgen-image 22 | FROM base AS cdxgen 23 | 24 | LABEL maintainer="CycloneDX" \ 25 | org.opencontainers.image.authors="Team AppThreat " \ 26 | org.opencontainers.image.source="https://github.com/CycloneDX/cdxgen" \ 27 | org.opencontainers.image.url="https://github.com/CycloneDX/cdxgen" \ 28 | org.opencontainers.image.version="rolling" \ 29 | org.opencontainers.image.vendor="CycloneDX" \ 30 | org.opencontainers.image.licenses="Apache-2.0" \ 31 | org.opencontainers.image.title="cdxgen" \ 32 | org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for dotnet 9 apps" \ 33 | org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-dotnet9:v11 -r /app --server" 34 | 35 | ENV CDXGEN_IN_CONTAINER=true \ 36 | NODE_COMPILE_CACHE="/opt/cdxgen-node-cache" \ 37 | PYTHONPATH=/opt/pypi 38 | ENV PATH=${PATH}:/usr/local/bin:${PYTHONPATH}/bin:/opt/cdxgen/node_modules/.bin 39 | 40 | COPY . /opt/cdxgen 41 | 42 | RUN cd /opt/cdxgen && corepack enable && corepack pnpm install --config.strict-dep-builds=true --prod --package-import-method copy --frozen-lockfile && corepack pnpm cache delete \ 43 | && mkdir -p ${NODE_COMPILE_CACHE} \ 44 | && node /opt/cdxgen/bin/cdxgen.js --help \ 45 | && pip install --upgrade --no-cache-dir blint atom-tools --target /opt/pypi \ 46 | && rm -rf /root/.cache/node \ 47 | && chmod a-w -R /opt 48 | WORKDIR /app 49 | ENTRYPOINT ["node", "/opt/cdxgen/bin/cdxgen.js"] 50 | -------------------------------------------------------------------------------- /ci/images/al10/Dockerfile.ruby-builder: -------------------------------------------------------------------------------- 1 | FROM almalinux:10.0-minimal AS ruby-builder 2 | 3 | LABEL maintainer="cyclonedx" \ 4 | org.opencontainers.image.authors="Prabhu Subramanian " \ 5 | org.opencontainers.image.source="https://github.com/cyclonedx/cdxgen" \ 6 | org.opencontainers.image.url="https://github.com/cyclonedx/cdxgen" \ 7 | org.opencontainers.image.version="11.4.x" \ 8 | org.opencontainers.image.vendor="cyclonedx" \ 9 | org.opencontainers.image.licenses="Apache-2.0" \ 10 | org.opencontainers.image.title="cdxgen" \ 11 | org.opencontainers.image.description="Base Ruby builder. Do not use directly." 12 | 13 | ARG RUBY_VERSION=3.4.4 14 | 15 | ENV RUBY_VERSION=$RUBY_VERSION \ 16 | RBENV_ROOT=/opt/.rbenv \ 17 | MAKEFLAGS="-j$(nproc --ignore=2)" \ 18 | PATH=/opt/bin:/opt/vendor/bin:${PATH}:/usr/local/bin/:/root/.local/bin:/root/.rbenv/bin:/root/.rbenv/versions/3.4.4/bin 19 | 20 | RUN microdnf install -y \ 21 | gcc gcc-c++ make autoconf automake bison libtool \ 22 | wget git-core bash glibc-common glibc-all-langpacks \ 23 | openssl-devel readline-devel zlib-devel \ 24 | ncurses-devel libffi-devel pcre2-devel \ 25 | && microdnf install -y epel-release \ 26 | && microdnf install --enablerepo=crb -y libyaml-devel \ 27 | && git clone https://github.com/rbenv/rbenv.git --depth=1 /opt/.rbenv \ 28 | && echo 'export PATH="/opt/.rbenv/bin:$PATH"' >> ~/.bashrc \ 29 | && echo 'eval "$(/opt/.rbenv/bin/rbenv init - bash)"' >> ~/.bashrc \ 30 | && echo 'export RBENV_ROOT=/opt/.rbenv' >> ~/.bashrc \ 31 | && echo 'export NVM_DIR=/opt/.nvm' >> ~/.bashrc \ 32 | && source ~/.bashrc \ 33 | && mkdir -p "/opt/.rbenv/plugins" \ 34 | && git clone https://github.com/rbenv/ruby-build.git --depth=1 "/opt/.rbenv/plugins/ruby-build" \ 35 | && rbenv install ${RUBY_VERSION} -- --disable-install-doc \ 36 | && rbenv global ${RUBY_VERSION} \ 37 | && rm -rf /opt/.rbenv/cache \ 38 | && ruby --version \ 39 | && microdnf clean all 40 | -------------------------------------------------------------------------------- /ci/images/alpine/Dockerfile.dotnet9: -------------------------------------------------------------------------------- 1 | # Base-image 2 | FROM mcr.microsoft.com/dotnet/sdk:9.0-alpine AS base 3 | 4 | ENV PATH=${PATH}:/usr/local/bin 5 | 6 | RUN apk update && apk add --no-cache \ 7 | nodejs \ 8 | npm \ 9 | && npm install -g corepack \ 10 | && node -v \ 11 | && npm -v \ 12 | && rm -rf /var/cache/apk/* 13 | 14 | 15 | 16 | # cdxgen-image 17 | FROM base AS cdxgen 18 | 19 | LABEL maintainer="CycloneDX" \ 20 | org.opencontainers.image.authors="Team AppThreat " \ 21 | org.opencontainers.image.source="https://github.com/CycloneDX/cdxgen" \ 22 | org.opencontainers.image.url="https://github.com/CycloneDX/cdxgen" \ 23 | org.opencontainers.image.version="rolling" \ 24 | org.opencontainers.image.vendor="CycloneDX" \ 25 | org.opencontainers.image.licenses="Apache-2.0" \ 26 | org.opencontainers.image.title="cdxgen" \ 27 | org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for dotnet 9 apps" \ 28 | org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-alpine-dotnet9:v11 -r /app --server" 29 | 30 | ENV CDXGEN_IN_CONTAINER=true \ 31 | NODE_COMPILE_CACHE="/opt/cdxgen-node-cache" \ 32 | PATH=${PATH}:/usr/local/bin:/opt/cdxgen/node_modules/.bin 33 | 34 | COPY . /opt/cdxgen 35 | 36 | RUN cd /opt/cdxgen && corepack enable && corepack pnpm install --config.strict-dep-builds=true --prod --package-import-method copy --frozen-lockfile && corepack pnpm cache delete \ 37 | && npm uninstall -g corepack \ 38 | && apk del npm \ 39 | && mkdir -p ${NODE_COMPILE_CACHE} \ 40 | && node /opt/cdxgen/bin/cdxgen.js --help \ 41 | && rm -rf /root/.cache/node \ 42 | && chmod a-w -R /opt 43 | WORKDIR /app 44 | ENTRYPOINT ["node", "/opt/cdxgen/bin/cdxgen.js"] 45 | -------------------------------------------------------------------------------- /ci/images/alpine/Dockerfile.golang123: -------------------------------------------------------------------------------- 1 | # Base-image 2 | FROM golang:1.23-alpine AS base 3 | 4 | ENV PATH=${PATH}:/usr/local/bin 5 | 6 | RUN apk update && apk add --no-cache \ 7 | nodejs \ 8 | npm \ 9 | && npm install -g corepack \ 10 | && node -v \ 11 | && npm -v \ 12 | && rm -rf /var/cache/apk/* 13 | 14 | 15 | 16 | # cdxgen-image 17 | FROM base AS cdxgen 18 | 19 | LABEL maintainer="CycloneDX" \ 20 | org.opencontainers.image.authors="Team AppThreat " \ 21 | org.opencontainers.image.source="https://github.com/CycloneDX/cdxgen" \ 22 | org.opencontainers.image.url="https://github.com/CycloneDX/cdxgen" \ 23 | org.opencontainers.image.version="rolling" \ 24 | org.opencontainers.image.vendor="CycloneDX" \ 25 | org.opencontainers.image.licenses="Apache-2.0" \ 26 | org.opencontainers.image.title="cdxgen" \ 27 | org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for go apps" \ 28 | org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-alpine-golang123:v11 -r /app --server" 29 | 30 | ENV CDXGEN_IN_CONTAINER=true \ 31 | NODE_COMPILE_CACHE="/opt/cdxgen-node-cache" \ 32 | PATH=${PATH}:/usr/local/bin:/opt/cdxgen/node_modules/.bin 33 | 34 | COPY . /opt/cdxgen 35 | 36 | RUN cd /opt/cdxgen && corepack enable && corepack pnpm install --config.strict-dep-builds=true --prod --no-optional --package-import-method copy --frozen-lockfile && corepack pnpm cache delete \ 37 | && npm uninstall -g corepack \ 38 | && apk del npm \ 39 | && mkdir -p ${NODE_COMPILE_CACHE} \ 40 | && node /opt/cdxgen/bin/cdxgen.js --help \ 41 | && rm -rf /root/.cache/node \ 42 | && chmod a-w -R /opt 43 | WORKDIR /app 44 | ENTRYPOINT ["node", "/opt/cdxgen/bin/cdxgen.js"] -------------------------------------------------------------------------------- /ci/images/alpine/Dockerfile.golang124: -------------------------------------------------------------------------------- 1 | # Base-image 2 | FROM golang:1.24-alpine AS base 3 | 4 | ENV PATH=${PATH}:/usr/local/bin 5 | 6 | RUN apk update && apk add --no-cache \ 7 | nodejs \ 8 | npm \ 9 | && npm install -g corepack \ 10 | && node -v \ 11 | && npm -v \ 12 | && rm -rf /var/cache/apk/* 13 | 14 | 15 | 16 | # cdxgen-image 17 | FROM base AS cdxgen 18 | 19 | LABEL maintainer="CycloneDX" \ 20 | org.opencontainers.image.authors="Team AppThreat " \ 21 | org.opencontainers.image.source="https://github.com/CycloneDX/cdxgen" \ 22 | org.opencontainers.image.url="https://github.com/CycloneDX/cdxgen" \ 23 | org.opencontainers.image.version="rolling" \ 24 | org.opencontainers.image.vendor="CycloneDX" \ 25 | org.opencontainers.image.licenses="Apache-2.0" \ 26 | org.opencontainers.image.title="cdxgen" \ 27 | org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for go apps" \ 28 | org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-alpine-golang124:v11 -r /app --server" 29 | 30 | ENV CDXGEN_IN_CONTAINER=true \ 31 | NODE_COMPILE_CACHE="/opt/cdxgen-node-cache" \ 32 | PATH=${PATH}:/usr/local/bin:/opt/cdxgen/node_modules/.bin 33 | 34 | COPY . /opt/cdxgen 35 | 36 | RUN cd /opt/cdxgen && corepack enable && corepack pnpm install --config.strict-dep-builds=true --prod --no-optional --package-import-method copy --frozen-lockfile && corepack pnpm cache delete \ 37 | && npm uninstall -g corepack \ 38 | && apk del npm \ 39 | && mkdir -p ${NODE_COMPILE_CACHE} \ 40 | && node /opt/cdxgen/bin/cdxgen.js --help \ 41 | && rm -rf /root/.cache/node \ 42 | && chmod a-w -R /opt 43 | WORKDIR /app 44 | ENTRYPOINT ["node", "/opt/cdxgen/bin/cdxgen.js"] -------------------------------------------------------------------------------- /ci/images/nuget/Lucene.Net.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/ci/images/nuget/Lucene.Net.dll -------------------------------------------------------------------------------- /ci/images/nuget/Microsoft.Web.XmlTransform.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/ci/images/nuget/Microsoft.Web.XmlTransform.dll -------------------------------------------------------------------------------- /ci/images/nuget/NuGet-COPYRIGHT.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) .NET Foundation. All rights reserved. 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); you may not use 4 | these files except in compliance with the License. You may obtain a copy of the 5 | License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software distributed 10 | under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 11 | CONDITIONS OF ANY KIND, either express or implied. See the License for the 12 | specific language governing permissions and limitations under the License. 13 | -------------------------------------------------------------------------------- /ci/images/nuget/NuGet.Commands.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/ci/images/nuget/NuGet.Commands.dll -------------------------------------------------------------------------------- /ci/images/nuget/NuGet.Common.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/ci/images/nuget/NuGet.Common.dll -------------------------------------------------------------------------------- /ci/images/nuget/NuGet.Configuration.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/ci/images/nuget/NuGet.Configuration.dll -------------------------------------------------------------------------------- /ci/images/nuget/NuGet.DependencyResolver.Core.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/ci/images/nuget/NuGet.DependencyResolver.Core.dll -------------------------------------------------------------------------------- /ci/images/nuget/NuGet.Frameworks.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/ci/images/nuget/NuGet.Frameworks.dll -------------------------------------------------------------------------------- /ci/images/nuget/NuGet.Indexing.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/ci/images/nuget/NuGet.Indexing.dll -------------------------------------------------------------------------------- /ci/images/nuget/NuGet.LibraryModel.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/ci/images/nuget/NuGet.LibraryModel.dll -------------------------------------------------------------------------------- /ci/images/nuget/NuGet.PackageManagement.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/ci/images/nuget/NuGet.PackageManagement.dll -------------------------------------------------------------------------------- /ci/images/nuget/NuGet.Packaging.Core.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/ci/images/nuget/NuGet.Packaging.Core.dll -------------------------------------------------------------------------------- /ci/images/nuget/NuGet.Packaging.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/ci/images/nuget/NuGet.Packaging.dll -------------------------------------------------------------------------------- /ci/images/nuget/NuGet.ProjectModel.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/ci/images/nuget/NuGet.ProjectModel.dll -------------------------------------------------------------------------------- /ci/images/nuget/NuGet.Protocol.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/ci/images/nuget/NuGet.Protocol.dll -------------------------------------------------------------------------------- /ci/images/nuget/NuGet.Resolver.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/ci/images/nuget/NuGet.Resolver.dll -------------------------------------------------------------------------------- /ci/images/nuget/NuGet.Versioning.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/ci/images/nuget/NuGet.Versioning.dll -------------------------------------------------------------------------------- /ci/images/nuget/README.md: -------------------------------------------------------------------------------- 1 | # nuget-binary 2 | 3 | The contents in this folder were copied from [nuget-binary 4.3.1](https://github.com/mono/nuget-binary/tree/4.3.1) 4 | -------------------------------------------------------------------------------- /ci/images/nuget/nuget.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/ci/images/nuget/nuget.exe -------------------------------------------------------------------------------- /ci/nydusd-config.fusedev.json: -------------------------------------------------------------------------------- 1 | { 2 | "device": { 3 | "backend": { 4 | "type": "registry", 5 | "config": { 6 | "scheme": "", 7 | "skip_verify": true, 8 | "timeout": 5, 9 | "connect_timeout": 5, 10 | "retry_limit": 4, 11 | "auth": "" 12 | } 13 | }, 14 | "cache": { 15 | "type": "blobcache", 16 | "config": { 17 | "work_dir": "cache" 18 | } 19 | } 20 | }, 21 | "mode": "direct", 22 | "digest_validate": false, 23 | "iostats_files": false, 24 | "enable_xattr": true, 25 | "fs_prefetch": { 26 | "enable": true, 27 | "threads_count": 4 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /contrib/README.md: -------------------------------------------------------------------------------- 1 | # Useful scripts 2 | 3 | ## Validate SBOM using jsonschema 4 | 5 | ```shell 6 | python bom-validate.py --json ../test/data/vuln-spring-1.5.bom.json 7 | ``` 8 | 9 | ## Generate wrapdb releases 10 | 11 | ```shell 12 | git clone https://github.com/mesonbuild/wrapdb --depth=1 13 | cd wrapdb 14 | python /contrib/wrapdb.py 15 | ``` 16 | 17 | Copy the generated wrapdb-releases.json to the `data` directory. 18 | -------------------------------------------------------------------------------- /contrib/bom-signer/README.md: -------------------------------------------------------------------------------- 1 | # Signed BOMs 2 | 3 | BOMs generated by cdxgen for the released artifacts are signed with a default private key (stored as a repository secret). Use the public key in this directory to verify the BOMs. 4 | 5 | ```shell 6 | export SBOM_SIGN_ALGORITHM=RS512 7 | export SBOM_SIGN_PUBLIC_KEY=public.key 8 | 9 | cdx-verify -i bom.json --public-key /path/to/public.key 10 | ``` 11 | 12 | NOTE: This is not a security feature. We might rotate the keys now and then, but have no plans to implement default signing with a global key, etc. 13 | -------------------------------------------------------------------------------- /contrib/bom-signer/public.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA23S+2POBMLWIDxblvr3H 3 | LKgcxCj5r+ZOg477w9jlbyTtM58Tznn25erRL8UUlck2qTwXQrtZRVZzg+mtpLRF 4 | Q7udbWeobnBGBLTWUh/asE5620jGhR/COYC9l/llJUGkATOvvjqcf+KTTtrktHSA 5 | N/tm666fgjJ8lPXg0VRg9+zwnrg+ftlv9+Mbly/9kh9BrBWQswtGdB38Z49X6DZ+ 6 | qjTU5aWN9Tp8Ajkm85SZdmmQjQX951hpuWTluCkbnKYJO9ZvfLghGBb23Zq4AI1v 7 | tZwi82iSv2tiNsGSUK7Oq2Mws2ODHQBZzA9pKCdjSz7i28bL16absqbRJOrCieum 8 | m4jNl9hsPMTsWTuvpab+VmsoeVEpvohBHGXC1k55ofAgsh30BxwtG2nXLHWXfpNy 9 | TDJbOztJfHgKFKtJTRpWxAx4j46qElvw5nii45DrkYZlML3i1AWp9LzcKat0HRP2 10 | 6anhZ2Gg9Et6dmzXQIQvuBKuK6dSTm6vfO1TbG7QzAth1fA+PLU/qQ9E1pCynVdN 11 | F/9g2irW5XhocVa+EGcz+Kco3zZeBO9z34X0ciboSHVP6CPNTnApM3dzhABi3+1s 12 | aviOY+QtAxQ9nfrI9igozzEr2M3UT6b6wmZYScTy8+NWvYW13HQ+wSNk43RNa5Ox 13 | zoSF15w60UWZtt7GRkv9AM0CAwEAAQ== 14 | -----END PUBLIC KEY----- 15 | -------------------------------------------------------------------------------- /contrib/bom-validate.py: -------------------------------------------------------------------------------- 1 | import argparse 2 | import json 3 | import os 4 | import sys 5 | from jsonschema import validate 6 | from jsonschema.exceptions import ValidationError 7 | 8 | 9 | def build_args(): 10 | """ 11 | Constructs command line arguments for the comparison tool 12 | """ 13 | parser = argparse.ArgumentParser( 14 | description="Validate SBOM files against BOM 1.5 schema." 15 | ) 16 | parser.add_argument( 17 | "--json", 18 | dest="bom_json", 19 | default="bom.json", 20 | help="bom json file.", 21 | ) 22 | return parser.parse_args() 23 | 24 | 25 | def vsbom(bom_json): 26 | schema = os.path.join(os.path.dirname(__file__), "bom-1.5.schema.json") 27 | with open(schema, mode="r", encoding="utf-8") as sp: 28 | with open(bom_json, mode="r", encoding="utf-8") as vp: 29 | vex_obj = json.load(vp) 30 | try: 31 | validate(instance=vex_obj, schema=json.load(sp)) 32 | print("SBOM file is valid") 33 | except ValidationError as ve: 34 | print(ve) 35 | sys.exit(1) 36 | 37 | 38 | def main(): 39 | args = build_args() 40 | vsbom(args.bom_json) 41 | 42 | 43 | if __name__ == "__main__": 44 | main() 45 | -------------------------------------------------------------------------------- /contrib/bulk-generate/README.md: -------------------------------------------------------------------------------- 1 | # Introduction 2 | 3 | This is a script to generate SBOMs for multiple git repos using cdxgen container images. 4 | 5 | ## Usage 6 | 7 | ```shell 8 | node index.js 9 | ``` 10 | 11 | ## Example csv file 12 | 13 | ``` 14 | project,link,commit,image,language,cdxgen_vars 15 | astro,https://github.com/withastro/astro.git,9d6bcdb88fcb9df0c5c70e2b591bcf962ce55f63,ghcr.io/cyclonedx/cdxgen-node20:v11,js,, 16 | ``` 17 | -------------------------------------------------------------------------------- /contrib/cdx1/REPORT.md: -------------------------------------------------------------------------------- 1 | # Abstract 2 | 3 | We present [cdx1][cdx1-collection], a family of language models developed and tuned using a custom high-quality dataset designed to mimic the expertise of a skilled DevOps, xBOM, and CycloneDX professional. We strategically generated accurate synthetic data using a teacher model (specifically, Google Gemini Experimental) to fine-tune a base model (unsloth/phi-4) and ensure that cdx1 substantially surpasses its teacher model in xBOM and CycloneDX-related QA capabilities. 4 | 5 | ## Approach to Data 6 | 7 | ### Semantic Learning with Structured Data 8 | 9 | We created [cdx-docs](https://huggingface.co/datasets/CycloneDX/cdx-docs), a curated dataset comprising technical documentation, authoritative OWASP guides, and interpretations of CycloneDX Generator (cdxgen) source code. We used a novel synthetic data generation technique by prompting and rewarding a teacher model to generate precise data suitable for a junior engineer (cdx1 model) to learn the nuances and semantics of the target domain. 10 | 11 | ### Alignment with Inference 12 | 13 | During the training phase, we reviewed and improved the training dataset to ensure that the context during generation is aligned with the data used for tuning. This alignment helps the model learn the nuances and complexity of the domain. 14 | 15 | ## Benchmarking Considerations 16 | 17 | TBD 18 | 19 | ## Performance on xBOMEval 20 | 21 | TBD 22 | 23 | ## Safety 24 | 25 | TBD 26 | 27 | ## ML-BOMs 28 | 29 | TBD 30 | 31 | ## Weaknesses 32 | 33 | TBD 34 | 35 | ## Acknowledgments 36 | 37 | TBD 38 | 39 | ## References 40 | 41 | [cdx1-collection]: https://huggingface.co/collections/CycloneDX/cdx1-67a616a859ac0582df99700b 42 | -------------------------------------------------------------------------------- /contrib/cdxgenGPT/media/general-spec-questions.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/contrib/cdxgenGPT/media/general-spec-questions.jpg -------------------------------------------------------------------------------- /contrib/cdxgenGPT/media/grok2-test1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/contrib/cdxgenGPT/media/grok2-test1.jpg -------------------------------------------------------------------------------- /contrib/cdxgenGPT/media/grok2-test2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/contrib/cdxgenGPT/media/grok2-test2.jpg -------------------------------------------------------------------------------- /contrib/cdxgenGPT/media/open-router-config.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/contrib/cdxgenGPT/media/open-router-config.jpg -------------------------------------------------------------------------------- /contrib/deno/README.md: -------------------------------------------------------------------------------- 1 | # Introduction 2 | 3 | This folder demonstrates the following: 4 | 5 | - Using deno to develop and build cdxgen 6 | - Using cdxgen as a library to build custom SBOM tool. 7 | 8 | ## Installation 9 | 10 | Install deno by following the [instructions](https://docs.deno.com/runtime/manual/) for your OS 11 | 12 | ## Develop and build cdxgen 13 | 14 | ```shell 15 | deno run --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,homedir --allow-write --allow-net main.ts 16 | ``` 17 | 18 | ### Produce native builds 19 | 20 | Use the `exe` task. 21 | 22 | ``` 23 | deno task exe 24 | ``` 25 | 26 | ## Use cdxgen as a library 27 | 28 | Take a look at deps.ts and main.ts for a simple example that builds a cli tool on top of the npm package. 29 | -------------------------------------------------------------------------------- /contrib/deno/deps.ts: -------------------------------------------------------------------------------- 1 | export { createBom, submitBom } from "jsr:@cyclonedx/cdxgen@10"; 2 | export { parse } from "https://deno.land/std@0.217.0/flags/mod.ts"; 3 | // Automatically loads .env file 4 | import "https://deno.land/std@0.217.0/dotenv/load.ts"; 5 | -------------------------------------------------------------------------------- /contrib/deno/main.ts: -------------------------------------------------------------------------------- 1 | import { createBom, parse } from "./deps.ts"; 2 | 3 | const args = parse(Deno.args); 4 | const filePath = (args._[0] as string) || "."; 5 | 6 | console.log("Invoking createBom with args", filePath, args); 7 | const bomNSData = await createBom(filePath, args); 8 | console.log(bomNSData.bomJson); 9 | -------------------------------------------------------------------------------- /contrib/dependency-track/README.md: -------------------------------------------------------------------------------- 1 | # Introduction 2 | 3 | This docker compose file would start the following services useful for testing purposes. 4 | 5 | - cdxgen server 6 | - Dependency Track API with UI 7 | -------------------------------------------------------------------------------- /contrib/fine-tuning/.gitignore: -------------------------------------------------------------------------------- 1 | dataset/ 2 | adapters/ 3 | out.txt 4 | unsloth/ 5 | CycloneDX/ 6 | -------------------------------------------------------------------------------- /contrib/fine-tuning/Modelfile: -------------------------------------------------------------------------------- 1 | FROM ./cdx1-gguf-q8_0.gguf 2 | 3 | PARAMETER num_ctx 16000 4 | PARAMETER temperature 0.05 5 | 6 | SYSTEM """You are a helpful assistant to the user.""" 7 | 8 | LICENSE """ 9 | apache-2.0 10 | """ 11 | -------------------------------------------------------------------------------- /contrib/fine-tuning/cdxgen-docs/lesson1.jsonl: -------------------------------------------------------------------------------- 1 | {"messages": [{"role": "user", "content": "What is the learning objective of this lesson?"}, {"role": "assistant", "content": "To learn about generating an SBOM with reachable evidence for Dependency-Track, a Java application."}]} 2 | {"messages": [{"role": "user", "content": "What are the prerequisites for this lesson?"}, {"role": "assistant", "content": "Java >= 21, Maven, and Node.js > 20 must be installed."}]} 3 | {"messages": [{"role": "user", "content": "How do I install cdxgen?"}, {"role": "assistant", "content": "Run the command sudo npm install -g @cyclonedx/cdxgen."}]} 4 | {"messages": [{"role": "user", "content": "How do I clone and compile Dependency-Track?"}, {"role": "assistant", "content": "Run the following commands: git clone https://github.com/DependencyTrack/dependency-track, cd dependency-track, mvn clean compile -P clean-exclude-wars -P enhance -P embedded-jetty -DskipTests."}]} 5 | {"messages": [{"role": "user", "content": "How do I create an SBOM with the research profile for Dependency-Track?"}, {"role": "assistant", "content": "Navigate to the dependency-track directory and run cdxgen -o bom.json -t java --profile research . -p."}]} 6 | {"messages": [{"role": "user", "content": "What will the resulting BOM file include?", "role": "assistant", "content": "The resulting BOM file would include components with the occurrence and call stack evidence."}]} -------------------------------------------------------------------------------- /contrib/fine-tuning/prepare.js: -------------------------------------------------------------------------------- 1 | import { mkdirSync, readFileSync, writeFileSync } from "node:fs"; 2 | import { join } from "node:path"; 3 | import process from "node:process"; 4 | 5 | import { dirNameStr, getAllFiles } from "../../lib/helpers/utils.js"; 6 | const jsonlFiles = getAllFiles(dirNameStr, "**/*.jsonl", { 7 | exclude: ["**/{train, valid}.jsonl"], 8 | }); 9 | let datasetDir = "dataset"; 10 | const argv = process.argv.slice(2); 11 | if (argv.length > 1) { 12 | datasetDir = argv[1]; 13 | } 14 | 15 | const TRAIN_FILE = join(datasetDir, "train.jsonl"); 16 | const VALID_FILE = join(datasetDir, "valid.jsonl"); 17 | const trainData = []; 18 | const validData = []; 19 | 20 | for (const jf of jsonlFiles) { 21 | const lines = readFileSync(jf, "utf-8"); 22 | // Ignore empty lines 23 | if (!lines.trim().length) { 24 | continue; 25 | } 26 | trainData.push(lines); 27 | if (jf.includes("cdxgen-docs") || jf.includes("cli") || jf.includes("semantics")) { 28 | validData.push(lines); 29 | } 30 | } 31 | 32 | mkdirSync(datasetDir, { recursive: true }); 33 | if (trainData.length) { 34 | writeFileSync(TRAIN_FILE, trainData.join("\n")); 35 | } 36 | if (validData.length) { 37 | writeFileSync(VALID_FILE, validData.join("\n")); 38 | } 39 | -------------------------------------------------------------------------------- /contrib/fine-tuning/upload-hf.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | export HF_HUB_ENABLE_HF_TRANSFER=0 4 | export HF_HUB_DISABLE_TELEMETRY=1 5 | export HF_HUB_DISABLE_PROGRESS_BARS=1 6 | HF_ORG=CycloneDX 7 | TUNING_TOOL=mlx 8 | TOOL_BASE_MODEL=cdx1 9 | FUSED_MODEL=${HF_ORG}/${TOOL_BASE_MODEL}-${TUNING_TOOL} 10 | QUANT_MODEL_8BIT=${HF_ORG}/${TOOL_BASE_MODEL}-${TUNING_TOOL}-8bit 11 | QUANT_MODEL_6BIT=${HF_ORG}/${TOOL_BASE_MODEL}-${TUNING_TOOL}-6bit 12 | QUANT_MODEL_4BIT=${HF_ORG}/${TOOL_BASE_MODEL}-${TUNING_TOOL}-4bit 13 | 14 | huggingface-cli whoami 15 | 16 | echo "Uploading datasets" 17 | huggingface-cli upload --quiet --repo-type dataset CycloneDX/cdx-docs ./cdxgen-docs cdxgen-docs 18 | huggingface-cli upload --quiet --repo-type dataset CycloneDX/cdx-docs ./guides guides 19 | huggingface-cli upload --quiet --repo-type dataset CycloneDX/cdx-docs ./semantics semantics 20 | 21 | echo "Uploading models. Please wait ..." 22 | huggingface-cli upload --quiet --repo-type model ${QUANT_MODEL_8BIT} ./${QUANT_MODEL_8BIT} . 23 | huggingface-cli upload --quiet --repo-type model ${QUANT_MODEL_6BIT} ./${QUANT_MODEL_6BIT} . 24 | huggingface-cli upload --quiet --repo-type model ${QUANT_MODEL_4BIT} ./${QUANT_MODEL_4BIT} . 25 | 26 | huggingface-cli upload --quiet --repo-type model ${FUSED_MODEL} ./${FUSED_MODEL} . 27 | -------------------------------------------------------------------------------- /contrib/fine-tuning/validator.js: -------------------------------------------------------------------------------- 1 | import { readFileSync } from "node:fs"; 2 | import { dirNameStr, getAllFiles } from "../../lib/helpers/utils.js"; 3 | let datasetDir = dirNameStr; 4 | const argv = process.argv.slice(2); 5 | if (argv.length > 1) { 6 | datasetDir = argv[1]; 7 | } 8 | 9 | const jsonlFiles = getAllFiles(datasetDir, "**/*.jsonl"); 10 | const failures = {}; 11 | for (const jf of jsonlFiles) { 12 | const failedLines = []; 13 | const lines = readFileSync(jf, "utf-8"); 14 | for (const ajson of lines.split("\n")) { 15 | try { 16 | JSON.parse(ajson); 17 | } catch (e) { 18 | failedLines.push(ajson); 19 | } 20 | } 21 | if (failedLines.length) { 22 | failures[jf] = failedLines; 23 | } else { 24 | console.log(jf, "is valid!"); 25 | } 26 | } 27 | 28 | if (Object.keys(failures).length) { 29 | console.log("=== VALIDATION FAILED ==="); 30 | console.log(failures); 31 | } 32 | -------------------------------------------------------------------------------- /contrib/flatpak/sources.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "type": "script", 4 | "commands": [], 5 | "dest-filename": "patch.sh", 6 | "dest": "flatpak-node" 7 | }, 8 | { 9 | "type": "script", 10 | "commands": ["$FLATPAK_BUILDER_BUILDDIR/flatpak-node/patch.sh"], 11 | "dest-filename": "patch-all.sh", 12 | "dest": "flatpak-node" 13 | }, 14 | { 15 | "type": "script", 16 | "commands": [ 17 | "version=$(node --version | sed \"s/^v//\")", 18 | "nodedir=$(dirname \"$(dirname \"$(which node)\")\")", 19 | "mkdir -p \"flatpak-node/cache/node-gyp/$version\"", 20 | "ln -s \"$nodedir/include\" \"flatpak-node/cache/node-gyp/$version/include\"", 21 | "echo 9 > \"flatpak-node/cache/node-gyp/$version/installVersion\"" 22 | ], 23 | "dest-filename": "setup_sdk_node_headers.sh", 24 | "dest": "flatpak-node" 25 | }, 26 | { 27 | "type": "shell", 28 | "commands": [ 29 | "FLATPAK_BUILDER_BUILDDIR=$PWD flatpak-node/patch-all.sh", 30 | "bash flatpak-node/setup_sdk_node_headers.sh" 31 | ] 32 | } 33 | ] 34 | -------------------------------------------------------------------------------- /contrib/lima/cdxgen-alpine.yaml: -------------------------------------------------------------------------------- 1 | images: 2 | - location: https://github.com/AppThreat/alpine-lima/releases/download/v0.3.0/alpine-lima-std-3.22.0-x86_64.iso 3 | arch: x86_64 4 | digest: sha512:5583a58b163c7111f9507cc7c285b0522e76b0031f6767b450e3ad06941f50958cc723c29623865a9074d73805dff031fd02db4944aafb31a6e379a2723212b5 5 | 6 | - location: https://github.com/AppThreat/alpine-lima/releases/download/v0.3.0/alpine-lima-std-3.22.0-aarch64.iso 7 | arch: aarch64 8 | digest: sha512:5e966183c1d81ff73943304c88921084a84a59fe85413505645533bb1531426373b45a0eaa64f80a3d7c80bb7206a97da4d0532ae4b642e7f641caa54cdcd35c 9 | mounts: 10 | - location: "~" 11 | - location: "/tmp/cdxgen" 12 | writable: true 13 | containerd: 14 | system: false 15 | user: false 16 | provision: 17 | - mode: dependency 18 | skipDefaultDependencyResolution: false 19 | script: | 20 | #!/bin/bash 21 | set -eux -o pipefail 22 | apk update 23 | apk add --no-cache \ 24 | zip unzip wget binutils git gnupg curl tar \ 25 | build-base musl-dev libedit libxml2-dev ncurses-dev z3-dev pkgconfig tzdata zlib-dev curl-dev sqlite-libs libstdc++ \ 26 | python3 python3-dev py3-pip poetry uv \ 27 | openjdk21 maven cargo go ruby ruby-bundler docker docker-cli docker-cli-buildx docker-cli-compose nerdctl \ 28 | maven gradle nodejs npm pnpm android-tools 29 | probes: 30 | - script: | 31 | #!/bin/bash 32 | set -eux -o pipefail 33 | if ! timeout 30s bash -c "until command -v docker >/dev/null 2>&1; do sleep 3; done"; then 34 | echo >&2 "docker is not installed yet" 35 | exit 1 36 | fi 37 | hint: See "/var/log/cloud-init-output.log". in the guest 38 | -------------------------------------------------------------------------------- /contrib/py-modules.py: -------------------------------------------------------------------------------- 1 | # https://stackoverflow.com/questions/8808714/how-can-i-access-the-list-of-modules-that-pythons-helpmodules-displays 2 | from pydoc import ModuleScanner 3 | 4 | modules = [] 5 | 6 | 7 | def callback(path, modname, desc, modules=modules): 8 | if modname and modname[-9:] == ".__init__": 9 | modname = modname[:-9] + " (package)" 10 | if modname.find(".") < 0: 11 | modules.append(modname.lower()) 12 | 13 | 14 | def onerror(modname): 15 | callback(None, modname, None) 16 | 17 | 18 | ModuleScanner().run(callback, onerror=onerror) 19 | print (modules) 20 | -------------------------------------------------------------------------------- /contrib/requirements.txt: -------------------------------------------------------------------------------- 1 | jsonschema 2 | -------------------------------------------------------------------------------- /contrib/wrapdb.py: -------------------------------------------------------------------------------- 1 | # pip install natsort 2 | from configparser import RawConfigParser 3 | import json 4 | import re 5 | from pathlib import Path 6 | from natsort import natsorted 7 | 8 | with open("releases.json") as rfp: 9 | releases_data = json.load(rfp) 10 | wrap_data = {} 11 | wrap_files = Path(".").glob(r"**/*.wrap") 12 | wrap_files = natsorted(wrap_files, key=str) 13 | for awrap in wrap_files: 14 | name = awrap.name.replace(".wrap", "") 15 | config = RawConfigParser() 16 | config.read(awrap) 17 | metadata = config["wrap-file"] 18 | provides = [] 19 | if "provide" in config.sections(): 20 | provides = natsorted([k for k in config["provide"]], key=str) 21 | wrap_data[name] = { 22 | "name_with_version": metadata.get("directory", ""), 23 | "analyzed_version": re.sub( 24 | r"^" + name + "-", "", metadata.get("directory", "") 25 | ), 26 | "analyzed_source_url": metadata.get("source_url", ""), 27 | "analyzed_source_filename": metadata.get("source_filename", ""), 28 | "analyzed_source_hash": metadata.get("source_hash", ""), 29 | "PkgProvides": provides, 30 | "available_versions": releases_data.get(name, {}).get("versions"), 31 | } 32 | 33 | with open("wrapdb-releases.json", mode="w") as fp: 34 | json.dump(wrap_data, fp) 35 | -------------------------------------------------------------------------------- /contrib/xBOMEval/README.md: -------------------------------------------------------------------------------- 1 | # Introduction 2 | 3 | -------------------------------------------------------------------------------- /contrib/xBOMEval/tests/logic/purl1.toml: -------------------------------------------------------------------------------- 1 | title = "Who knows purl better?" 2 | 3 | prompt = ''' 4 | What is the package URL type for Node applications? Alice says it is 'pkg:node', while Bob claims it is 'pkg:npm'. Meanwhile, Peter believes it could be 'pkg:npm', 'pkg:yarn', or 'pkg:pnpm', depending on the package manager. 5 | ''' 6 | 7 | human_answer = ''' 8 | ''' 9 | 10 | teacher_model_answer = ''' 11 | ''' 12 | -------------------------------------------------------------------------------- /contrib/xBOMEval/tests/standards/cyclonedx1.toml: -------------------------------------------------------------------------------- 1 | title = "Software transparency" 2 | 3 | prompt = ''' 4 | Why do we need Software transparency? 5 | ''' 6 | 7 | human_answer = ''' 8 | ''' 9 | 10 | teacher_model_answer = ''' 11 | ''' 12 | 13 | -------------------------------------------------------------------------------- /data/cosdb-queries.json: -------------------------------------------------------------------------------- 1 | { 2 | "deb_packages": { 3 | "query": "select * from deb_packages where name like '%dev%' OR name like '%header%';", 4 | "description": "Retrieves all the installed DEB packages in the target Linux system.", 5 | "purlType": "deb" 6 | }, 7 | "portage_packages": { 8 | "query": "select * from portage_packages where package like '%dev%' OR package like '%header%';", 9 | "description": "Retrieves all the installed packages on the target Linux system.", 10 | "purlType": "ebuild" 11 | }, 12 | "rpm_packages": { 13 | "query": "select * from rpm_packages where name like '%dev%' OR name like '%header%';", 14 | "description": "Retrieves all the installed RPM packages in the target Linux system.", 15 | "purlType": "rpm" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /data/glibc-stdlib.json: -------------------------------------------------------------------------------- 1 | [ 2 | "algorithm", 3 | "iomanip", 4 | "list", 5 | "ostream", 6 | "streambuf", 7 | "bitset", 8 | "ios", 9 | "locale", 10 | "queue", 11 | "string", 12 | "complex", 13 | "iosfwd", 14 | "map", 15 | "set", 16 | "typeinfo", 17 | "deque", 18 | "iostream", 19 | "memory", 20 | "sstream", 21 | "utility", 22 | "exception", 23 | "istream", 24 | "new", 25 | "stack", 26 | "valarray", 27 | "fstream", 28 | "iterator", 29 | "numeric", 30 | "stdexcept", 31 | "vector", 32 | "functional", 33 | "limits", 34 | "debugging", 35 | "inplace_vector", 36 | "linalg", 37 | "rcu", 38 | "text_encoding", 39 | "hazard_pointer", 40 | "expected", 41 | "flat_set", 42 | "mdspan", 43 | "spanstream", 44 | "stdfloat", 45 | "flat_map", 46 | "generator", 47 | "print", 48 | "stacktrace", 49 | "barrier", 50 | "concepts", 51 | "latch", 52 | "semaphore", 53 | "stop_token", 54 | "bit", 55 | "coroutine", 56 | "numbers", 57 | "source_location", 58 | "syncstream", 59 | "compare", 60 | "format", 61 | "ranges", 62 | "span", 63 | "version", 64 | "any", 65 | "execution", 66 | "memory_resource", 67 | "string_view", 68 | "variant", 69 | "charconv", 70 | "filesystem", 71 | "optional", 72 | "shared_mutex", 73 | "array", 74 | "condition_variable", 75 | "mutex", 76 | "scoped_allocator", 77 | "type_traits", 78 | "atomic", 79 | "forward_list", 80 | "random", 81 | "system_error", 82 | "typeindex", 83 | "chrono", 84 | "future", 85 | "ratio", 86 | "thread", 87 | "unordered_map", 88 | "codecvt", 89 | "initializer_list", 90 | "regex", 91 | "tuple", 92 | "unordered_set", 93 | "cassert", 94 | "cctype", 95 | "cerrno", 96 | "cfenv", 97 | "cfloat", 98 | "cinttypes", 99 | "ciso646", 100 | "climits", 101 | "clocale", 102 | "cmath", 103 | "csetjmp", 104 | "csignal", 105 | "cstdarg", 106 | "cstdbool", 107 | "cstddef", 108 | "cstdint", 109 | "cstdio", 110 | "cstdlib", 111 | "cstring", 112 | "ctgmath", 113 | "ctime", 114 | "cuchar", 115 | "cwchar", 116 | "cwctype" 117 | ] 118 | -------------------------------------------------------------------------------- /data/helpers/init.gradle: -------------------------------------------------------------------------------- 1 | gradle.taskGraph.whenReady { 2 | gradle.includedBuilds.each { includedBuild -> 3 | println ":${includedBuild.name}" 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /data/templates/README.md: -------------------------------------------------------------------------------- 1 | Content copied from https://github.com/CycloneDX/official-3rd-party-standards available under CC0-1.0 2 | 3 | Individual templates use a range of licenses. Refer to the `metadata.licenses` attribute. 4 | -------------------------------------------------------------------------------- /data/vendor-alias.json: -------------------------------------------------------------------------------- 1 | { 2 | "commons-": "org.apache.commons", 3 | "spring-": "org.springframework", 4 | "jackson-dataformat-": "com.fasterxml.jackson.dataformat", 5 | "jackson-databind": "com.fasterxml.jackson.core", 6 | "jackson-core": "com.fasterxml.jackson.core", 7 | "jackson-annotations": "com.fasterxml.jackson.core", 8 | "jackson-jaxrs-": "com.fasterxml.jackson.jaxrs", 9 | "spring.boot": "org.springframework.boot" 10 | } 11 | -------------------------------------------------------------------------------- /devenv.yaml: -------------------------------------------------------------------------------- 1 | allowUnfree: true 2 | 3 | inputs: 4 | nixpkgs: 5 | url: github:cachix/devenv-nixpkgs/rolling 6 | nixpkgs-python: 7 | url: github:cachix/nixpkgs-python 8 | inputs: 9 | nixpkgs: 10 | follows: nixpkgs 11 | nixpkgs-ruby: 12 | url: github:bobvanderlinden/nixpkgs-ruby 13 | inputs: 14 | nixpkgs: 15 | follows: nixpkgs 16 | nixpkgs-unstable: 17 | url: github:nixos/nixpkgs/nixpkgs-unstable -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | name: cdxgen 2 | 3 | services: 4 | cdxgen: 5 | # For custom builds, use the annotations to describe the pedigree.variants 6 | annotations: 7 | org.opencontainers.image.vendor: cyclonedx 8 | org.opencontainers.image.licenses: Apache-2.0 9 | org.opencontainers.image.title: cdxgen 10 | environment: 11 | - NODE_COMPILE_CACHE=/tmp/cdxgen-node-cache # Using compile cache improves cold start performance 12 | - FETCH_LICENSE=false # Set this to true to always include license 13 | - CDXGEN_DEBUG_MODE=info # Set this to debug to get more console output 14 | build: 15 | dockerfile: ./ci/Dockerfile 16 | context: . 17 | # image: ghcr.io/cyclonedx/cdxgen 18 | ports: 19 | - "9090:9090" 20 | volumes: 21 | - $HOME:/app # Set this to your directory containing sources 22 | - /tmp:/tmp 23 | command: cdxgen --server --server-host 0.0.0.0 --server-port 9090 24 | -------------------------------------------------------------------------------- /docs/.nojekyll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/docs/.nojekyll -------------------------------------------------------------------------------- /docs/GETTING_STARTED.md: -------------------------------------------------------------------------------- 1 | --- 2 | position: 2 3 | title: Getting Started with Development 4 | --- 5 | 6 | # Getting Started (Development) 7 | 8 | This is a comprehensive guide to contributing for developers of all experience level. 9 | 10 | ## Setting up the Development Environment 11 | 12 | Here are steps to clone and run cdxgen locally. 13 | 14 | Clone `CycloneDX/cdxgen` project repository. 15 | 16 | ```bash 17 | git clone https://github.com/CycloneDX/cdxgen 18 | cd cdxgen 19 | 20 | corepack enable pnpm 21 | pnpm install --config.strict-dep-builds=true 22 | pnpm test 23 | ``` 24 | 25 | ## devenv setup 26 | 27 | Install devenv by following the official [instructions](https://devenv.sh/getting-started/). 28 | 29 | ```shell 30 | devenv shell 31 | pnpm test 32 | ``` 33 | 34 | ### Language-specific profile 35 | 36 | ```shell 37 | # deno environment 38 | devenv --option config.profile:string deno shell 39 | 40 | # Ruby environment 41 | devenv --option config.profile:string ruby shell 42 | 43 | # dotnet environment 44 | devenv --option config.profile:string dotnet shell 45 | 46 | # android environment 47 | devenv --option config.profile:string android shell 48 | 49 | # flutter environment 50 | devenv --option config.profile:string flutter shell 51 | ``` 52 | 53 | ### Tasks 54 | 55 | ```shell 56 | # Prepare to contribute a PR 57 | devenv tasks run pr:prepare 58 | 59 | # Check for outdated dependencies 60 | devenv tasks run pnpm:outdated 61 | 62 | # Prepare a deno-based environment 63 | devenv tasks run deno:prepare 64 | 65 | # Check if cdxgen and evinse command can work 66 | devenv tasks run deno:checks 67 | 68 | # Create SEA binary 69 | devenv tasks run deno:compile:macos 70 | ``` 71 | -------------------------------------------------------------------------------- /docs/LESSON1.md: -------------------------------------------------------------------------------- 1 | # Create an SBOM with reachable evidence 2 | 3 | ## Learning Objective 4 | 5 | In this lesson, we will learn about generating an SBOM with reachable evidence for Dependency-Track, a Java application. 6 | 7 | ## Pre-requisites 8 | 9 | Ensure the following tools are installed. 10 | 11 | ``` 12 | Java >= 21 13 | Maven 14 | Node.js > 20 15 | ``` 16 | 17 | ## Getting started 18 | 19 | Install cdxgen 20 | 21 | ```shell 22 | sudo npm install -g @cyclonedx/cdxgen 23 | ``` 24 | 25 | Clone and compile dependency track 26 | 27 | ```shell 28 | git clone https://github.com/DependencyTrack/dependency-track 29 | cd dependency-track 30 | mvn clean compile -P clean-exclude-wars -P enhance -P embedded-jetty -DskipTests 31 | ``` 32 | 33 | Create SBOM with the research profile 34 | 35 | ```shell 36 | cd dependency-track 37 | # Takes around 5 mins 38 | cdxgen -o bom.json -t java --profile research . -p 39 | ``` 40 | 41 | The resulting BOM file would include components with the occurrence and call stack evidence. 42 | -------------------------------------------------------------------------------- /docs/LESSON2.md: -------------------------------------------------------------------------------- 1 | # Create an SBOM with reachable evidence 2 | 3 | ## Learning Objective 4 | 5 | In this lesson, we will learn about generating an SBOM with reachable evidence for two projects. 6 | 7 | 1. Dependency-Track frontend - a JavaScript application. 8 | 2. bionomia - a Ruby application. 9 | 10 | ## Pre-requisites 11 | 12 | Ensure the following tools are installed. 13 | 14 | ``` 15 | Java >= 21 16 | Node.js > 20 17 | ``` 18 | 19 | ## Getting started 20 | 21 | Install cdxgen 22 | 23 | ```shell 24 | sudo npm install -g @cyclonedx/cdxgen 25 | ``` 26 | 27 | Clone 28 | 29 | ```shell 30 | git clone https://github.com/DependencyTrack/frontend 31 | ``` 32 | 33 | Create SBOM with the research profile for JavaScript application. 34 | 35 | ```shell 36 | cd frontend 37 | npm install 38 | # Takes around 5 mins 39 | cdxgen -o bom.json -t js --profile research . -p 40 | ``` 41 | 42 | The resulting BOM file would include components with the occurrence and call stack evidence. 43 | 44 | ### bionomia - Ruby 45 | 46 | In case of the Ruby application, usage of the container image `ghcr.io/cyclonedx/cdxgen-debian-ruby33:v11` is recommended. 47 | 48 | ```shell 49 | git clone https://github.com/bionomia/bionomia 50 | docker run --rm -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-debian-ruby33:v11 -r /app -o /app/bom.json -t ruby --profile research 51 | ``` 52 | 53 | cdxgen would automatically detect the version of Ruby required for this project, install, and generate an SBOM with the occurrence and call stack evidence. 54 | -------------------------------------------------------------------------------- /docs/LESSON3.md: -------------------------------------------------------------------------------- 1 | # Attach signed SBOM to a container image 2 | 3 | ## Learning Objective 4 | 5 | In this lesson, we will learn about signing and attaching a signed SBOM to a container image. 6 | 7 | ## Pre-requisites 8 | 9 | Ensure the following tools are installed. 10 | 11 | - ORAS [CLI](https://oras.land/docs/installation) 12 | - Node.js > 20 13 | - docker or podman 14 | 15 | Additionally, you need to have access to a container registry to push the image. 16 | 17 | ## Getting started 18 | 19 | Install cdxgen 20 | 21 | ```shell 22 | sudo npm install -g @cyclonedx/cdxgen 23 | ``` 24 | 25 | ### Create and Build a container image 26 | 27 | Paste the below contents to a file named `Dockerfile` 28 | 29 | ``` 30 | FROM ubuntu:latest 31 | ``` 32 | 33 | Build and push the image to the registry 34 | 35 | ```shell 36 | docker build -t docker.io//sign-test:latest -f Dockerfile . 37 | docker push docker.io//sign-test:latest 38 | ``` 39 | 40 | ### Create an SBOM with cdxgen 41 | 42 | ```shell 43 | cdxgen --generate-key-and-sign -t docker -o bom.json docker.io//sign-test:latest 44 | oras attach --artifact-type sbom/cyclonedx docker.io//sign-test:latest ./bom.json:application/json 45 | oras discover -o tree docker.io//sign-test:latest 46 | ``` 47 | 48 | To download the SBOM attachment from the OCI image, use the `oras pull` command with the correct digest from the `discover` command. 49 | 50 | ```shell 51 | IMAGE_REF=$(oras discover --format json --artifact-type sbom/cyclonedx docker.io//sign-test:latest | jq -r '.manifests[0].reference') 52 | oras pull $IMAGE_REF -o sbom_output_dir 53 | ls -l sbom_output_dir/bom.json 54 | ``` 55 | -------------------------------------------------------------------------------- /docs/LESSON4.md: -------------------------------------------------------------------------------- 1 | # Standards & Attestations 2 | 3 | ## Learning Objective 4 | 5 | In this lesson, we will learn about generating SBOM based on a security standard template. 6 | 7 | ## Pre-requisites 8 | 9 | Ensure the following tools are installed. 10 | 11 | - Node.js > 20 12 | 13 | ## Getting started 14 | 15 | Install cdxgen 16 | 17 | ```shell 18 | sudo npm install -g @cyclonedx/cdxgen 19 | ``` 20 | 21 | Clone and compile dependency track 22 | 23 | ```shell 24 | git clone https://github.com/DependencyTrack/dependency-track 25 | cd dependency-track 26 | mvn clean compile -P clean-exclude-wars -P enhance -P embedded-jetty -DskipTests 27 | ``` 28 | 29 | Create SBOM with the standard `asvs-4.0.3` 30 | 31 | ```shell 32 | cd dependency-track 33 | cdxgen -o bom.json -t java --standard asvs-4.0.3 34 | ``` 35 | 36 | The resulting BOM file would include `definitions.standards` section containing the requirements for ASVS 4.0.3. 37 | 38 | ## Declarations 39 | 40 | Manually complete the `declarations` section to describe the conformance to standards. Each declaration may include attestations, claims, counter-claims, evidence, and counter-evidence along with conformance and confidence. Signatories can also be declared and support both digital and analog signatures. 41 | -------------------------------------------------------------------------------- /docs/SUPPORT.md: -------------------------------------------------------------------------------- 1 | # Support 2 | 3 | ## Enterprise Support 4 | 5 | Enterprise support, including custom development and integration services, is available via [AppThreat Ltd][appthreat-community]. 6 | 7 | ## Community Support 8 | 9 | Free community support is also available via our [GitHub Discussions][cdxgen-discussions], the [OWASP CycloneDX Slack][cyclonedx-cdxgen-slack], and the [AppThreat Community Chat][appthreat-community]. 10 | 11 | [appthreat-homepage]: https://www.appthreat.com 12 | [cdxgen-discussions]: https://github.com/CycloneDX/cdxgen/discussions 13 | [cyclonedx-cdxgen-slack]: https://cyclonedx.slack.com/archives/C04NFFE1962 14 | [appthreat-community]: https://appthreat.zulipchat.com/join/gicgihqsgiotfliet45qm6i3/ 15 | -------------------------------------------------------------------------------- /docs/_coverpage.md: -------------------------------------------------------------------------------- 1 | ![logo](_media/cdxgen.png) 2 | 3 | # CycloneDX Generator (cdxgen) 4 | 5 | > A polyglot tool and a library for generating various Bill of Materials in CycloneDX specification. 6 | 7 | - Generate Software Bill of Materials (SBOM) for most applications and container images with a single command 8 | - Generate Operations Bill of Materials (OBOM) for Linux and Windows hosts 9 | - Integrate with any CI/CD pipeline 10 | - Automatically submit the generated BOM to your dependency track server for analysis 11 | -------------------------------------------------------------------------------- /docs/_media/LevoLogo-LightBg.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/docs/_media/LevoLogo-LightBg.jpg -------------------------------------------------------------------------------- /docs/_media/callstack-evidence.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/docs/_media/callstack-evidence.png -------------------------------------------------------------------------------- /docs/_media/cdxgen-tree.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/docs/_media/cdxgen-tree.jpg -------------------------------------------------------------------------------- /docs/_media/cdxgen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/docs/_media/cdxgen.png -------------------------------------------------------------------------------- /docs/_media/occurrence-evidence.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/docs/_media/occurrence-evidence.png -------------------------------------------------------------------------------- /docs/_media/saasbom-services.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/docs/_media/saasbom-services.png -------------------------------------------------------------------------------- /docs/_media/sbom-sign.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/docs/_media/sbom-sign.jpg -------------------------------------------------------------------------------- /docs/_media/why-cdxgen.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/docs/_media/why-cdxgen.jpg -------------------------------------------------------------------------------- /docs/_sidebar.md: -------------------------------------------------------------------------------- 1 | - [Home](/) 2 | - [CLI Usage](CLI.md) 3 | - [Server Usage](SERVER.md) 4 | - [Getting Started - Development](GETTING_STARTED.md) 5 | - [Supported Project Types](PROJECT_TYPES.md) 6 | - [Environment Variables](ENV.md) 7 | - [Advanced Usage](ADVANCED.md) 8 | - [AI/ML Usage](ml_profiles.md) 9 | - [Permissions](PERMISSIONS.md) 10 | - [Tutorials - Java](LESSON1.md) 11 | - [Tutorials - JavaScript](LESSON2.md) 12 | - [Tutorials - Sign & Attach](LESSON3.md) 13 | - [Tutorials - Standards & Attestations](LESSON4.md) 14 | - [Tutorials - OWASP juice-shop](LESSON5.md) 15 | - [Support (Enterprise & Community)](SUPPORT.md) -------------------------------------------------------------------------------- /index.cjs: -------------------------------------------------------------------------------- 1 | // this file is a wrapper of ./lib/cli/index.js that can be used by commonjs projects importing this module 2 | // that prefer to use require instead of await import() 3 | const importPromise = import("./lib/cli/index.js"); 4 | 5 | module.exports = new Proxy( 6 | {}, 7 | { 8 | get: 9 | (_, prop) => 10 | async (...args) => { 11 | const mod = await importPromise; 12 | return typeof mod[prop] === "function" ? mod[prop](...args) : mod[prop]; 13 | }, 14 | }, 15 | ); 16 | -------------------------------------------------------------------------------- /jest.config.js: -------------------------------------------------------------------------------- 1 | export const clearMocks = true; 2 | export const coverageDirectory = "coverage"; 3 | export const coveragePathIgnorePatterns = ["/node_modules/", "/.github/"]; 4 | export const coverageReporters = ["json", "lcov"]; 5 | export const testEnvironment = "node"; 6 | 7 | export default { transform: {} }; 8 | -------------------------------------------------------------------------------- /jsr.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@cyclonedx/cdxgen", 3 | "version": "11.4.0", 4 | "exports": "./lib/cli/index.js", 5 | "include": ["*.js", "lib/**", "bin/**", "data/**", "types/**"], 6 | "exclude": [ 7 | "test/", 8 | "docs/", 9 | "contrib/", 10 | "ci/", 11 | "tools_config/", 12 | ".github/", 13 | ".*", 14 | "devenv*", 15 | "jest.config.js", 16 | "docker-compose.yml", 17 | "ADVANCED.md", 18 | "pnpm-lock.yaml", 19 | "biome.json", 20 | "plugins", 21 | "tsconfig.json", 22 | "index.cjs" 23 | ] 24 | } 25 | -------------------------------------------------------------------------------- /lib/evinser/scalasem.js: -------------------------------------------------------------------------------- 1 | function buildNSCache(components) { 2 | const typePurlsCache = {}; 3 | for (const comp of components) { 4 | if (!comp.purl || !comp.properties) { 5 | continue; 6 | } 7 | const nsProps = comp.properties.filter((p) => p.name === "Namespaces"); 8 | if (nsProps.length) { 9 | const nsList = nsProps[0].value?.split("\n"); 10 | for (const ns of nsList) { 11 | const sns = ns.split("$")[0]; 12 | if (!typePurlsCache[sns]) { 13 | typePurlsCache[sns] = new Set(); 14 | } 15 | typePurlsCache[sns].add(comp.purl); 16 | } 17 | } 18 | } 19 | return typePurlsCache; 20 | } 21 | 22 | export function findPurlLocations(components, semanticsSlice) { 23 | const purlLocationsSet = {}; 24 | if (!semanticsSlice || !Object.keys(semanticsSlice).length) { 25 | return {}; 26 | } 27 | const typePurlsCache = buildNSCache(components); 28 | for (const key of Object.keys(semanticsSlice)) { 29 | if (key === "config" || !key.endsWith(".scala")) { 30 | continue; 31 | } 32 | const values = semanticsSlice[key]; 33 | const usedTypes = values?.usedTypes || []; 34 | for (const t of usedTypes) { 35 | const simpleType = t.split("$")[0]; 36 | const matchPurls = typePurlsCache[simpleType]; 37 | if (matchPurls) { 38 | for (const apurl of Array.from(matchPurls)) { 39 | if (!purlLocationsSet[apurl]) { 40 | purlLocationsSet[apurl] = new Set(); 41 | } 42 | purlLocationsSet[apurl].add(values.sourceFile || key); 43 | } 44 | } 45 | } 46 | } 47 | const purlLocationMap = {}; 48 | for (const apurl of Object.keys(purlLocationsSet)) { 49 | purlLocationMap[apurl] = Array.from(purlLocationsSet[apurl]).sort(); 50 | } 51 | return { purlLocationMap }; 52 | } 53 | -------------------------------------------------------------------------------- /lib/helpers/cbomutils.js: -------------------------------------------------------------------------------- 1 | import { readFileSync } from "node:fs"; 2 | import { join } from "node:path"; 3 | import { executeOsQuery } from "../managers/binary.js"; 4 | import { convertOSQueryResults, dirNameStr } from "./utils.js"; 5 | const cbomosDbQueries = JSON.parse( 6 | readFileSync(join(dirNameStr, "data", "cbomosdb-queries.json"), "utf-8"), 7 | ); 8 | const cbomCryptoOids = JSON.parse( 9 | readFileSync(join(dirNameStr, "data", "crypto-oid.json"), "utf-8"), 10 | ); 11 | 12 | /** 13 | * Method to collect crypto and ssl libraries from the OS. 14 | * 15 | * @param {Object} options 16 | * @returns osPkgsList Array of OS crypto packages 17 | */ 18 | export function collectOSCryptoLibs(options) { 19 | let osPkgsList = []; 20 | for (const queryCategory of Object.keys(cbomosDbQueries)) { 21 | const queryObj = cbomosDbQueries[queryCategory]; 22 | const results = executeOsQuery(queryObj.query); 23 | const dlist = convertOSQueryResults( 24 | queryCategory, 25 | queryObj, 26 | results, 27 | false, 28 | ); 29 | if (dlist?.length) { 30 | osPkgsList = osPkgsList.concat(dlist); 31 | // Should we downgrade from cryptographic-asset to data for < 1.6 spec 32 | if (options?.specVersion && options.specVersion < 1.6) { 33 | for (const apkg of osPkgsList) { 34 | if (apkg.type === "cryptographic-asset") { 35 | apkg.type = "data"; 36 | } 37 | } 38 | } 39 | } 40 | } 41 | return osPkgsList; 42 | } 43 | 44 | function cleanStr(str) { 45 | return str.toLowerCase().replace(/[^0-9a-z ]/gi, ""); 46 | } 47 | 48 | /** 49 | * Find crypto algorithm in the given code snippet 50 | * 51 | * @param {String} Code snippet 52 | * @returns {Array} Arary of crypto algorithm objects with oid and description 53 | */ 54 | export function findCryptoAlgos(code) { 55 | const cleanCode = cleanStr(code); 56 | const cryptoAlgos = []; 57 | for (const algoName of Object.keys(cbomCryptoOids)) { 58 | if (cleanCode.includes(cleanStr(algoName))) { 59 | cryptoAlgos.push({ 60 | ...cbomCryptoOids[algoName], 61 | name: algoName, 62 | ref: `crypto/algorithm/${algoName}@${cbomCryptoOids[algoName].oid}`, 63 | }); 64 | } 65 | } 66 | return cryptoAlgos; 67 | } 68 | -------------------------------------------------------------------------------- /lib/helpers/cbomutils.test.js: -------------------------------------------------------------------------------- 1 | import { expect, test } from "@jest/globals"; 2 | 3 | import { collectOSCryptoLibs } from "./cbomutils.js"; 4 | 5 | test("cbom utils tests", () => { 6 | const cryptoLibs = collectOSCryptoLibs(); 7 | expect(cryptoLibs).toBeDefined(); 8 | }); 9 | -------------------------------------------------------------------------------- /lib/helpers/db.js: -------------------------------------------------------------------------------- 1 | import path from "node:path"; 2 | import { DataTypes, Model, Sequelize } from "sequelize"; 3 | import SQLite from "sqlite3"; 4 | 5 | class Namespaces extends Model {} 6 | class Usages extends Model {} 7 | class DataFlows extends Model {} 8 | 9 | export const createOrLoad = async (dbName, dbPath, logging = false) => { 10 | const sequelize = new Sequelize({ 11 | define: { 12 | freezeTableName: true, 13 | }, 14 | dialect: "sqlite", 15 | dialectOptions: { 16 | mode: 17 | SQLite.OPEN_READWRITE | 18 | SQLite.OPEN_CREATE | 19 | SQLite.OPEN_NOMUTEX | 20 | SQLite.OPEN_SHAREDCACHE, 21 | }, 22 | storage: dbPath.includes("memory") ? dbPath : path.join(dbPath, dbName), 23 | logging, 24 | pool: { 25 | max: 5, 26 | min: 0, 27 | acquire: 30000, 28 | idle: 10000, 29 | }, 30 | }); 31 | Namespaces.init( 32 | { 33 | purl: { 34 | type: DataTypes.STRING, 35 | allowNull: false, 36 | primaryKey: true, 37 | }, 38 | data: { 39 | type: DataTypes.JSON, 40 | allowNull: false, 41 | }, 42 | }, 43 | { sequelize, modelName: "Namespaces" }, 44 | ); 45 | Usages.init( 46 | { 47 | purl: { 48 | type: DataTypes.STRING, 49 | allowNull: false, 50 | primaryKey: true, 51 | }, 52 | data: { 53 | type: DataTypes.JSON, 54 | allowNull: false, 55 | }, 56 | }, 57 | { sequelize, modelName: "Usages" }, 58 | ); 59 | DataFlows.init( 60 | { 61 | purl: { 62 | type: DataTypes.STRING, 63 | allowNull: false, 64 | primaryKey: true, 65 | }, 66 | data: { 67 | type: DataTypes.JSON, 68 | allowNull: false, 69 | }, 70 | }, 71 | { sequelize, modelName: "DataFlows" }, 72 | ); 73 | await sequelize.sync(); 74 | return { 75 | sequelize, 76 | Namespaces, 77 | Usages, 78 | DataFlows, 79 | }; 80 | }; 81 | -------------------------------------------------------------------------------- /lib/helpers/display.test.js: -------------------------------------------------------------------------------- 1 | import { readFileSync } from "node:fs"; 2 | import { test } from "@jest/globals"; 3 | import { printDependencyTree } from "./display.js"; 4 | 5 | test("print tree test", () => { 6 | const bomJson = JSON.parse( 7 | readFileSync("./test/data/vuln-spring-1.5.bom.json", { encoding: "utf-8" }), 8 | ); 9 | printDependencyTree(bomJson); 10 | }); 11 | -------------------------------------------------------------------------------- /lib/helpers/logger.js: -------------------------------------------------------------------------------- 1 | import { Console } from "node:console"; 2 | import fs from "node:fs"; 3 | import process from "node:process"; 4 | import colors from "yoctocolors"; 5 | 6 | // Enable think mode 7 | export const THINK_MODE = 8 | process.env.CDXGEN_THOUGHT_LOG || 9 | ["true", "1"].includes(process.env.CDXGEN_THINK_MODE) || 10 | process.env.CDXGEN_DEBUG_MODE === "verbose"; 11 | 12 | const output = process.env.CDXGEN_THOUGHT_LOG 13 | ? fs.createWriteStream(process.env.CDXGEN_THOUGHT_LOG) 14 | : process.stdout; 15 | const errorOutput = process.env.CDXGEN_THOUGHT_LOG 16 | ? fs.createWriteStream(process.env.CDXGEN_THOUGHT_LOG) 17 | : process.stderr; 18 | const tlogger = new Console({ 19 | stdout: output, 20 | stderr: errorOutput, 21 | colorMode: process.env.CDXGEN_THOUGHT_LOG ? false : "auto", 22 | }); 23 | 24 | if (THINK_MODE) { 25 | tlogger.group(colorizeText("")); 26 | } 27 | export function thoughtLog(s, args) { 28 | if (!THINK_MODE) { 29 | return; 30 | } 31 | if (!s?.endsWith(".") && !s?.endsWith("?") && !s?.endsWith("!")) { 32 | s = `${s}.`; 33 | } 34 | s = s.replaceAll("'.'", "''"); 35 | if (args) { 36 | tlogger.log(colorizeText(`${s}`), args); 37 | } else { 38 | tlogger.log(colorizeText(`${s}`)); 39 | } 40 | } 41 | export function thoughtEnd() { 42 | if (THINK_MODE) { 43 | tlogger.groupEnd(); 44 | tlogger.log(colorizeText("")); 45 | } 46 | } 47 | 48 | function colorizeText(s) { 49 | if (process.env.CDXGEN_THOUGHT_LOG) { 50 | return s; 51 | } 52 | s = s.replace(/(\d+)/g, colors.cyanBright("$1")); 53 | return colors.dim(s); 54 | } 55 | -------------------------------------------------------------------------------- /lib/helpers/protobom.js: -------------------------------------------------------------------------------- 1 | import { existsSync, readFileSync, writeFileSync } from "node:fs"; 2 | import { cdx_15, cdx_16 } from "@appthreat/cdx-proto"; 3 | 4 | /** 5 | * Stringify the given bom json based on the type. 6 | * 7 | * @param {string | Object} bomJson string or object 8 | * @returns {string} BOM json string 9 | */ 10 | const stringifyIfNeeded = (bomJson) => { 11 | if (typeof bomJson === "string" || bomJson instanceof String) { 12 | return bomJson; 13 | } 14 | return JSON.stringify(bomJson); 15 | }; 16 | 17 | /** 18 | * Method to convert the given bom json to proto binary 19 | * 20 | * @param {string | Object} bomJson BOM Json 21 | * @param {string} binFile Binary file name 22 | */ 23 | export const writeBinary = (bomJson, binFile) => { 24 | if (bomJson && binFile) { 25 | let bomObject = undefined; 26 | if (+bomJson.specVersion === 1.6) { 27 | bomObject = new cdx_16.Bom(); 28 | } else { 29 | bomObject = new cdx_15.Bom(); 30 | } 31 | writeFileSync( 32 | binFile, 33 | bomObject 34 | .fromJsonString(stringifyIfNeeded(bomJson), { 35 | ignoreUnknownFields: true, 36 | }) 37 | .toBinary({ writeUnknownFields: true }), 38 | ); 39 | } 40 | }; 41 | 42 | /** 43 | * Method to read a serialized binary 44 | * 45 | * @param {string} binFile Binary file name 46 | * @param {boolean} asJson Convert to JSON 47 | * @param {number} specVersion Specification version. Defaults to 1.5 48 | */ 49 | export const readBinary = (binFile, asJson = true, specVersion = 1.5) => { 50 | if (!existsSync(binFile)) { 51 | return undefined; 52 | } 53 | let bomLib = undefined; 54 | if (specVersion === 1.6) { 55 | bomLib = new cdx_16.Bom(); 56 | } else { 57 | bomLib = new cdx_15.Bom(); 58 | } 59 | const bomObject = bomLib.fromBinary(readFileSync(binFile), { 60 | readUnknownFields: true, 61 | }); 62 | if (asJson) { 63 | return bomObject.toJson({ emitDefaultValues: true }); 64 | } 65 | return bomObject; 66 | }; 67 | -------------------------------------------------------------------------------- /lib/helpers/protobom.test.js: -------------------------------------------------------------------------------- 1 | import { existsSync, mkdtempSync, readFileSync, rmSync } from "node:fs"; 2 | import { join } from "node:path"; 3 | import { expect, test } from "@jest/globals"; 4 | import { getTmpDir } from "./utils.js"; 5 | 6 | import { readBinary, writeBinary } from "./protobom.js"; 7 | 8 | const tempDir = mkdtempSync(join(getTmpDir(), "bin-tests-")); 9 | const testBom = JSON.parse( 10 | readFileSync("./test/data/bom-java.json", { encoding: "utf-8" }), 11 | ); 12 | 13 | test("proto binary tests", () => { 14 | const binFile = join(tempDir, "test.cdx.bin"); 15 | writeBinary({}, binFile); 16 | expect(existsSync(binFile)).toBeTruthy(); 17 | writeBinary(testBom, binFile); 18 | expect(existsSync(binFile)).toBeTruthy(); 19 | let bomObject = readBinary(binFile); 20 | expect(bomObject).toBeDefined(); 21 | expect(bomObject.serialNumber).toEqual( 22 | "urn:uuid:cc8b5a04-2698-4375-b04c-cedfa4317fee", 23 | ); 24 | bomObject = readBinary(binFile, false, 1.5); 25 | expect(bomObject).toBeDefined(); 26 | expect(bomObject.serialNumber).toEqual( 27 | "urn:uuid:cc8b5a04-2698-4375-b04c-cedfa4317fee", 28 | ); 29 | if (tempDir?.startsWith(getTmpDir()) && rmSync) { 30 | rmSync(tempDir, { recursive: true, force: true }); 31 | } 32 | }); 33 | -------------------------------------------------------------------------------- /lib/managers/oci.js: -------------------------------------------------------------------------------- 1 | import { Buffer } from "node:buffer"; 2 | import fs from "node:fs"; 3 | import { 4 | MAX_BUFFER, 5 | getAllFiles, 6 | getTmpDir, 7 | isWin, 8 | safeSpawnSync, 9 | } from "../helpers/utils.js"; 10 | 11 | export function getBomWithOras(image, platform = undefined) { 12 | let parameters = [ 13 | "discover", 14 | "--format", 15 | "json", 16 | "--artifact-type", 17 | "sbom/cyclonedx", 18 | ]; 19 | if (platform) { 20 | parameters = parameters.concat(["--platform", platform]); 21 | } 22 | let result = safeSpawnSync("oras", parameters.concat([image]), { 23 | encoding: "utf-8", 24 | shell: isWin, 25 | maxBuffer: MAX_BUFFER, 26 | }); 27 | if (result.status !== 0 || result.error) { 28 | console.log( 29 | "Install oras by following the instructions at: https://oras.land/docs/installation", 30 | ); 31 | if (result.stderr) { 32 | console.log(result.stderr); 33 | } 34 | return undefined; 35 | } 36 | if (result.stdout) { 37 | const out = Buffer.from(result.stdout).toString(); 38 | try { 39 | const manifestObj = JSON.parse(out); 40 | if ( 41 | manifestObj?.manifests?.length && 42 | Array.isArray(manifestObj.manifests) && 43 | manifestObj.manifests[0]?.reference 44 | ) { 45 | const imageRef = manifestObj.manifests[0].reference; 46 | const tmpDir = getTmpDir(); 47 | result = safeSpawnSync("oras", ["pull", imageRef, "-o", tmpDir], { 48 | encoding: "utf-8", 49 | shell: isWin, 50 | maxBuffer: MAX_BUFFER, 51 | }); 52 | if (result.status !== 0 || result.error) { 53 | console.log( 54 | `Unable to pull the SBOM attachment for ${imageRef} with oras!`, 55 | ); 56 | return undefined; 57 | } 58 | const bomFiles = getAllFiles(tmpDir, "**/*.{bom,cdx}.json"); 59 | if (bomFiles.length) { 60 | return JSON.parse(fs.readFileSync(bomFiles.pop(), "utf8")); 61 | } 62 | } else { 63 | console.log(`${image} does not contain any SBOM attachment!`); 64 | } 65 | } catch (e) { 66 | console.log(e); 67 | } 68 | } 69 | return undefined; 70 | } 71 | -------------------------------------------------------------------------------- /plugins/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/plugins/.gitkeep -------------------------------------------------------------------------------- /plugins/.npmignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/plugins/.npmignore -------------------------------------------------------------------------------- /test/Podfile: -------------------------------------------------------------------------------- 1 | pod 'Alamofire', '3.0' 2 | 3 | target 'cdxgenexpotest' do 4 | use_frameworks! 5 | end 6 | 7 | target 'cdxgenexpotest copy' do 8 | pod 'GoogleAnalytics', '~> 3.1' 9 | end 10 | 11 | target 'cdxgenexpotest copy 2' do 12 | use_frameworks! 13 | pod 'OCMock', '~> 2.0.1' 14 | pod 'GoogleAnalytics' 15 | target 'deep' do 16 | pod 'boost' 17 | end 18 | end 19 | 20 | -------------------------------------------------------------------------------- /test/Podfile.json: -------------------------------------------------------------------------------- 1 | { 2 | "target_definitions": [ 3 | { 4 | "name": "Pods", 5 | "abstract": true, 6 | "dependencies": [{ "Alamofire": ["3.0"] }], 7 | "children": [ 8 | { 9 | "name": "cdxgenexpotest", 10 | "uses_frameworks": { "linkage": "dynamic", "packaging": "framework" } 11 | }, 12 | { 13 | "name": "cdxgenexpotest copy", 14 | "dependencies": [{ "GoogleAnalytics": ["~\u003e 3.1"] }] 15 | }, 16 | { 17 | "name": "cdxgenexpotest copy 2", 18 | "uses_frameworks": { "linkage": "dynamic", "packaging": "framework" }, 19 | "dependencies": [{ "OCMock": ["~\u003e 2.0.1"] }, "GoogleAnalytics"], 20 | "children": [{ "name": "deep", "dependencies": ["boost"] }] 21 | } 22 | ] 23 | } 24 | ] 25 | } 26 | -------------------------------------------------------------------------------- /test/Podfile.lock: -------------------------------------------------------------------------------- 1 | PODS: 2 | - Alamofire (3.0.0) 3 | - boost (1.59.0): 4 | - boost/graph-includes (= 1.59.0) 5 | - boost/math-includes (= 1.59.0) 6 | - boost/numeric-includes (= 1.59.0) 7 | - boost/pointer_cast-includes (= 1.59.0) 8 | - boost/preprocessor-includes (= 1.59.0) 9 | - boost/shared_ptr-includes (= 1.59.0) 10 | - boost/string_algorithms-includes (= 1.59.0) 11 | - boost/graph-includes (1.59.0) 12 | - boost/math-includes (1.59.0) 13 | - boost/numeric-includes (1.59.0) 14 | - boost/pointer_cast-includes (1.59.0) 15 | - boost/preprocessor-includes (1.59.0) 16 | - boost/shared_ptr-includes (1.59.0) 17 | - boost/string_algorithms-includes (1.59.0) 18 | - GoogleAnalytics (3.23.0): 19 | - GoogleUtilities/UserDefaults (~> 7.11) 20 | - GoogleUtilities/Environment (7.13.3): 21 | - GoogleUtilities/Privacy 22 | - PromisesObjC (< 3.0, >= 1.2) 23 | - GoogleUtilities/Logger (7.13.3): 24 | - GoogleUtilities/Environment 25 | - GoogleUtilities/Privacy 26 | - GoogleUtilities/Privacy (7.13.3) 27 | - GoogleUtilities/UserDefaults (7.13.3): 28 | - GoogleUtilities/Logger 29 | - GoogleUtilities/Privacy 30 | - OCMock (2.0.1) 31 | - PromisesObjC (2.4.0) 32 | 33 | DEPENDENCIES: 34 | - Alamofire (= 3.0) 35 | - boost 36 | - GoogleAnalytics 37 | - GoogleAnalytics (~> 3.1) 38 | - OCMock (~> 2.0.1) 39 | 40 | SPEC REPOS: 41 | trunk: 42 | - Alamofire 43 | - boost 44 | - GoogleAnalytics 45 | - GoogleUtilities 46 | - OCMock 47 | - PromisesObjC 48 | 49 | SPEC CHECKSUMS: 50 | Alamofire: b61782387f81bcc538a0284cf2bb5d7995cd0a80 51 | boost: 30a15ffb6d9aa4646dd3caffc960753f4cb4ca4e 52 | GoogleAnalytics: 9e360c5cfffa536ff64dc383bc468577b7ba5c5d 53 | GoogleUtilities: ea963c370a38a8069cc5f7ba4ca849a60b6d7d15 54 | OCMock: 7a839b55abfb78e8ec3bf6eaa3cdcc567ac71d2a 55 | PromisesObjC: f5707f49cb48b9636751c5b2e7d227e43fba9f47 56 | 57 | PODFILE CHECKSUM: d80831c18e908ee483ae2a7feca05936517b661b 58 | 59 | COCOAPODS: 1.16.2 60 | -------------------------------------------------------------------------------- /test/data/Cargo1.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | authors = ["The Rust Project Developers"] 3 | name = "unwind" 4 | version = "0.0.0" 5 | edition = "2018" 6 | include = [ 7 | '/libunwind/*', 8 | ] 9 | 10 | [lib] 11 | test = false 12 | bench = false 13 | doc = false 14 | 15 | [dependencies] 16 | core = { path = "../core" } 17 | libc = { version = "0.2.79", features = ['rustc-dep-of-std'], default-features = false } 18 | compiler_builtins = "0.1.0" 19 | cfg-if = "0.1.8" 20 | 21 | [build-dependencies] 22 | cc = { version = "1.0.1" } 23 | 24 | [features] 25 | llvm-libunwind = [] 26 | system-llvm-libunwind = [] 27 | -------------------------------------------------------------------------------- /test/data/Cargo2.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "quiche-fuzz" 3 | version = "0.1.0" 4 | authors = ["Alessandro Ghedini "] 5 | edition = "2018" 6 | publish = false 7 | 8 | [package.metadata] 9 | cargo-fuzz = true 10 | 11 | [profile.dev] 12 | opt-level = 3 13 | 14 | [dependencies] 15 | quiche = { path = "../quiche", features = ["fuzzing"] } 16 | lazy_static = "1" 17 | libfuzzer-sys = { git = "https://github.com/rust-fuzz/libfuzzer-sys.git" } 18 | 19 | # Prevent this from interfering with workspaces 20 | [workspace] 21 | members = ["."] 22 | 23 | [[bin]] 24 | name = "packet_recv_client" 25 | path = "src/packet_recv_client.rs" 26 | 27 | [[bin]] 28 | name = "packet_recv_server" 29 | path = "src/packet_recv_server.rs" 30 | 31 | [[bin]] 32 | name = "qpack_decode" 33 | path = "src/qpack_decode.rs" 34 | 35 | [profile.release] 36 | debug = true 37 | debug-assertions = true 38 | overflow-checks = true 39 | -------------------------------------------------------------------------------- /test/data/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: prometheus 3 | appVersion: 2.39.1 4 | version: 16.0.0 5 | description: Prometheus is a monitoring system and time series database. 6 | home: https://prometheus.io/ 7 | icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png 8 | sources: 9 | - https://github.com/prometheus/alertmanager 10 | - https://github.com/prometheus/prometheus 11 | - https://github.com/prometheus/pushgateway 12 | - https://github.com/prometheus/node_exporter 13 | - https://github.com/kubernetes/kube-state-metrics 14 | maintainers: 15 | - name: gianrubio 16 | email: gianrubio@gmail.com 17 | - name: zanhsieh 18 | email: zanhsieh@gmail.com 19 | - name: Xtigyro 20 | email: miroslav.hadzhiev@gmail.com 21 | - name: naseemkullah 22 | email: naseem@transit.app 23 | engine: gotpl 24 | type: application 25 | dependencies: 26 | - name: kube-state-metrics 27 | version: "4.22.*" 28 | repository: https://prometheus-community.github.io/helm-charts 29 | condition: kubeStateMetrics.enabled 30 | - name: prometheus-node-exporter 31 | version: "4.5.*" 32 | repository: https://prometheus-community.github.io/helm-charts 33 | condition: prometheus-node-exporter.enabled 34 | -------------------------------------------------------------------------------- /test/data/Dockerfile: -------------------------------------------------------------------------------- 1 | # image statement 2 | FROM hello-world 3 | 4 | # image statement with build stage name 5 | FROM hello-world AS HELLO 6 | 7 | # image statement with tag 8 | FROM hello-world:latest 9 | 10 | # image statement with sha only 11 | FROM hello-world@sha256:1234567890abcdef 12 | 13 | # image statement with tag and sha 14 | FROM hello-world:latest@sha256:1234567890abcdef 15 | 16 | # reusing previous build stage as new stage 17 | FROM HELLO as WORLD 18 | 19 | # image statement with base image name from build arg 20 | ARG BASE_IMAGE=docker.io/hello-world@sha256:1234567890abcdef 21 | FROM $BASE_IMAGE 22 | 23 | # image statement with base image name from build arg with curly braces 24 | ARG BASE_IMAGE=docker.io/hello-world:latest@sha256:1234567890abcdef 25 | FROM ${BASE_IMAGE} 26 | 27 | # image statement with multiple build args 28 | ARG IMAGE_REGISTRY=docker.io 29 | ARG IMAGE_NAME=hello-world 30 | ARG IMAGE_TAG="latest" 31 | ARG IMAGE_PATH=$IMAGE_NAME:$IMAGE_TAG 32 | FROM $IMAGE_REGISTRY/$IMAGE_PATH 33 | 34 | # image statement with base image name from build arg without default 35 | ARG BASE_IMAGE_WITHOUT_DEFAULT 36 | FROM $BASE_IMAGE_WITHOUT_DEFAULT 37 | 38 | # Commented out image statement 39 | # FROM hello-world 40 | -------------------------------------------------------------------------------- /test/data/Logging.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | $(TargetFrameworks); 5 | Sample OData extensions for OData v8 6 | Sample.OData 7 | enable 8 | 9 | 10 | 11 | README.md 12 | Includes latest versions of Seedwork packages and versions of packages used by Seedwork. Includes project validation's checks. Includes mechanism to attach Seedwork locally 13 | MSBuild Tasks Seedwork 14 | true 15 | false 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | -------------------------------------------------------------------------------- /test/data/METADATA: -------------------------------------------------------------------------------- 1 | Metadata-Version: 2.1 2 | Name: yamllint 3 | Version: 1.26.1 4 | Summary: A linter for YAML files. 5 | Home-page: https://github.com/adrienverge/yamllint 6 | Author: Adrien Vergé 7 | License: GPLv3 8 | Project-URL: Documentation, https://yamllint.readthedocs.io 9 | Project-URL: Download, https://pypi.org/project/yamllint/#files 10 | Project-URL: Bug Tracker, https://github.com/adrienverge/yamllint/issues 11 | Project-URL: Source Code, https://github.com/adrienverge/yamllint 12 | Keywords: yaml,lint,linter,syntax,checker 13 | Platform: UNKNOWN 14 | Classifier: Development Status :: 5 - Production/Stable 15 | Classifier: Environment :: Console 16 | Classifier: Intended Audience :: Developers 17 | Classifier: License :: OSI Approved :: GNU General Public License v3 (GPLv3) 18 | Classifier: Programming Language :: Python :: 3 19 | Classifier: Programming Language :: Python :: 3.5 20 | Classifier: Programming Language :: Python :: 3.6 21 | Classifier: Programming Language :: Python :: 3.7 22 | Classifier: Programming Language :: Python :: 3.8 23 | Classifier: Programming Language :: Python :: 3.9 24 | Classifier: Topic :: Software Development 25 | Classifier: Topic :: Software Development :: Debuggers 26 | Classifier: Topic :: Software Development :: Quality Assurance 27 | Classifier: Topic :: Software Development :: Testing 28 | Requires-Python: >=3.5.* 29 | Requires-Dist: pathspec (>=0.5.3) 30 | Requires-Dist: pyyaml 31 | Requires-Dist: setuptools ; python_version < "3.8" 32 | 33 | A linter for YAML files. 34 | 35 | yamllint does not only check for syntax validity, but for weirdnesses like key 36 | repetition and cosmetic problems such as lines length, trailing spaces, 37 | indentation, etc. 38 | 39 | -------------------------------------------------------------------------------- /test/data/Microsoft.Web.Infrastructure.1.0.0.0.nupkg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/test/data/Microsoft.Web.Infrastructure.1.0.0.0.nupkg -------------------------------------------------------------------------------- /test/data/Microsoft.Web.Infrastructure.1.0.0.0.nuspec: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Microsoft.Web.Infrastructure 5 | 1.0.0.0 6 | Microsoft.Web.Infrastructure 7 | Microsoft 8 | Microsoft 9 | http://go.microsoft.com/fwlink/?LinkID=214339 10 | http://www.asp.net/ 11 | https://download-codeplex.sec.s-msft.com/Download?ProjectName=aspnetwebstack&DownloadId=360555 12 | false 13 | This package contains the Microsoft.Web.Infrastructure assembly that lets you dynamically register HTTP modules at run time. 14 | This package contains the Microsoft.Web.Infrastructure assembly that lets you dynamically register HTTP modules at run time. 15 | ASPNETWEBPAGES 16 | 17 | -------------------------------------------------------------------------------- /test/data/Package.resolved: -------------------------------------------------------------------------------- 1 | { 2 | "object": { 3 | "pins": [ 4 | { 5 | "package": "swift-argument-parser", 6 | "repositoryURL": "https://github.com/apple/swift-argument-parser", 7 | "state": { 8 | "branch": null, 9 | "revision": "e394bf350e38cb100b6bc4172834770ede1b7232", 10 | "version": "1.0.3" 11 | } 12 | }, 13 | { 14 | "package": "cmark-gfm", 15 | "repositoryURL": "https://github.com/apple/swift-cmark.git", 16 | "state": { 17 | "branch": "gfm", 18 | "revision": "86aeb491675de6f077a3a6df6cbcac1a25dcbee1", 19 | "version": null 20 | } 21 | }, 22 | { 23 | "package": "SwiftDocCPlugin", 24 | "repositoryURL": "https://github.com/apple/swift-docc-plugin", 25 | "state": { 26 | "branch": null, 27 | "revision": "10bc670db657d11bdd561e07de30a9041311b2b1", 28 | "version": "1.1.0" 29 | } 30 | }, 31 | { 32 | "package": "swift-http-server", 33 | "repositoryURL": "https://bitbucket.org/atlassian/swift-http-server", 34 | "state": { 35 | "branch": null, 36 | "revision": "72211fb4139a84b6eaa71b1e15356604c84d0d94", 37 | "version": "0.7.4" 38 | } 39 | }, 40 | { 41 | "package": "swift-http-server", 42 | "repositoryURL": "ssh://git@bitbucket.org:7999/swift/swift-http-server.git", 43 | "state": { 44 | "branch": null, 45 | "revision": "72211fb4139a84b6eaa71b1e15356604c84d0d94", 46 | "version": "0.7.4" 47 | } 48 | }, 49 | { 50 | "package": "SymbolKit", 51 | "repositoryURL": "https://github.com/apple/swift-docc-symbolkit", 52 | "state": { 53 | "branch": null, 54 | "revision": "b45d1f2ed151d057b54504d653e0da5552844e34", 55 | "version": "1.0.0" 56 | } 57 | } 58 | ] 59 | }, 60 | "version": 1 61 | } 62 | -------------------------------------------------------------------------------- /test/data/activerecord-import.gemspec: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require File.expand_path('../lib/activerecord-import/version', __FILE__) 4 | 5 | Gem::Specification.new do |gem| 6 | gem.authors = ["Zach Dennis"] 7 | gem.email = ["zach.dennis@gmail.com"] 8 | gem.summary = "Bulk insert extension for ActiveRecord" 9 | gem.description = "A library for bulk inserting data using ActiveRecord." 10 | gem.homepage = "https://github.com/zdennis/activerecord-import" 11 | gem.license = "MIT" 12 | 13 | gem.metadata = { 14 | "changelog_uri" => "https://github.com/zdennis/activerecord-import/blob/master/CHANGELOG.md" 15 | } 16 | 17 | gem.files = `git ls-files`.split($\) 18 | gem.executables = gem.files.grep(%r{^bin/}).map { |f| File.basename(f) } 19 | gem.test_files = gem.files.grep(%r{^(test|spec|features)/}) 20 | gem.name = "activerecord-import" 21 | gem.require_paths = ["lib"] 22 | gem.version = ActiveRecord::Import::VERSION 23 | 24 | gem.required_ruby_version = ">= 2.4.0" 25 | 26 | gem.add_runtime_dependency "activerecord", ">= 4.2" 27 | gem.add_development_dependency "rake" 28 | end 29 | -------------------------------------------------------------------------------- /test/data/appthreat_depscan-2.0.2-py3-none-any.whl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/test/data/appthreat_depscan-2.0.2-py3-none-any.whl -------------------------------------------------------------------------------- /test/data/apt-search-out.txt: -------------------------------------------------------------------------------- 1 | Package: xhk 2 | Architecture: amd64 3 | Version: 1.2-2 4 | Priority: optional 5 | Section: universe/x11 6 | Origin: Ubuntu 7 | Maintainer: Ubuntu Developers 8 | Original-Maintainer: Kentaro Hayashi 9 | Bugs: https://bugs.launchpad.net/ubuntu/+filebug 10 | Installed-Size: 37 11 | Depends: libc6 (>= 2.4), libx11-6 (>= 2:1.2.99.901), libxi6 (>= 2:1.2.99.4), libxtst6 12 | Filename: pool/universe/x/xhk/xhk_1.2-2_amd64.deb 13 | Size: 9904 14 | MD5sum: df577920a2db03d5adcc2ea8dc759fc6 15 | SHA1: 04a4c1eb2a2091b7ae060a6686b0cad5ddab373a 16 | SHA256: 601d598e549e292113b42835aac9b2bf1fc5da3356e2a7e36d9224232ba672cf 17 | SHA512: 92cd6a46e7b3742696545f04c0f74b7a1be66db688d35a787032fa34aae69087b7cfa176f7df4e0cc7beb2b8d466c2d01a1223200347bc590abca36172f98ffd 18 | Homepage: https://github.com/kbingham/xhk 19 | Description-en: XLib halfkey implementation 20 | Running xhk detaches the keyboard, and intercepts all input; processing it for 21 | space bar pushes as it goes. The space bar acts as a modifier if it is held at 22 | the same time as a standard letter. Modifying acts to mirror the input such 23 | that key presses are mirrored down the middle of the home row. 24 | Pressing space, and then releasing will still provide a single space character. 25 | Description-md5: 3424a1e9d03826a06be34491a8f7e93b 26 | 27 | -------------------------------------------------------------------------------- /test/data/bazel/BUILD: -------------------------------------------------------------------------------- 1 | load("@rules_java//java:defs.bzl", "java_binary", "java_library", "java_test") 2 | 3 | package(default_visibility = ["//visibility:public"]) 4 | 5 | java_library( 6 | name = "java-maven-lib", 7 | srcs = glob(["src/main/java/com/example/myproject/*.java"]), 8 | deps = ["@maven//:com_google_guava_guava"], 9 | ) 10 | 11 | java_binary( 12 | name = "java-maven", 13 | main_class = "com.example.myproject.App", 14 | runtime_deps = [":java-maven-lib"], 15 | ) 16 | 17 | java_test( 18 | name = "tests", 19 | srcs = glob(["src/test/java/com/example/myproject/*.java"]), 20 | test_class = "com.example.myproject.TestApp", 21 | deps = [ 22 | ":java-maven-lib", 23 | "@maven//:com_google_guava_guava", 24 | "@maven//:junit_junit", 25 | ], 26 | ) 27 | -------------------------------------------------------------------------------- /test/data/bazel/bazel-action-graph.txt: -------------------------------------------------------------------------------- 1 | @maven//:org/scala-lang/scala-library/2.13.16/scala-library-2.13.16.jar 2 | @maven//:org/jline/jline/3.26.3/jline-3.26.3.jar 3 | @@zlib~//:uncompr.c 4 | @@zlib~//:z 5 | @@zlib~//:zconf.h 6 | @@zlib~//:zlib 7 | @@zlib~//:zlib.h 8 | @@zlib~//:zlib/include/crc32.h 9 | @@zlib~//:zlib/include/deflate.h 10 | @@zlib~//:zlib/include/gzguts.h 11 | @@zlib~//:zlib/include/inffast.h 12 | @@zlib~//:zlib/include/inffixed.h 13 | @@zlib~//:zlib/include/inflate.h 14 | @@zlib~//:zlib/include/inftrees.h 15 | @@zlib~//:zlib/include/trees.h 16 | @@zlib~//:zlib/include/zconf.h 17 | @@zlib~//:zlib/include/zlib.h 18 | @@zlib~//:zlib/include/zutil.h 19 | @@zlib~//:zutil.c 20 | @@zlib~//:zutil.h 21 | -------------------------------------------------------------------------------- /test/data/bitbucket-pipelines.yml: -------------------------------------------------------------------------------- 1 | image: node:16 2 | 3 | definitions: 4 | steps: 5 | - step: &build-step 6 | image: node:18 7 | 8 | - step: &build-step-private 9 | image: 10 | name: some.private.org/docker/library/node:20 11 | username: $USERNAME 12 | password: $PASSWORD 13 | email: $EMAIL 14 | 15 | - step: &build-step-pipe-deploy 16 | script: 17 | - pipe: atlassian/aws/s3-deploy:0.2.2 18 | 19 | - step: &build-step-pipe-deploy-alternate 20 | script: 21 | - pipe: docker://some.private.org/docker/library/some-pipe:1.0.0 22 | -------------------------------------------------------------------------------- /test/data/bower.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "jquery", 3 | "version": "3.6.0", 4 | "main": "dist/jquery.js", 5 | "license": "MIT", 6 | "ignore": ["package.json"], 7 | "keywords": ["jquery", "javascript", "browser", "library"] 8 | } 9 | -------------------------------------------------------------------------------- /test/data/bun.lockb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/test/data/bun.lockb -------------------------------------------------------------------------------- /test/data/cabal.project.freeze: -------------------------------------------------------------------------------- 1 | constraints: any.ansi-terminal ==0.11.3, 2 | ansi-terminal -example, 3 | any.ansi-wl-pprint ==0.6.9, 4 | ansi-wl-pprint -example, 5 | any.array ==0.5.3.0, 6 | any.base ==4.12.0.0, 7 | any.bytestring ==0.10.8.2, 8 | any.colour ==2.3.5, 9 | any.containers ==0.6.0.1, 10 | any.deepseq ==1.4.4.0, 11 | any.directory ==1.3.3.0, 12 | any.filepath ==1.4.2.1, 13 | any.ghc-prim ==0.5.3, 14 | any.haskeline ==0.7.4.3, 15 | any.integer-gmp ==1.0.2.0, 16 | any.mtl ==2.2.2, 17 | any.optparse-applicative ==0.17.0.0, 18 | optparse-applicative +process, 19 | any.process ==1.6.5.0, 20 | any.random ==1.1, 21 | any.rts ==1.0, 22 | any.stm ==2.5.0.0, 23 | any.terminfo ==0.4.1.2, 24 | any.time ==1.8.0.2, 25 | any.transformers ==0.5.6.2, 26 | any.transformers-compat ==0.7.1, 27 | transformers-compat -five +five-three -four +generic-deriving +mtl -three -two, 28 | any.unix ==2.7.2.2 29 | -------------------------------------------------------------------------------- /test/data/cargo-auditable.txt: -------------------------------------------------------------------------------- 1 | adler 1.0.2 crates.io 2 | ahash 0.7.6 crates.io 3 | auditable-serde 0.5.2 local 4 | autocfg 1.1.0 crates.io 5 | camino 1.1.1 crates.io 6 | cargo-auditable 0.5.4 local 7 | cargo-platform 0.1.2 crates.io 8 | cargo_metadata 0.15.0 crates.io 9 | cfg-if 1.0.0 crates.io 10 | crc32fast 1.3.2 crates.io 11 | getrandom 0.2.7 crates.io 12 | hashbrown 0.11.2 crates.io 13 | hashbrown 0.12.3 crates.io 14 | indexmap 1.9.1 crates.io 15 | itoa 1.0.3 crates.io 16 | libc 0.2.132 crates.io 17 | memchr 2.5.0 crates.io 18 | miniz_oxide 0.5.4 crates.io 19 | object 0.28.4 crates.io 20 | once_cell 1.14.0 crates.io 21 | pico-args 0.5.0 crates.io 22 | proc-macro2 1.0.43 crates.io 23 | quote 1.0.21 crates.io 24 | ryu 1.0.11 crates.io 25 | semver 1.0.14 crates.io 26 | serde 1.0.147 crates.io 27 | serde_derive 1.0.147 crates.io 28 | serde_json 1.0.85 crates.io 29 | syn 1.0.99 crates.io 30 | topological-sort 0.2.2 crates.io 31 | unicode-ident 1.0.4 crates.io 32 | version_check 0.9.4 crates.io -------------------------------------------------------------------------------- /test/data/cloudbuild.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # [START cloudbuild_microservice_demo_cloudbuild] 16 | 17 | # This configuration file is used to build and deploy the app into a 18 | # GKE cluster using Google Cloud Build. 19 | # 20 | # PREREQUISITES: 21 | # - Cloud Build service account must have role: "Kubernetes Engine Developer" 22 | 23 | # USAGE: 24 | # GCP zone and GKE target cluster must be specified as substitutions 25 | # Example invocation: 26 | # `gcloud builds submit --config=cloudbuild.yaml --substitutions=_ZONE=us-central1-b,_CLUSTER=demo-app-staging .` 27 | 28 | steps: 29 | - id: 'Deploy application to cluster' 30 | name: 'gcr.io/k8s-skaffold/skaffold:v2.0.1' 31 | entrypoint: 'bash' 32 | args: 33 | - '-c' 34 | - > 35 | gcloud container clusters get-credentials --zone=$_ZONE $_CLUSTER; 36 | skaffold run -f=skaffold.yaml --default-repo=gcr.io/$PROJECT_ID; 37 | 38 | # Add more power, and more time, for heavy Skaffold build 39 | timeout: '3600s' 40 | options: 41 | machineType: 'N1_HIGHCPU_8' 42 | 43 | # [END cloudbuild_microservice_demo_cloudbuild] -------------------------------------------------------------------------------- /test/data/cmakes/CMakeLists-version.txt: -------------------------------------------------------------------------------- 1 | cmake_minimum_required(VERSION 3.15) 2 | 3 | project(MyProject VERSION 2.1.3) 4 | 5 | add_executable(myexample example.cpp) -------------------------------------------------------------------------------- /test/data/cmakes/DownloadPThreadPool.cmake: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 The TensorFlow Authors. All Rights Reserved. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # https://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | CMAKE_MINIMUM_REQUIRED(VERSION 3.5 FATAL_ERROR) 17 | 18 | PROJECT(pthreadpool-download NONE) 19 | 20 | INCLUDE(ExternalProject) 21 | ExternalProject_Add(pthreadpool 22 | URL https://github.com/Maratyszcza/pthreadpool/archive/4fe0e1e183925bf8cfa6aae24237e724a96479b8.zip 23 | URL_HASH SHA256=a4cf06de57bfdf8d7b537c61f1c3071bce74e57524fe053e0bbd2332feca7f95 24 | SOURCE_DIR "${CMAKE_BINARY_DIR}/pthreadpool-source" 25 | BINARY_DIR "${CMAKE_BINARY_DIR}/pthreadpool" 26 | CONFIGURE_COMMAND "" 27 | BUILD_COMMAND "" 28 | INSTALL_COMMAND "" 29 | TEST_COMMAND "" 30 | ) 31 | -------------------------------------------------------------------------------- /test/data/cmakes/conanfile.txt: -------------------------------------------------------------------------------- 1 | [requires] 2 | qr-code-generator/1.8.0 3 | 4 | [generators] 5 | cmake 6 | 7 | [imports] 8 | bin, *.dll -> ./bin # Copies all dll files from packages bin folder to my local "bin" folder 9 | -------------------------------------------------------------------------------- /test/data/cmakes/fbVersion.cmake: -------------------------------------------------------------------------------- 1 | set(VERSION_MAJOR 23) 2 | set(VERSION_MINOR 5) 3 | set(VERSION_PATCH 26) 4 | set(VERSION_COMMIT 0) 5 | 6 | if(EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/.git") 7 | find_program(GIT git) 8 | if(GIT) 9 | execute_process( 10 | COMMAND ${GIT} describe --tags 11 | WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} 12 | OUTPUT_VARIABLE GIT_DESCRIBE_DIRTY 13 | OUTPUT_STRIP_TRAILING_WHITESPACE 14 | RESULT_VARIABLE GIT_DESCRIBE_RESULT 15 | ) 16 | 17 | if(GIT_DESCRIBE_RESULT EQUAL 0) 18 | # Test if the most recent Git tag matches the pattern "v..*" 19 | if(GIT_DESCRIBE_DIRTY MATCHES "^v[0-9]+\\.[0-9]+\\.[0-9]+.*") 20 | string(REGEX REPLACE "^v([0-9]+)\\..*" "\\1" VERSION_MAJOR "${GIT_DESCRIBE_DIRTY}") 21 | string(REGEX REPLACE "^v[0-9]+\\.([0-9]+).*" "\\1" VERSION_MINOR "${GIT_DESCRIBE_DIRTY}") 22 | string(REGEX REPLACE "^v[0-9]+\\.[0-9]+\\.([0-9]+).*" "\\1" VERSION_PATCH "${GIT_DESCRIBE_DIRTY}") 23 | string(REGEX REPLACE "^v[0-9]+\\.[0-9]+\\.[0-9]+\\-([0-9]+).*" "\\1" VERSION_COMMIT "${GIT_DESCRIBE_DIRTY}") 24 | # If the tag points to the commit, then only the tag is shown in "git describe" 25 | if(VERSION_COMMIT STREQUAL GIT_DESCRIBE_DIRTY) 26 | set(VERSION_COMMIT 0) 27 | endif() 28 | else() 29 | message(WARNING "\"${GIT_DESCRIBE_DIRTY}\" does not match pattern v..-") 30 | endif() 31 | else() 32 | message(WARNING "git describe failed with exit code: ${GIT_DESCRIBE_RESULT}") 33 | endif() 34 | else() 35 | message(WARNING "git is not found") 36 | endif() 37 | endif() 38 | 39 | message(STATUS "Proceeding with version: ${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_COMMIT}") 40 | -------------------------------------------------------------------------------- /test/data/cmakes/mongoc-config.cmake: -------------------------------------------------------------------------------- 1 | include(CMakeFindDependencyMacro) 2 | find_dependency(bson-1.0 @MONGOC_MAJOR_VERSION@.@MONGOC_MINOR_VERSION@.@MONGOC_MICRO_VERSION@) 3 | include("${CMAKE_CURRENT_LIST_DIR}/mongoc-targets.cmake") 4 | 5 | set(_mongoc_built_with_bundled_utf8proc "@USE_BUNDLED_UTF8PROC@") 6 | if(NOT _mongoc_built_with_bundled_utf8proc AND NOT TARGET PkgConfig::PC_UTF8PROC) 7 | # libmongoc was compiled against an external utf8proc and links against a 8 | # FindPkgConfig-generated IMPORTED target. Find that package and generate that 9 | # imported target here: 10 | find_dependency(PkgConfig) 11 | pkg_check_modules(PC_UTF8PROC REQUIRED libutf8proc IMPORTED_TARGET GLOBAL) 12 | endif() 13 | -------------------------------------------------------------------------------- /test/data/composer.json: -------------------------------------------------------------------------------- 1 | { 2 | "require": { 3 | "quickbooks/v3-php-sdk": "v4.0.6.1" 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /test/data/conan.lock: -------------------------------------------------------------------------------- 1 | { 2 | "graph_lock": { 3 | "nodes": { 4 | "0": { 5 | "options": "jerryscript:fPIC=True\njerryscript:shared=False\nwolfssl:fPIC=True\nwolfssl:opensslall=False\nwolfssl:opensslextra=False\nwolfssl:shared=False\nzstd:fPIC=True\nzstd:shared=False", 6 | "requires": [ 7 | "1", 8 | "2", 9 | "3" 10 | ], 11 | "path": "conanfile.txt", 12 | "context": "host" 13 | }, 14 | "1": { 15 | "ref": "zstd/1.4.4", 16 | "options": "fPIC=True\nshared=False", 17 | "package_id": "1d877a3df840030e6a8abb74c5ffb9088d08b47a", 18 | "prev": "0", 19 | "context": "host" 20 | }, 21 | "2": { 22 | "ref": "jerryscript/2.2.0", 23 | "options": "fPIC=True\nshared=False", 24 | "package_id": "1d877a3df840030e6a8abb74c5ffb9088d08b47a", 25 | "prev": "0", 26 | "context": "host" 27 | }, 28 | "3": { 29 | "ref": "wolfssl/4.4.0", 30 | "options": "fPIC=True\nopensslall=False\nopensslextra=False\nshared=False", 31 | "package_id": "1d877a3df840030e6a8abb74c5ffb9088d08b47a", 32 | "prev": "0", 33 | "context": "host" 34 | } 35 | }, 36 | "revisions_enabled": false 37 | }, 38 | "version": "0.4", 39 | "profile_host": "[settings]\narch=x86_64\narch_build=x86_64\nbuild_type=Release\ncompiler=gcc\ncompiler.libcxx=libstdc++\ncompiler.version=8\nos=Linux\nos_build=Linux\n[options]\n[build_requires]\n[env]\n" 40 | } -------------------------------------------------------------------------------- /test/data/conanfile.txt: -------------------------------------------------------------------------------- 1 | [requires] 2 | zstd/1.4.4 3 | jerryscript/2.2.0 4 | wolfssl/4.4.0 5 | 6 | [generators] 7 | cmake 8 | -------------------------------------------------------------------------------- /test/data/conanfile.with_custom_pkg_user_channel.txt: -------------------------------------------------------------------------------- 1 | [requires] 2 | libcurl/8.1.2@internal/stable 3 | 4 | [build_requires] 5 | fmt/10.0.0@internal/stable 6 | 7 | [generators] 8 | cmake 9 | -------------------------------------------------------------------------------- /test/data/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: node 5 | spec: 6 | ports: 7 | - port: 3000 8 | type: LoadBalancer 9 | selector: 10 | app: node 11 | --- 12 | apiVersion: apps/v1 13 | kind: Deployment 14 | metadata: 15 | name: node 16 | spec: 17 | selector: 18 | matchLabels: 19 | app: node 20 | template: 21 | metadata: 22 | labels: 23 | app: node 24 | spec: 25 | containers: 26 | - name: node 27 | image: node-typescript-example 28 | ports: 29 | - containerPort: 3000 30 | -------------------------------------------------------------------------------- /test/data/deps.edn: -------------------------------------------------------------------------------- 1 | {:paths ["src/main/clojure" "src/main/resources"] 2 | :deps { 3 | org.clojure/clojure {:mvn/version "1.10.3"} 4 | org.apache.maven.resolver/maven-resolver-api {:mvn/version "1.6.3"} 5 | org.apache.maven.resolver/maven-resolver-spi {:mvn/version "1.6.3"} 6 | org.apache.maven.resolver/maven-resolver-impl {:mvn/version "1.6.3"} 7 | org.apache.maven.resolver/maven-resolver-util {:mvn/version "1.6.3"} 8 | org.apache.maven.resolver/maven-resolver-connector-basic {:mvn/version "1.6.3"} 9 | org.apache.maven.resolver/maven-resolver-transport-file {:mvn/version "1.6.3"} 10 | org.apache.maven.resolver/maven-resolver-transport-http {:mvn/version "1.6.3" :exclusions [org.apache.httpcomponents/httpclient]} 11 | org.apache.httpcomponents/httpclient {:mvn/version "4.5.13"} ;; update transitive dep due to CVE-2020-13956 12 | org.apache.maven/maven-resolver-provider {:mvn/version "3.8.4"} 13 | org.apache.maven/maven-core {:mvn/version "3.8.4" :exclusions [commons-io/commons-io com.google.guava/guava]} 14 | commons-io/commons-io {:mvn/version "2.11.0"} ;; update transitive dep due to CVE-2021-29425 15 | com.google.guava/guava {:mvn/version "31.0.1-android"} ;; update transitive dep due to CVE-2020-8908 16 | org.clojure/data.xml {:mvn/version "0.2.0-alpha6"} 17 | org.clojure/tools.gitlibs {:mvn/version "2.4.172"} 18 | org.clojure/tools.cli {:mvn/version "1.0.206"} 19 | com.cognitect.aws/api {:mvn/version "0.8.539"} 20 | com.cognitect.aws/endpoints {:mvn/version "1.1.12.150"} 21 | com.cognitect.aws/s3 {:mvn/version "814.2.1053.0"} 22 | javax.inject/javax.inject {:mvn/version "1"} 23 | } 24 | :aliases { 25 | ;; clj -M:lint 26 | :lint {:replace-deps {clj-kondo/clj-kondo {:mvn/version "2022.01.15"}} 27 | :main-opts ["-m" "clj-kondo.main" "--lint" "src/main/clojure" "--lint" "src/test/clojure"]} 28 | 29 | ;; clj -M:nvd "" `clj -Spath` 30 | :nvd {:replace-deps {nvd-clojure/nvd-clojure {:mvn/version "2.2.0"}} 31 | :main-opts ["-m" "nvd.task.check"]} 32 | 33 | ;; clj -M:outdated 34 | :outdated {:extra-deps {com.github.liquidz/antq {:mvn/version "RELEASE"}} 35 | :main-opts ["-m" "antq.core"]} 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /test/data/deps.edn.1: -------------------------------------------------------------------------------- 1 | {:deps {org.clojure/clojure {:mvn/version "1.11.0-beta1"} 2 | version-clj/version-clj {:mvn/version "2.0.2"} 3 | clj-http/clj-http {:mvn/version "3.12.3"} 4 | cheshire/cheshire {:mvn/version "5.10.2"} 5 | cli-matic/cli-matic {:mvn/version "0.4.3"} 6 | selmer/selmer {:mvn/version "1.12.50"} 7 | org.slf4j/slf4j-nop {:mvn/version "2.0.0-alpha6"} 8 | borkdude/edamame {:mvn/version "0.0.19"} 9 | org.clojure/tools.deps.alpha {:mvn/version "0.12.1148"} 10 | org.owasp/dependency-check-core {:mvn/version "7.0.0"} 11 | org.apache.maven.resolver/maven-resolver-transport-http {:mvn/version "1.7.3"}} 12 | 13 | :mvn/repos {"central" {:url "https://repo1.maven.org/maven2/"} 14 | "clojars" {:url "https://repo.clojars.org/"}} 15 | 16 | :paths ["src" "resources"] 17 | 18 | :tools/usage {:ns-default clj-watson.entrypoint} 19 | 20 | :aliases {:depstar {:replace-deps {com.github.seancorfield/depstar {:mvn/version "2.1.303"}} 21 | :exec-fn hf.depstar/uberjar 22 | :exec-args {:jar "target/clj-watson.jar" 23 | :main-class clj-watson.cli 24 | :aot true}} 25 | :nREPL {:extra-deps {nrepl/nrepl {:mvn/version "0.9.0"}}} 26 | :clojure-lsp {:replace-deps {com.github.clojure-lsp/clojure-lsp-standalone {:mvn/version "2022.02.01-20.02.32"}} 27 | :main-opts ["-m" "clojure-lsp.main"]}}} 28 | -------------------------------------------------------------------------------- /test/data/deps.edn.2: -------------------------------------------------------------------------------- 1 | {:deps {clj-commons/pomegranate {:mvn/version "1.2.1"} 2 | org.clojure/tools.cli {:mvn/version "1.0.206"} 3 | org.clojure/tools.deps.alpha {:mvn/version "0.12.1048"} 4 | stencil/stencil {:mvn/version "0.5.0"} 5 | ;; add this because tools.deps.alpha no longer includes it 6 | org.slf4j/slf4j-nop {:mvn/version "1.7.32"}} 7 | :tools/usage {:ns-default clj-new} 8 | :aliases {:new {:exec-fn clj-new/create 9 | :exec-args {:template "app"}} 10 | :create {:exec-fn clj-new/create} 11 | :generate {:exec-fn clj-new/generate} 12 | 13 | :new-app {:exec-fn clj-new/create 14 | :exec-args {:template "app"}} 15 | :new-lib {:exec-fn clj-new/create 16 | :exec-args {:template "lib"}} 17 | 18 | :test {:extra-paths ["test"] 19 | :extra-deps {org.clojure/test.check {:mvn/version "1.1.0"} 20 | io.github.cognitect-labs/test-runner 21 | {:git/tag "v0.5.0" :git/sha "48c3c67"}}} 22 | 23 | ;; for help: clojure -A:deps -T:build help/doc 24 | :build {:deps {io.github.seancorfield/build-clj 25 | {:git/tag "v0.5.0" :git/sha "2ceb95a"}} 26 | :ns-default build}}} 27 | -------------------------------------------------------------------------------- /test/data/docker-compose-mysql.yml: -------------------------------------------------------------------------------- 1 | version: '2' 2 | 3 | services: 4 | argo-cd: 5 | image: docker.io/bitnami/argo-cd:2 6 | -------------------------------------------------------------------------------- /test/data/docker-compose-ng.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | frontend: 5 | image: awesome/webapp 6 | build: ./webapp 7 | 8 | backend: 9 | image: awesome/database 10 | build: 11 | context: backend 12 | dockerfile: ../backend.Dockerfile 13 | 14 | web: 15 | build: . 16 | environment: 17 | NODE_ENV: 18 | MONGODB_URI: mongodb://mongo:27017/nodegoat 19 | command: sh -c "until nc -z -w 2 mongo 27017 && echo 'mongo is ready for connections' && node artifacts/db-reset.js && npm start; do sleep 2; done" 20 | ports: 21 | - "4000:4000" 22 | 23 | mongo: 24 | image: mongo:latest 25 | user: mongodb 26 | expose: 27 | - 27017 28 | -------------------------------------------------------------------------------- /test/data/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '2' 2 | services: 3 | mariadb: 4 | image: docker.io/bitnami/mariadb:10.6 5 | volumes: 6 | - 'mariadb_data:/bitnami/mariadb' 7 | environment: 8 | # ALLOW_EMPTY_PASSWORD is recommended only for development. 9 | - ALLOW_EMPTY_PASSWORD=yes 10 | - MARIADB_USER=bn_wordpress 11 | - MARIADB_DATABASE=bitnami_wordpress 12 | wordpress: 13 | image: docker.io/bitnami/wordpress:6 14 | ports: 15 | - '80:8080' 16 | - '443:8443' 17 | volumes: 18 | - 'wordpress_data:/bitnami/wordpress' 19 | depends_on: 20 | - mariadb 21 | environment: 22 | # ALLOW_EMPTY_PASSWORD is recommended only for development. 23 | - ALLOW_EMPTY_PASSWORD=yes 24 | - WORDPRESS_DATABASE_HOST=mariadb 25 | - WORDPRESS_DATABASE_PORT_NUMBER=3306 26 | - WORDPRESS_DATABASE_USER=bn_wordpress 27 | - WORDPRESS_DATABASE_NAME=bitnami_wordpress 28 | volumes: 29 | mariadb_data: 30 | driver: local 31 | wordpress_data: 32 | driver: local 33 | -------------------------------------------------------------------------------- /test/data/go-dvwa.mod: -------------------------------------------------------------------------------- 1 | module github.com/sqreen/go-dvwa 2 | 3 | go 1.13 4 | 5 | require ( 6 | github.com/google/gofuzz v1.1.0 // indirect 7 | github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00 // indirect 8 | github.com/gorilla/mux v1.7.4 9 | github.com/kentik/patricia v0.0.0-20200128193914-c35d94c5e02f // indirect 10 | github.com/kr/text v0.2.0 // indirect 11 | github.com/mattn/go-sqlite3 v2.0.3+incompatible 12 | github.com/mitchellh/mapstructure v1.3.1 // indirect 13 | github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect 14 | github.com/onsi/ginkgo v1.12.2 // indirect 15 | github.com/pelletier/go-toml v1.8.0 // indirect 16 | github.com/smartystreets/assertions v1.1.0 // indirect 17 | github.com/spf13/afero v1.2.2 // indirect 18 | github.com/spf13/jwalterweatherman v1.1.0 // indirect 19 | github.com/spf13/viper v1.7.0 // indirect 20 | github.com/sqreen/go-agent v1.0.5 21 | github.com/stretchr/testify v1.6.1 22 | google.golang.org/protobuf v1.24.0 // indirect 23 | gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect 24 | gopkg.in/ini.v1 v1.56.0 // indirect 25 | ) 26 | -------------------------------------------------------------------------------- /test/data/golist-dep.txt: -------------------------------------------------------------------------------- 1 | github.com/badoux/checkmail v0.0.0-20181210160741-9661bd69e9ad false /home/almalinux/go/pkg/mod/cache/download/github.com/badoux/checkmail/@v/v0.0.0-20181210160741-9661bd69e9ad.mod 2 | github.com/gomodule/oauth1 v0.0.0-20181215000758-9a59ed3b0a84 false /home/almalinux/go/pkg/mod/cache/download/github.com/gomodule/oauth1/@v/v0.0.0-20181215000758-9a59ed3b0a84.mod 3 | github.com/gorilla/mux v1.7.4 false /home/almalinux/go/pkg/mod/cache/download/github.com/gorilla/mux/@v/v1.7.4.mod 1.12 4 | github.com/lib/pq v1.3.0 false /home/almalinux/go/pkg/mod/cache/download/github.com/lib/pq/@v/v1.3.0.mod 5 | github.com/lib/pq v1.3.0 false /home/almalinux/go/pkg/mod/cache/download/github.com/lib/pq/@v/v1.3.0.mod 6 | github.com/lib/pq v1.3.0 false /home/almalinux/go/pkg/mod/cache/download/github.com/lib/pq/@v/v1.3.0.mod 7 | github.com/go-chi/chi v4.0.0+incompatible true /home/almalinux/go/pkg/mod/cache/download/github.com/go-chi/chi/@v/v4.0.0+incompatible.mod 8 | github.com/mailru/easyjson v0.7.0 true /home/almalinux/go/pkg/mod/cache/download/github.com/mailru/easyjson/@v/v0.7.0.mod 1.12 9 | github.com/mailru/easyjson v0.7.0 true /home/almalinux/go/pkg/mod/cache/download/github.com/mailru/easyjson/@v/v0.7.0.mod 1.12 10 | github.com/mailru/easyjson v0.7.0 true /home/almalinux/go/pkg/mod/cache/download/github.com/mailru/easyjson/@v/v0.7.0.mod 1.12 11 | github.com/mailru/easyjson v0.7.0 true /home/almalinux/go/pkg/mod/cache/download/github.com/mailru/easyjson/@v/v0.7.0.mod 1.12 12 | github.com/mailgun/mailgun-go/v4 v4.0.1 false /home/almalinux/go/pkg/mod/cache/download/github.com/mailgun/mailgun-go/v4/@v/v4.0.1.mod 1.13 13 | github.com/pkg/errors v0.9.1 true /home/almalinux/go/pkg/mod/cache/download/github.com/pkg/errors/@v/v0.9.1.mod 14 | github.com/mailgun/mailgun-go/v4 v4.0.1 false /home/almalinux/go/pkg/mod/cache/download/github.com/mailgun/mailgun-go/v4/@v/v4.0.1.mod 1.13 15 | github.com/Preetam/readfasterapp false /home/almalinux/go/readfasterapp/go.mod 1.13 16 | github.com/Preetam/readfasterapp false /home/almalinux/go/readfasterapp/go.mod 1.13 -------------------------------------------------------------------------------- /test/data/gomodwhy.txt: -------------------------------------------------------------------------------- 1 | # github.com/mailgun/mailgun-go/v4 2 | github.com/Preetam/readfasterapp/api 3 | github.com/mailgun/mailgun-go/v4 4 | -------------------------------------------------------------------------------- /test/data/gomodwhynot.txt: -------------------------------------------------------------------------------- 1 | # github.com/mailgun/mailgun-go/v5 2 | (main module does not need to vendor module github.com/mailgun/mailgun-go/v5) 3 | -------------------------------------------------------------------------------- /test/data/gradle-android-jetify.dep: -------------------------------------------------------------------------------- 1 | \--- com.android.support:appcompat-v7:26.1.0 -> androidx.appcompat:appcompat:1.2.0 (*) 2 | 3 | -------------------------------------------------------------------------------- /test/data/gradle-rich1.dep: -------------------------------------------------------------------------------- 1 | | | +--- com.github.spotbugs:spotbugs-annotations -> 4.7.1 2 | | | | +--- org.junit:junit-bom:5.8.2 3 | | | | +--- com.google.code.findbugs:jsr305:3.0.2 4 | | | | \--- ch.qos.logback:logback-core:{strictly [1.2.9, 2[; prefer 1.2.10} -> 1.4.5 (c) 5 | -------------------------------------------------------------------------------- /test/data/gradle-rich2.dep: -------------------------------------------------------------------------------- 1 | +--- io.appium:java-client -> 8.1.1 2 | | +--- org.seleniumhq.selenium:selenium-support:{strictly [4.2.1, 5.0); prefer 4.2.1} -> 4.5.0 (*) -------------------------------------------------------------------------------- /test/data/gradle-rich3.dep: -------------------------------------------------------------------------------- 1 | | \--- org.seleniumhq.selenium:selenium-remote-driver:{strictly [4.2.1, 5.0); prefer 4.2.1} -> 4.5.0 (*) -------------------------------------------------------------------------------- /test/data/gradle-rich4.dep: -------------------------------------------------------------------------------- 1 | | +--- org.seleniumhq.selenium:selenium-api:{strictly [4.2.1, 5.0); prefer 4.2.1} -> 4.5.0 -------------------------------------------------------------------------------- /test/data/gradle-sm.dep: -------------------------------------------------------------------------------- 1 | +--- project :module:dummy:core 2 | | +--- ch.qos.logback:logback-core -> 1.2.11 3 | | +--- org.slf4j:slf4j-api -> 1.7.36 4 | | +--- ch.qos.logback:logback-classic -> 1.2.11 (*) 5 | | \--- org.springframework:spring-context -> 5.3.21 (*) 6 | +--- project :module:dummy:service 7 | | +--- ch.qos.logback:logback-core -> 1.2.11 8 | | +--- org.slf4j:slf4j-api -> 1.7.36 9 | -------------------------------------------------------------------------------- /test/data/jquery.3.6.0.nupkg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CycloneDX/cdxgen/1252f36405c4df400d3b8c286366a8eba38d0029/test/data/jquery.3.6.0.nupkg -------------------------------------------------------------------------------- /test/data/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: kustomize.config.k8s.io/v1alpha1 16 | kind: Component 17 | images: 18 | - name: gcr.io/google-samples/microservices-demo/adservice 19 | newName: CONTAINER_IMAGES_REGISTRY/adservice 20 | - name: gcr.io/google-samples/microservices-demo/cartservice 21 | newName: CONTAINER_IMAGES_REGISTRY/cartservice 22 | - name: gcr.io/google-samples/microservices-demo/checkoutservice 23 | newName: CONTAINER_IMAGES_REGISTRY/checkoutservice 24 | - name: gcr.io/google-samples/microservices-demo/currencyservice 25 | newName: CONTAINER_IMAGES_REGISTRY/currencyservice 26 | - name: gcr.io/google-samples/microservices-demo/emailservice 27 | newName: CONTAINER_IMAGES_REGISTRY/emailservice 28 | - name: gcr.io/google-samples/microservices-demo/frontend 29 | newName: CONTAINER_IMAGES_REGISTRY/frontend 30 | - name: gcr.io/google-samples/microservices-demo/loadgenerator 31 | newName: CONTAINER_IMAGES_REGISTRY/loadgenerator 32 | - name: gcr.io/google-samples/microservices-demo/paymentservice 33 | newName: CONTAINER_IMAGES_REGISTRY/paymentservice 34 | - name: gcr.io/google-samples/microservices-demo/productcatalogservice 35 | newName: CONTAINER_IMAGES_REGISTRY/productcatalogservice 36 | - name: gcr.io/google-samples/microservices-demo/recommendationservice 37 | newName: CONTAINER_IMAGES_REGISTRY/recommendationservice 38 | - name: gcr.io/google-samples/microservices-demo/shippingservice 39 | newName: CONTAINER_IMAGES_REGISTRY/shippingservice 40 | - name: redis 41 | newName: CONTAINER_IMAGES_REGISTRY/redis 42 | -------------------------------------------------------------------------------- /test/data/mercurial-5.5.2-py3.8.egg-info: -------------------------------------------------------------------------------- 1 | Metadata-Version: 1.1 2 | Name: mercurial 3 | Version: 5.5.2 4 | Summary: Fast scalable distributed SCM (revision control, version control) system 5 | Home-page: https://mercurial-scm.org/ 6 | Author: Matt Mackall and many others 7 | Author-email: mercurial@mercurial-scm.org 8 | License: GNU GPLv2 or any later version 9 | Download-URL: https://mercurial-scm.org/release/ 10 | Description: Mercurial is a distributed SCM tool written in Python. It is used by a number of large projects that require fast, reliable distributed revision control, such as Mozilla. 11 | Platform: UNKNOWN 12 | Classifier: Development Status :: 6 - Mature 13 | Classifier: Environment :: Console 14 | Classifier: Intended Audience :: Developers 15 | Classifier: Intended Audience :: System Administrators 16 | Classifier: License :: OSI Approved :: GNU General Public License (GPL) 17 | Classifier: Natural Language :: Danish 18 | Classifier: Natural Language :: English 19 | Classifier: Natural Language :: German 20 | Classifier: Natural Language :: Italian 21 | Classifier: Natural Language :: Japanese 22 | Classifier: Natural Language :: Portuguese (Brazilian) 23 | Classifier: Operating System :: Microsoft :: Windows 24 | Classifier: Operating System :: OS Independent 25 | Classifier: Operating System :: POSIX 26 | Classifier: Programming Language :: C 27 | Classifier: Programming Language :: Python 28 | Classifier: Topic :: Software Development :: Version Control 29 | -------------------------------------------------------------------------------- /test/data/mill/out/bar/ivyDepsTree.log: -------------------------------------------------------------------------------- 1 | ├─ net.sourceforge.argparse4j:argparse4j:0.9.0 2 | └─ org.thymeleaf:thymeleaf:3.1.1.RELEASE 3 | ├─ ognl:ognl:3.3.4 4 | │ └─ org.javassist:javassist:3.29.0-GA 5 | ├─ org.attoparser:attoparser:2.0.6.RELEASE 6 | ├─ org.slf4j:slf4j-api:2.0.5 7 | └─ org.unbescape:unbescape:1.1.6.RELEASE 8 | -------------------------------------------------------------------------------- /test/data/mill/out/bar/test/ivyDepsTree.log: -------------------------------------------------------------------------------- 1 | ├─ bar 2 | │ ├─ net.sourceforge.argparse4j:argparse4j:0.9.0 3 | │ └─ org.thymeleaf:thymeleaf:3.1.1.RELEASE 4 | │ ├─ ognl:ognl:3.3.4 5 | │ │ └─ org.javassist:javassist:3.29.0-GA 6 | │ ├─ org.attoparser:attoparser:2.0.6.RELEASE 7 | │ ├─ org.slf4j:slf4j-api:2.0.5 8 | │ └─ org.unbescape:unbescape:1.1.6.RELEASE 9 | └─ com.github.sbt:junit-interface:0.13.2 10 | ├─ junit:junit:4.13.2 11 | │ └─ org.hamcrest:hamcrest-core:1.3 12 | └─ org.scala-sbt:test-interface:1.0 13 | -------------------------------------------------------------------------------- /test/data/mill/out/foo/ivyDepsTree.log: -------------------------------------------------------------------------------- 1 | ├─ bar 2 | │ ├─ net.sourceforge.argparse4j:argparse4j:0.9.0 3 | │ └─ org.thymeleaf:thymeleaf:3.1.1.RELEASE 4 | │ ├─ ognl:ognl:3.3.4 5 | │ │ └─ org.javassist:javassist:3.29.0-GA 6 | │ ├─ org.attoparser:attoparser:2.0.6.RELEASE 7 | │ ├─ org.slf4j:slf4j-api:2.0.5 8 | │ └─ org.unbescape:unbescape:1.1.6.RELEASE 9 | └─ net.sourceforge.argparse4j:argparse4j:0.9.0 10 | -------------------------------------------------------------------------------- /test/data/mill/out/foo/test/ivyDepsTree.log: -------------------------------------------------------------------------------- 1 | ├─ foo 2 | │ ├─ bar 3 | │ │ ├─ net.sourceforge.argparse4j:argparse4j:0.9.0 4 | │ │ └─ org.thymeleaf:thymeleaf:3.1.1.RELEASE 5 | │ │ ├─ ognl:ognl:3.3.4 6 | │ │ │ └─ org.javassist:javassist:3.29.0-GA 7 | │ │ ├─ org.attoparser:attoparser:2.0.6.RELEASE 8 | │ │ ├─ org.slf4j:slf4j-api:2.0.5 9 | │ │ └─ org.unbescape:unbescape:1.1.6.RELEASE 10 | │ └─ net.sourceforge.argparse4j:argparse4j:0.9.0 11 | └─ com.github.sbt:junit-interface:0.13.2 12 | ├─ junit:junit:4.13.2 13 | │ └─ org.hamcrest:hamcrest-core:1.3 14 | └─ org.scala-sbt:test-interface:1.0 15 | -------------------------------------------------------------------------------- /test/data/msgpack.mk: -------------------------------------------------------------------------------- 1 | ################################################################################ 2 | # 3 | # msgpack 4 | # 5 | ################################################################################ 6 | 7 | MSGPACK_VERSION = 3.3.0 8 | MSGPACK_SITE = https://github.com/msgpack/msgpack-c/releases/download/cpp-$(MSGPACK_VERSION) 9 | MSGPACK_LICENSE = BSL-1.0 10 | MSGPACK_LICENSE_FILES = COPYING LICENSE_1_0.txt 11 | MSGPACK_INSTALL_STAGING = YES 12 | MSGPACK_CONF_OPTS = -DMSGPACK_BUILD_EXAMPLES=OFF -DMSGPACK_BUILD_TESTS=OFF 13 | 14 | ifeq ($(BR2_STATIC_LIBS),y) 15 | MSGPACK_CONF_OPTS += -DMSGPACK_ENABLE_SHARED=OFF 16 | endif 17 | 18 | $(eval $(cmake-package)) 19 | -------------------------------------------------------------------------------- /test/data/mvn-dep-tree-simple.txt: -------------------------------------------------------------------------------- 1 | com.gitlab.security_products.tests:java-maven:jar:1.0-SNAPSHOT 2 | +- com.github.jnr:jffi:jar:1.3.11:compile 3 | +- com.github.jnr:jffi:jar:native:1.3.11:runtime 4 | +- org.powermock:powermock-api-mockito:jar:1.7.3:test 5 | | +- org.powermock:powermock-api-mockito-common:jar:1.7.3:test 6 | | | \- org.powermock:powermock-api-support:jar:1.7.3:test 7 | | | +- org.powermock:powermock-reflect:jar:1.7.3:test 8 | | | \- org.powermock:powermock-core:jar:1.7.3:test 9 | | | \- org.javassist:javassist:jar:3.21.0-GA:test 10 | | \- org.mockito:mockito-core:jar:1.10.19:test 11 | | +- org.hamcrest:hamcrest-core:jar:1.1:test 12 | | \- org.objenesis:objenesis:jar:2.1:test 13 | +- io.netty:netty:jar:3.9.1.Final:compile 14 | +- junit:junit:jar:3.8.1:test 15 | +- org.apache.maven:maven-artifact:jar:3.3.9:compile 16 | | +- org.codehaus.plexus:plexus-utils:jar:3.0.22:compile 17 | | \- org.apache.commons:commons-lang3:jar:3.4:compile 18 | +- com.fasterxml.jackson.core:jackson-databind:jar:2.9.2:compile 19 | | +- com.fasterxml.jackson.core:jackson-annotations:jar:2.9.0:compile 20 | | \- com.fasterxml.jackson.core:jackson-core:jar:2.9.2:compile 21 | +- org.mozilla:rhino:jar:1.7.10:compile 22 | \- org.apache.geode:geode-core:jar:1.1.1:compile 23 | +- com.github.stephenc.findbugs:findbugs-annotations:jar:1.3.9-1:compile 24 | +- org.jgroups:jgroups:jar:3.6.10.Final:compile 25 | +- antlr:antlr:jar:2.7.7:compile 26 | +- commons-io:commons-io:jar:2.3:compile 27 | +- commons-lang:commons-lang:jar:2.5:compile 28 | +- it.unimi.dsi:fastutil:jar:7.0.2:compile 29 | +- javax.resource:javax.resource-api:jar:1.7:compile 30 | | \- javax.transaction:javax.transaction-api:jar:1.2:compile 31 | +- net.java.dev.jna:jna:jar:4.0.0:compile 32 | +- net.sf.jopt-simple:jopt-simple:jar:5.0.1:compile 33 | +- org.apache.logging.log4j:log4j-api:jar:2.6.1:compile 34 | +- org.apache.logging.log4j:log4j-core:jar:2.6.1:compile 35 | +- org.apache.shiro:shiro-core:jar:1.3.1:compile 36 | | +- org.slf4j:slf4j-api:jar:1.6.4:compile 37 | | \- commons-beanutils:commons-beanutils:jar:1.8.3:compile 38 | +- org.apache.geode:geode-common:jar:1.1.1:compile 39 | \- org.apache.geode:geode-json:jar:1.1.1:compile 40 | -------------------------------------------------------------------------------- /test/data/os-release: -------------------------------------------------------------------------------- 1 | PRETTY_NAME="Ubuntu 22.04.3 LTS" 2 | NAME="Ubuntu" 3 | VERSION_ID="22.04" 4 | VERSION="22.04.3 LTS (Jammy Jellyfish)" 5 | VERSION_CODENAME=jammy 6 | ID=ubuntu 7 | ID_LIKE=debian 8 | HOME_URL="https://www.ubuntu.com/" 9 | SUPPORT_URL="https://help.ubuntu.com/" 10 | BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" 11 | PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" 12 | UBUNTU_CODENAME=jammy 13 | -------------------------------------------------------------------------------- /test/data/package-json/v1/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "jsforwp-blocks", 3 | "version": "2.0.0", 4 | "license": "MIT", 5 | "main": "blocks/index.js", 6 | "scripts": { 7 | "dev": "cross-env BABEL_ENV=default webpack --watch", 8 | "build": "cross-env BABEL_ENV=default NODE_ENV=production webpack -p" 9 | }, 10 | "dependencies": { 11 | "react": "16.2.0", 12 | "react-autosize-textarea": "2.0.0", 13 | "react-dom": "16.2.0", 14 | "react-sortable-hoc": "^0.6.8" 15 | }, 16 | "devDependencies": { 17 | "@wordpress/babel-preset-default": "^1.2.0", 18 | "babel-core": "^6.26.3", 19 | "babel-eslint": "^8.2.3", 20 | "babel-loader": "^7.1.4", 21 | "classnames": "^2.2.5", 22 | "cross-env": "^5.1.5", 23 | "css-loader": "^0.28.11", 24 | "eslint": "^4.19.1", 25 | "extract-text-webpack-plugin": "^3.0.2", 26 | "node-sass": "^4.9.0", 27 | "postcss-loader": "^2.1.5", 28 | "raw-loader": "^0.5.1", 29 | "sass-loader": "^6.0.7", 30 | "style-loader": "^0.19.1", 31 | "webpack": "^3.11.0" 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /test/data/package-json/v2-workspace/app/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "app", 3 | "version": "0.0.0", 4 | "private": true, 5 | "type": "module", 6 | "scripts": { 7 | "start": "vite serve", 8 | "build": "vite build", 9 | "preview": "vite preview", 10 | "test": "vitest", 11 | "coverage": "vitest --coverage", 12 | "deploy": "yarn workspace edge deploy", 13 | "app:start": "yarn workspace app start", 14 | "app:build": "yarn workspace app build", 15 | "app:preview": "yarn workspace app preview", 16 | "app:deploy": "yarn workspace app deploy" 17 | }, 18 | "dependencies": { 19 | "@babel/runtime": "^7.22.15", 20 | "@emotion/react": "^11.11.1", 21 | "@emotion/styled": "^11.11.0", 22 | "@mui/icons-material": "^5.14.7", 23 | "@mui/lab": "^5.0.0-alpha.142", 24 | "@mui/material": "^5.14.7", 25 | "firebase": "^10.3.1", 26 | "localforage": "^1.10.0", 27 | "notistack": "^3.0.1", 28 | "react": "^18.2.0", 29 | "react-dom": "^18.2.0", 30 | "react-router-dom": "^6.15.0", 31 | "recoil": "^0.7.7" 32 | }, 33 | "devDependencies": { 34 | "@babel/core": "^7.22.15", 35 | "@emotion/babel-plugin": "^11.11.0", 36 | "@types/node": "^20.5.9", 37 | "@types/react": "^18.2.21", 38 | "@types/react-dom": "^18.2.7", 39 | "@vitejs/plugin-react": "^4.0.4", 40 | "envars": "^0.4.0", 41 | "happy-dom": "^10.11.2", 42 | "typescript": "~5.2.2", 43 | "vite": "~4.4.9", 44 | "vitest": "~0.33.0" 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /test/data/package-json/v2-workspace/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "root", 3 | "version": "0.0.0", 4 | "private": true, 5 | "packageManager": "yarn@4.0.0-rc.50", 6 | "type": "module", 7 | "license": "MIT", 8 | "workspaces": ["app", "edge", "scripts"], 9 | "scripts": { 10 | "postinstall": "husky install && node ./scripts/postinstall.js", 11 | "update-schema": "node ./scripts/update-schema.js", 12 | "start": "yarn workspace app start", 13 | "lint": "eslint --cache --report-unused-disable-directives .", 14 | "test": "vitest", 15 | "build": "yarn workspaces foreach -tiA run build", 16 | "deploy": "yarn workspace edge deploy" 17 | }, 18 | "devDependencies": { 19 | "@emotion/babel-plugin": "^11.11.0", 20 | "@emotion/eslint-plugin": "^11.11.0", 21 | "@types/eslint": "^8.44.2", 22 | "@typescript-eslint/eslint-plugin": "^6.6.0", 23 | "@typescript-eslint/parser": "^6.6.0", 24 | "eslint": "^8.48.0", 25 | "eslint-config-prettier": "^9.0.0", 26 | "eslint-import-resolver-typescript": "^3.6.0", 27 | "eslint-plugin-import": "^2.28.1", 28 | "eslint-plugin-jsx-a11y": "^6.7.1", 29 | "eslint-plugin-react": "^7.33.2", 30 | "eslint-plugin-react-hooks": "^4.6.0", 31 | "graphql": "^16.8.0", 32 | "happy-dom": "^10.11.2", 33 | "husky": "^8.0.3", 34 | "prettier": "^3.0.3", 35 | "react": "^18.2.0", 36 | "relay-config": "^12.0.1", 37 | "typescript": "~5.2.2", 38 | "vite": "~4.4.9", 39 | "vitest": "~0.33.0" 40 | }, 41 | "prettier": { 42 | "printWidth": 80, 43 | "tabWidth": 2, 44 | "useTabs": false, 45 | "semi": true, 46 | "singleQuote": false, 47 | "quoteProps": "as-needed", 48 | "jsxSingleQuote": false, 49 | "trailingComma": "all", 50 | "bracketSpacing": true, 51 | "bracketSameLine": false, 52 | "arrowParens": "always", 53 | "endOfLine": "lf" 54 | }, 55 | "dependencies": { 56 | "@npmcli/arborist": "^7.1.0", 57 | "chalk": "^5.3.0", 58 | "diff": "^5.1.0", 59 | "packageurl-js": "^1.0.2" 60 | } 61 | } 62 | -------------------------------------------------------------------------------- /test/data/package-json/v2-workspace/scripts/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "scripts", 3 | "version": "0.0.0", 4 | "private": true, 5 | "type": "module", 6 | "dependencies": { 7 | "envars": "^0.4.0", 8 | "execa": "^8.0.1", 9 | "get-port": "^7.0.0", 10 | "got": "^13.0.0", 11 | "graphql": "^16.8.0", 12 | "lodash-es": "^4.17.21", 13 | "miniflare": "^3.20230821.0", 14 | "prettier": "^3.0.3", 15 | "toml": "^3.0.0", 16 | "vite": "^4.4.9", 17 | "wrangler": "^3.6.0", 18 | "zx": "^7.2.3" 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /test/data/package-json/v2/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "shopify-theme-tailwindcss", 3 | "version": "2.2.1", 4 | "description": "A starting point for an Online Store 2.0 theme using Tailwind CSS", 5 | "private": true, 6 | "scripts": { 7 | "dev": "vite build --watch", 8 | "build": "tsc && vite build", 9 | "shopify": "cd shopify && shopify theme dev", 10 | "install-theme": "ts-node scripts/install-theme.ts --repo=https://github.com/Shopify/dawn.git" 11 | }, 12 | "keywords": ["Shopify Theme", "Online Store 2.0"], 13 | "author": "Wessel van Ree ", 14 | "license": "MIT", 15 | "devDependencies": { 16 | "@types/shelljs": "^0.8.11", 17 | "autoprefixer": "^10.4.13", 18 | "fast-glob": "^3.2.12", 19 | "postcss": "^8.4.18", 20 | "shelljs": "^0.8.5", 21 | "tailwindcss": "^3.2.1", 22 | "ts-node": "^10.9.1", 23 | "typescript": "^4.8.4", 24 | "vite": "^3.2.1" 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /test/data/package-json/v3/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "clase-21---jwt", 3 | "version": "1.0.0", 4 | "description": "", 5 | "main": "index.js", 6 | "type": "module", 7 | "scripts": { 8 | "test": "echo \"Error: no test specified\" && exit 1" 9 | }, 10 | "keywords": [], 11 | "author": "", 12 | "license": "ISC", 13 | "dependencies": { 14 | "connect-mongo": "^5.0.0", 15 | "express": "^4.18.2", 16 | "express-handlebars": "^7.0.7", 17 | "express-session": "^1.17.3", 18 | "jsonwebtoken": "^9.0.0", 19 | "mongoose": "^7.3.1", 20 | "passport": "^0.6.0", 21 | "passport-github2": "^0.1.12" 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /test/data/package-lock2.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "MyProject", 3 | "lockfileVersion": 2, 4 | "requires": true, 5 | "packages": {} 6 | } 7 | -------------------------------------------------------------------------------- /test/data/packages.config: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /test/data/packages2.config: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | -------------------------------------------------------------------------------- /test/data/pnpm-lock2.yaml: -------------------------------------------------------------------------------- 1 | lockfileVersion: 5.3 2 | 3 | specifiers: 4 | chalk: ^1.1.3 5 | 6 | dependencies: 7 | chalk: 1.1.3 8 | 9 | packages: 10 | 11 | /ansi-regex/2.1.1: 12 | resolution: {integrity: sha1-w7M6te42DYbg5ijwRorn7yfWVN8=} 13 | engines: {node: '>=0.10.0'} 14 | dev: false 15 | 16 | /ansi-styles/2.2.1: 17 | resolution: {integrity: sha1-tDLdM1i2NM914eRmQ2gkBTPB3b4=} 18 | engines: {node: '>=0.10.0'} 19 | dev: false 20 | 21 | /chalk/1.1.3: 22 | resolution: {integrity: sha1-qBFcVeSnAv5NFQq9OHKCKn4J/Jg=} 23 | engines: {node: '>=0.10.0'} 24 | dependencies: 25 | ansi-styles: 2.2.1 26 | escape-string-regexp: 1.0.5 27 | has-ansi: 2.0.0 28 | strip-ansi: 3.0.1 29 | supports-color: 2.0.0 30 | dev: false 31 | 32 | /escape-string-regexp/1.0.5: 33 | resolution: {integrity: sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=} 34 | engines: {node: '>=0.8.0'} 35 | dev: false 36 | 37 | /has-ansi/2.0.0: 38 | resolution: {integrity: sha1-NPUEnOHs3ysGSa8+8k5F7TVBbZE=} 39 | engines: {node: '>=0.10.0'} 40 | dependencies: 41 | ansi-regex: 2.1.1 42 | dev: false 43 | 44 | /strip-ansi/3.0.1: 45 | resolution: {integrity: sha1-ajhfuIU9lS1f8F0Oiq+UJ43GPc8=} 46 | engines: {node: '>=0.10.0'} 47 | dependencies: 48 | ansi-regex: 2.1.1 49 | dev: false 50 | 51 | /supports-color/2.0.0: 52 | resolution: {integrity: sha1-U10EXOa2Nj+kARcIRimZXp3zJMc=} 53 | engines: {node: '>=0.8.0'} 54 | dev: false 55 | -------------------------------------------------------------------------------- /test/data/pnpm-lock4.yaml: -------------------------------------------------------------------------------- 1 | lockfileVersion: 5.4 2 | 3 | specifiers: 4 | '@ant-design/icons': ^4.8.0 5 | 6 | dependencies: 7 | '@ant-design/icons': 4.8.0_biqbaboplfbrettd7655fr4n2y 8 | 9 | packages: 10 | 11 | /@ampproject/remapping/2.2.0: 12 | resolution: {integrity: sha512-qRmjj8nj9qmLTQXXmaR1cck3UXSRMPrbsLJAasZpF+t3riI71BXed5ebIOYwQntykeZuhjsdweEc9BxH5Jc26w==} 13 | engines: {node: '>=6.0.0'} 14 | dependencies: 15 | '@jridgewell/gen-mapping': 0.1.1 16 | '@jridgewell/trace-mapping': 0.3.17 17 | -------------------------------------------------------------------------------- /test/data/pnpm_locks/bytemd-pnpm-workspace.yaml: -------------------------------------------------------------------------------- 1 | packages: 2 | - packages/** 3 | - playground 4 | -------------------------------------------------------------------------------- /test/data/postgrescluster.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: postgres-operator.crunchydata.com/v1beta1 2 | kind: PostgresCluster 3 | metadata: 4 | name: hippo 5 | spec: 6 | image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-14.5-1 7 | postgresVersion: 14 8 | instances: 9 | - name: instance1 10 | dataVolumeClaimSpec: 11 | accessModes: 12 | - "ReadWriteMany" 13 | resources: 14 | requests: 15 | storage: 1Gi 16 | backups: 17 | pgbackrest: 18 | image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.40-1 19 | repos: 20 | - name: repo1 21 | volume: 22 | volumeClaimSpec: 23 | accessModes: 24 | - "ReadWriteMany" 25 | resources: 26 | requests: 27 | storage: 1Gi 28 | - name: repo2 29 | volume: 30 | volumeClaimSpec: 31 | accessModes: 32 | - "ReadWriteMany" 33 | resources: 34 | requests: 35 | storage: 1Gi 36 | proxy: 37 | pgBouncer: 38 | image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:ubi8-1.17-1 39 | -------------------------------------------------------------------------------- /test/data/project.clj.1: -------------------------------------------------------------------------------- 1 | (defproject hara/base "3.0.1" 2 | :description "clojure code patterns" 3 | :url "https://www.github.com/zcaudate/hara" 4 | :profiles {:dev {:plugins [[cider/cider-nrepl "0.18.0"]]}} 5 | :dependencies [[org.clojure/clojure "1.9.0"] 6 | 7 | ;; hara/lib.aether 8 | [org.eclipse.aether/aether-api "1.1.0"] 9 | [org.eclipse.aether/aether-spi "1.1.0"] 10 | [org.eclipse.aether/aether-util "1.1.0"] 11 | [org.eclipse.aether/aether-impl "1.1.0"] 12 | [org.eclipse.aether/aether-connector-basic "1.1.0"] 13 | [org.eclipse.aether/aether-transport-wagon "1.1.0"] 14 | [org.eclipse.aether/aether-transport-http "1.1.0"] 15 | [org.eclipse.aether/aether-transport-file "1.1.0"] 16 | [org.eclipse.aether/aether-transport-classpath "1.1.0"] 17 | [org.apache.maven/maven-aether-provider "3.3.9"] 18 | [org.apache.maven.wagon/wagon-webdav-jackrabbit "3.1.0"] 19 | 20 | ;; hara/lib.jgit 21 | [org.eclipse.jgit/org.eclipse.jgit "5.1.1.201809181055-r"] 22 | 23 | ;; hara/lib.jsoup 24 | [org.jsoup/jsoup "1.11.3"] 25 | 26 | ;; hara/module.deps 27 | [org.ow2.asm/asm "6.2"] 28 | 29 | ;; hara/security.pgp 30 | [org.bouncycastle/bcprov-jdk15on "1.60"] 31 | [org.bouncycastle/bcpg-jdk15on "1.60"]] 32 | :aliases {"test" ["run" "-m" "hara.test" "exit"]} 33 | :java-source-paths ["code/java"] 34 | :repl-options {:host "0.0.0.0"} 35 | :deploy {:config "config/deploy.edn"} 36 | :jvm-opts []) 37 | -------------------------------------------------------------------------------- /test/data/pubspec.yaml: -------------------------------------------------------------------------------- 1 | name: awesome_dialog 2 | description: >- 3 | Flutter package to show beautiful dialogs(INFO,QUESTION,WARNING,SUCCESS,ERROR) with animations as simply as possible. 4 | version: 2.2.1 5 | homepage: https://github.com/marcos930807/awesomeDialogs 6 | 7 | environment: 8 | sdk: ">=2.12.0 <3.0.0" 9 | 10 | dependencies: 11 | flutter: 12 | sdk: flutter 13 | simple_animations: ^4.0.1 14 | flare_flutter: ^3.0.2 15 | 16 | dev_dependencies: 17 | flutter_test: 18 | sdk: flutter 19 | flutter_lints: ^1.0.4 20 | 21 | # For information on the generic Dart part of this file, see the 22 | # following page: https://dart.dev/tools/pub/pubspec 23 | 24 | # The following section is specific to Flutter. 25 | flutter: 26 | # To add assets to your package, add an assets section, like this: 27 | assets: 28 | - assets/flare/ 29 | # - images/a_dot_burr.jpeg 30 | # - images/a_dot_ham.jpeg 31 | # 32 | # For details regarding assets in packages, see 33 | # https://flutter.dev/assets-and-images/#from-packages 34 | # 35 | # An image asset can refer to one or more resolution-specific "variants", see 36 | # https://flutter.dev/assets-and-images/#resolution-aware. 37 | 38 | # To add custom fonts to your package, add a fonts section here, 39 | # in this "flutter" section. Each entry in this list should have a 40 | # "family" key with the font family name, and a "fonts" key with a 41 | # list giving the asset and other descriptors for the font. For 42 | # example: 43 | # fonts: 44 | # - family: Schyler 45 | # fonts: 46 | # - asset: fonts/Schyler-Regular.ttf 47 | # - asset: fonts/Schyler-Italic.ttf 48 | # style: italic 49 | # - family: Trajan Pro 50 | # fonts: 51 | # - asset: fonts/TrajanPro.ttf 52 | # - asset: fonts/TrajanPro_Bold.ttf 53 | # weight: 700 54 | # 55 | # For details regarding fonts in packages, see 56 | # https://flutter.dev/custom-fonts/#from-packages 57 | -------------------------------------------------------------------------------- /test/data/pyproject.toml: -------------------------------------------------------------------------------- 1 | [tool.poetry] 2 | name = "cpggen" 3 | version = "1.9.0" # 1.9.0 is not version 2.0.0 4 | description = "Generate CPG for multiple languages for code and threat analysis" 5 | authors = ["Team AppThreat "] 6 | license = "Apache-2.0" 7 | readme = "README.md" 8 | packages = [{include = "cpggen"}] 9 | homepage = "https://github.com/AppThreat/cpggen" 10 | repository = "https://github.com/AppThreat/cpggen" 11 | keywords = ["joern", "code analysis", "static analysis", "cpg", "code property graph", "atom", "threat analysis"] 12 | classifiers = [ 13 | "Development Status :: 5 - Production/Stable", 14 | "Intended Audience :: Developers", 15 | "Intended Audience :: System Administrators", 16 | "Topic :: Utilities", 17 | "Topic :: Security", 18 | "Programming Language :: Python :: 3.8", 19 | "Programming Language :: Python :: 3.9", 20 | "Programming Language :: Python :: 3.10", 21 | "Programming Language :: Python :: 3.11", 22 | "Operating System :: OS Independent", 23 | ] 24 | exclude = ["contrib", "tests"] 25 | include = ["cpggen/atom/*"] 26 | 27 | [tool.poetry.scripts] 28 | atomgen = 'cpggen.cli:main' 29 | cpggen = 'cpggen.cli:main' 30 | cpg = 'cpggen.cli:main' 31 | 32 | [tool.poetry.dependencies] 33 | python = ">=3.8.1,<3.12" 34 | rich = "^13.4.2" 35 | gitpython = "^3.1.31" 36 | quart = "^0.18.4" 37 | psutil = "^5.9.5" 38 | packageurl-python = "^0.11.1" 39 | httpx = "^0.24.1" 40 | 41 | [tool.poetry.group.dev.dependencies] 42 | pytest = "^7.4.0" 43 | black = "^23.3.0" 44 | flake8 = "^6.0.0" 45 | pytest-cov = "^4.0.0" 46 | pyinstaller = "^5.12.0" 47 | bandit = "^1.7.5" 48 | pylint = "^2.17.4" 49 | 50 | [build-system] 51 | requires = ["poetry-core"] 52 | build-backend = "poetry.core.masonry.api" 53 | -------------------------------------------------------------------------------- /test/data/pyproject_uv-workspace.toml: -------------------------------------------------------------------------------- 1 | [project] 2 | name = "my-app" 3 | version = "0.1.0" 4 | description = "An example of uv workspace" 5 | readme = "README.md" 6 | requires-python = ">=3.9" 7 | dependencies = [ 8 | "my-lib", 9 | ] 10 | 11 | [dependency-groups] 12 | dev = [ 13 | "ruff >= 0.8.1", 14 | "pytest >= 8.3.4", 15 | ] 16 | 17 | [tool.uv.sources] 18 | my-lib = { workspace = true } 19 | 20 | [tool.uv.workspace] 21 | members = [ "packages/*" ] 22 | -------------------------------------------------------------------------------- /test/data/pyproject_uv2.toml: -------------------------------------------------------------------------------- 1 | [project] 2 | name = "una-root" 3 | version = "0" 4 | requires-python = ">=3.11" 5 | dependencies = ["una", "hatch-una"] 6 | 7 | [tool.uv] 8 | dev-dependencies = [ 9 | "pytest >= 8.3.1", 10 | "basedpyright >= 1.15.2", 11 | "mkdocs-material >= 9.5.31", 12 | "ruff >= 0.6.2", 13 | ] 14 | package = false 15 | 16 | [tool.uv.sources] 17 | una = { workspace = true } 18 | hatch-una = { workspace = true } 19 | 20 | [tool.uv.workspace] 21 | members = ["una", "plugins/hatch"] 22 | 23 | [tool.ruff] 24 | target-version = "py311" 25 | line-length = 100 26 | 27 | [tool.ruff.lint] 28 | select = ["A", "E", "F", "I", "N", "T100", "UP", "ANN401"] 29 | ignore = ["F841"] # pyright does this 30 | 31 | [tool.ruff.lint.isort] 32 | known-first-party = ["una"] 33 | 34 | [tool.basedpyright] 35 | venvPath = "." 36 | venv = ".venv" 37 | pythonVersion = "3.11" 38 | strict = ["una/**/*.py", "plugins/**/*.py"] 39 | ignore = ["dist/"] 40 | reportUnnecessaryTypeIgnoreComment = true 41 | reportImplicitOverride = false 42 | reportUnusedCallResult = false 43 | enableTypeIgnoreComments = true 44 | -------------------------------------------------------------------------------- /test/data/pyproject_with_custom_poetry_source.toml: -------------------------------------------------------------------------------- 1 | [tool.poetry] 2 | name = "cpggen" # This is cpggen not something else 3 | version = "1.9.0" 4 | description = "Generate CPG for multiple languages for code and threat analysis" 5 | authors = ["Team AppThreat "] 6 | license = "Apache-2.0" 7 | readme = "README.md" 8 | packages = [{include = "cpggen"}] 9 | homepage = "https://github.com/AppThreat/cpggen" 10 | repository = "https://github.com/AppThreat/cpggen" 11 | keywords = ["joern", "code analysis", "static analysis", "cpg", "code property graph", "atom", "threat analysis"] 12 | classifiers = [ 13 | "Development Status :: 5 - Production/Stable", 14 | "Intended Audience :: Developers", 15 | "Intended Audience :: System Administrators", 16 | "Topic :: Utilities", 17 | "Topic :: Security", 18 | "Programming Language :: Python :: 3.8", 19 | "Programming Language :: Python :: 3.9", 20 | "Programming Language :: Python :: 3.10", 21 | "Programming Language :: Python :: 3.11", 22 | "Operating System :: OS Independent", 23 | ] 24 | exclude = ["contrib", "tests"] 25 | include = ["cpggen/atom/*"] 26 | 27 | [tool.poetry.scripts] 28 | atomgen = 'cpggen.cli:main' 29 | cpggen = 'cpggen.cli:main' 30 | cpg = 'cpggen.cli:main' 31 | 32 | [tool.poetry.dependencies] 33 | python = ">=3.8.1,<3.12" 34 | rich = "^13.4.2" 35 | gitpython = "^3.1.31" 36 | quart = "^0.18.4" 37 | psutil = "^5.9.5" 38 | packageurl-python = "^0.11.1" 39 | httpx = "^0.24.1" 40 | 41 | [tool.poetry.group.dev.dependencies] 42 | pytest = "^7.4.0" 43 | black = "^23.3.0" 44 | flake8 = "^6.0.0" 45 | pytest-cov = "^4.0.0" 46 | pyinstaller = "^5.12.0" 47 | bandit = "^1.7.5" 48 | pylint = "^2.17.4" 49 | 50 | [[tool.poetry.source]] 51 | name = "custom-source" 52 | url = "https://pypi.example.org/simple/" 53 | default = false 54 | secondary = false 55 | 56 | [build-system] 57 | requires = ["poetry-core"] 58 | build-backend = "poetry.core.masonry.api" 59 | -------------------------------------------------------------------------------- /test/data/redis.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: apps/v1 16 | kind: Deployment 17 | metadata: 18 | name: redis-cart 19 | spec: 20 | selector: 21 | matchLabels: 22 | app: redis-cart 23 | template: 24 | metadata: 25 | labels: 26 | app: redis-cart 27 | spec: 28 | securityContext: 29 | fsGroup: 1000 30 | runAsGroup: 1000 31 | runAsNonRoot: true 32 | runAsUser: 1000 33 | containers: 34 | - name: redis 35 | securityContext: 36 | allowPrivilegeEscalation: false 37 | capabilities: 38 | drop: 39 | - all 40 | privileged: false 41 | readOnlyRootFilesystem: true 42 | image: redis:alpine 43 | ports: 44 | - containerPort: 6379 45 | readinessProbe: 46 | periodSeconds: 5 47 | tcpSocket: 48 | port: 6379 49 | livenessProbe: 50 | periodSeconds: 5 51 | tcpSocket: 52 | port: 6379 53 | volumeMounts: 54 | - mountPath: /data 55 | name: redis-data 56 | resources: 57 | limits: 58 | memory: 256Mi 59 | cpu: 125m 60 | requests: 61 | cpu: 70m 62 | memory: 200Mi 63 | volumes: 64 | - name: redis-data 65 | emptyDir: {} 66 | --- 67 | apiVersion: v1 68 | kind: Service 69 | metadata: 70 | name: redis-cart 71 | spec: 72 | type: ClusterIP 73 | selector: 74 | app: redis-cart 75 | ports: 76 | - name: tcp-redis 77 | port: 6379 78 | targetPort: 6379 79 | -------------------------------------------------------------------------------- /test/data/requirements.comments.txt: -------------------------------------------------------------------------------- 1 | # 2 | # This file is autogenerated by pip-compile 3 | # To update, run: 4 | # 5 | # ./bin/update-requirements.sh 6 | # 7 | cachetools==4.1.0 # via google-auth 8 | certifi==2020.4.5.1 # via requests 9 | chardet==3.0.4 # via requests 10 | click==7.1.2 # via pip-tools, safety 11 | dparse==0.5.1 # via safety 12 | google-api-core==1.17.0 # via google-api-python-client 13 | google-api-python-client==1.8.3 # via -r requirements.in 14 | google-auth-httplib2==0.0.3 # via -r requirements.in, google-api-python-client 15 | google-auth-oauthlib==0.4.1 # via -r requirements.in 16 | google-auth==1.15.0 # via google-api-core, google-api-python-client, google-auth-httplib2, google-auth-oauthlib 17 | googleapis-common-protos==1.51.0 # via google-api-core 18 | httplib2==0.18.0 # via -r requirements.in, google-api-python-client, google-auth-httplib2 19 | idna==2.9 # via requests 20 | oauthlib==3.1.0 # via requests-oauthlib 21 | packaging==20.4 # via dparse, safety 22 | pip-tools==5.1.2 # via -r requirements.in 23 | protobuf==3.12.0 # via google-api-core, googleapis-common-protos 24 | pyasn1-modules==0.2.8 # via google-auth 25 | pyasn1==0.4.8 # via pyasn1-modules, rsa 26 | pyparsing==2.4.7 # via packaging 27 | pytz==2020.1 # via google-api-core 28 | pyyaml==5.3.1 # via dparse 29 | requests-oauthlib==1.3.0 # via google-auth-oauthlib 30 | requests==2.23.0 # via google-api-core, requests-oauthlib, safety 31 | rsa==4.0 # via google-auth 32 | safety==1.9.0 # via -r requirements.in 33 | six==1.14.0 # via google-api-core, google-api-python-client, google-auth, packaging, pip-tools, protobuf 34 | toml==0.10.1 # via dparse 35 | tqdm==4.46.0 # via -r requirements.in 36 | uritemplate==3.0.1 # via google-api-python-client 37 | urllib3==1.25.9 # via requests 38 | 39 | # The following packages are considered to be unsafe in a requirements file: 40 | # pip 41 | # setuptools 42 | 43 | -------------------------------------------------------------------------------- /test/data/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ .Values.metadataAll }} 5 | spec: 6 | ports: 7 | - name: {{ .Values.Service.Serviceports.ServicePortName }} 8 | port: {{ .Values.Service.Serviceports.ServicePort }} 9 | targetPort: {{ .Values.Deployment.Ports.ContainerPort }} 10 | protocol: {{ .Values.Service.Serviceports.Protocol }} 11 | selector: 12 | app: {{ .Values.metadataAll }} 13 | type: {{ .Values.Service.Type }} -------------------------------------------------------------------------------- /test/data/setup-impacket.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # $Id$ 3 | 4 | import glob 5 | import os 6 | import platform 7 | 8 | from setuptools import setup 9 | 10 | PACKAGE_NAME = "impacket2" 11 | 12 | if platform.system() != 'Darwin': 13 | data_files = [(os.path.join('share', 'doc', PACKAGE_NAME), ['README.md', 'LICENSE']+glob.glob('doc/*'))] 14 | else: 15 | data_files = [] 16 | 17 | def read(fname): 18 | return open(os.path.join(os.path.dirname(__file__), fname)).read() 19 | 20 | setup(name = PACKAGE_NAME, 21 | version = "0.9.21-dev", 22 | package_dir={'': 'src'}, 23 | platforms = ["Unix"], 24 | packages=['impacket2', 'impacket2.dcerpc', 'impacket2.examples', 'impacket2.dcerpc.v5', 'impacket2.dcerpc.v5.dcom', 25 | 'impacket2.krb5', 'impacket2.ldap', 'impacket2.examples.ntlmrelayx', 26 | 'impacket2.examples.ntlmrelayx.clients', 'impacket2.examples.ntlmrelayx.servers', 27 | 'impacket2.examples.ntlmrelayx.servers.socksplugins', 'impacket2.examples.ntlmrelayx.utils', 28 | 'impacket2.examples.ntlmrelayx.attacks'], 29 | data_files = data_files, 30 | install_requires=['pyasn1>=0.2.3', 'pycryptodomex', 'pyOpenSSL>=0.13.1', 'six', 'ldap3==2.5.1', 'ldapdomaindump>=0.9.0', 'flask>=1.0'], 31 | extras_require={ 32 | 'pyreadline:sys_platform=="win32"': [], 33 | 'python_version<"2.7"': [ 'argparse' ], 34 | }, 35 | classifiers = [ 36 | "Programming Language :: Python :: 3.6", 37 | "Programming Language :: Python :: 2.7", 38 | "Programming Language :: Python :: 2.6", 39 | ] 40 | ) 41 | -------------------------------------------------------------------------------- /test/data/skaffold.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: skaffold/v4beta1 2 | kind: Config 3 | build: 4 | artifacts: 5 | - image: leeroy-web 6 | context: leeroy-web 7 | requires: 8 | - image: base 9 | alias: BASE 10 | - image: leeroy-app 11 | context: leeroy-app 12 | requires: 13 | - image: base 14 | alias: BASE 15 | - image: base 16 | context: base 17 | manifests: 18 | rawYaml: 19 | - leeroy-web/kubernetes/* 20 | - leeroy-app/kubernetes/* 21 | portForward: 22 | - resourceType: deployment 23 | resourceName: leeroy-web 24 | port: 8080 25 | localPort: 9000 26 | - resourceType: deployment 27 | resourceName: leeroy-app 28 | port: http 29 | localPort: 9001 30 | profiles: 31 | - name: gcb 32 | build: 33 | googleCloudBuild: {} 34 | -------------------------------------------------------------------------------- /test/data/swift-deps.json: -------------------------------------------------------------------------------- 1 | { 2 | "identity": "swift-markdown", 3 | "name": "swift-markdown", 4 | "url": "/Volumes/Work/sandbox/swift-markdown", 5 | "version": "unspecified", 6 | "path": "/Volumes/Work/sandbox/swift-markdown", 7 | "dependencies": [ 8 | { 9 | "identity": "swift-cmark", 10 | "name": "cmark-gfm", 11 | "url": "https://github.com/apple/swift-cmark.git", 12 | "version": "unspecified", 13 | "path": "/Volumes/Work/sandbox/swift-markdown/.build/checkouts/swift-cmark", 14 | "dependencies": [] 15 | }, 16 | { 17 | "identity": "swift-argument-parser", 18 | "name": "swift-argument-parser", 19 | "url": "https://github.com/apple/swift-argument-parser", 20 | "version": "1.0.3", 21 | "path": "/Volumes/Work/sandbox/swift-markdown/.build/checkouts/swift-argument-parser", 22 | "dependencies": [] 23 | }, 24 | { 25 | "identity": "swift-docc-plugin", 26 | "name": "SwiftDocCPlugin", 27 | "url": "https://github.com/apple/swift-docc-plugin", 28 | "version": "1.1.0", 29 | "path": "/Volumes/Work/sandbox/swift-markdown/.build/checkouts/swift-docc-plugin", 30 | "dependencies": [ 31 | { 32 | "identity": "swift-docc-symbolkit", 33 | "name": "SymbolKit", 34 | "url": "https://github.com/apple/swift-docc-symbolkit", 35 | "version": "1.0.0", 36 | "path": "/Volumes/Work/sandbox/swift-markdown/.build/checkouts/swift-docc-symbolkit", 37 | "dependencies": [] 38 | } 39 | ] 40 | } 41 | ] 42 | } 43 | -------------------------------------------------------------------------------- /test/data/swift-deps1.json: -------------------------------------------------------------------------------- 1 | { 2 | "identity": "swift-certificates", 3 | "name": "swift-certificates", 4 | "url": "/Volumes/Work/sandbox/swift-certificates", 5 | "version": "unspecified", 6 | "path": "/Volumes/Work/sandbox/swift-certificates", 7 | "dependencies": [ 8 | { 9 | "identity": "swift-crypto", 10 | "name": "swift-crypto", 11 | "url": "https://github.com/apple/swift-crypto.git", 12 | "version": "2.4.0", 13 | "path": "/Volumes/Work/sandbox/swift-certificates/.build/checkouts/swift-crypto", 14 | "dependencies": [ 15 | { 16 | "identity": "swift-asn1", 17 | "name": "swift-asn1", 18 | "url": "https://github.com/apple/swift-asn1.git", 19 | "version": "0.7.0", 20 | "path": "/Volumes/Work/sandbox/swift-certificates/.build/checkouts/swift-asn1", 21 | "dependencies": [ 22 | { 23 | "identity": "swift-docc-plugin", 24 | "name": "SwiftDocCPlugin", 25 | "url": "https://github.com/apple/swift-docc-plugin", 26 | "version": "1.1.0", 27 | "path": "/Volumes/Work/sandbox/swift-certificates/.build/checkouts/swift-docc-plugin", 28 | "dependencies": [ 29 | { 30 | "identity": "swift-docc-symbolkit", 31 | "name": "SymbolKit", 32 | "url": "https://github.com/apple/swift-docc-symbolkit", 33 | "version": "1.0.0", 34 | "path": "/Volumes/Work/sandbox/swift-certificates/.build/checkouts/swift-docc-symbolkit", 35 | "dependencies": [] 36 | } 37 | ] 38 | } 39 | ] 40 | } 41 | ] 42 | } 43 | ] 44 | } 45 | -------------------------------------------------------------------------------- /test/data/tekton-task.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tekton.dev/v1beta1 3 | kind: Task 4 | metadata: 5 | name: aws-ecr-login 6 | labels: 7 | app.kubernetes.io/version: "0.1" 8 | annotations: 9 | tekton.dev/categories: Cloud, Image Build 10 | tekton.dev/pipelines.minVersion: "0.12.1" 11 | tekton.dev/tags: aws, ecr 12 | tekton.dev/displayName: "Amazon ECR Login" 13 | tekton.dev/platforms: "linux/amd64" 14 | spec: 15 | description: >- 16 | This task retrieves an `authentication token` using the GetAuthorizationToken API 17 | that you can use to authenticate to an `Amazon ECR registry` 18 | 19 | You can pass the authorization token to the login command of the container 20 | client of your preference, such as the Docker CLI. After you have 21 | authenticated to an Amazon ECR registry with this authentication token, you 22 | can use the client to push and pull images from that registry as long as your 23 | IAM principal has access to do so until the token expires. 24 | 25 | workspaces: 26 | - name: secrets 27 | mountPath: /tekton/home/.aws 28 | optional: true 29 | params: 30 | - name: region 31 | type: string 32 | default: "us-east-1" 33 | description: | 34 | Region for AWS, ensure that you specify the 35 | same Region that your Amazon ECR registry exists in. 36 | steps: 37 | - name: get-login-password 38 | image: docker.io/amazon/aws-cli:2.0.52@sha256:1506cec98a7101c935176d440a14302ea528b8f92fcaf4a6f1ea2d7ecef7edc4 #tag: 2.0.52 39 | script: | 40 | aws ecr get-login-password --region $(params.region) > $(results.password.path) 41 | results: 42 | - name: password 43 | description: The password to authenticate to ecr registry. 44 | -------------------------------------------------------------------------------- /test/data/vcpkg.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "v8", 3 | "version": "9.1.269.39", 4 | "port-version": 6, 5 | "description": "Google Chrome's JavaScript engine", 6 | "homepage": "https://v8.dev", 7 | "license": "BSD-3-Clause", 8 | "supports": "!(arm | arm64 | uwp | osx | linux)", 9 | "dependencies": [ 10 | { 11 | "name": "glib", 12 | "platform": "linux" 13 | }, 14 | "icu", 15 | { 16 | "name": "pthread", 17 | "platform": "linux" 18 | }, 19 | { 20 | "name": "vcpkg-gn", 21 | "host": true 22 | }, 23 | { 24 | "name": "vcpkg-tool-python2", 25 | "host": true 26 | }, 27 | "zlib" 28 | ] 29 | } 30 | -------------------------------------------------------------------------------- /test/data/vcpkg2.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "google-cloud-cpp-development", 3 | "description": "Describes the vcpkg dependencies for vcpkg development.", 4 | "homepage": "https://github.com/googleapis/google-cloud-cpp", 5 | "license": "Apache-2.0", 6 | "supports": "!uwp", 7 | "dependencies": [ 8 | "abseil", 9 | "crc32c", 10 | { 11 | "name": "curl", 12 | "features": ["ssl"] 13 | }, 14 | { 15 | "$description": "If cross-compiling, we need the gRPC protoc plugin on the 'host' environment.", 16 | "name": "grpc", 17 | "host": true 18 | }, 19 | { 20 | "$description": "If cross-compiling, we need the protoc compiler on the 'host' environment.", 21 | "name": "protobuf", 22 | "host": true 23 | }, 24 | "grpc", 25 | "protobuf", 26 | "nlohmann-json", 27 | "benchmark", 28 | "gtest", 29 | { 30 | "$description": "Only used for the opentelemetry feature.", 31 | "name": "opentelemetry-cpp" 32 | }, 33 | { 34 | "$description": "Only used for the docfx feature.", 35 | "name": "pugixml" 36 | }, 37 | { 38 | "$description": "Only used for the docfx feature.", 39 | "name": "yaml-cpp" 40 | } 41 | ] 42 | } 43 | -------------------------------------------------------------------------------- /test/data/xmlrpc.gemspec: -------------------------------------------------------------------------------- 1 | # -*- encoding: utf-8 -*- 2 | # stub: xmlrpc 0.3.0 ruby lib 3 | 4 | Gem::Specification.new do |s| 5 | s.name = "xmlrpc".freeze 6 | s.version = "0.3.0" 7 | 8 | s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version= 9 | s.require_paths = ["lib".freeze] 10 | s.authors = ["SHIBATA Hiroshi".freeze] 11 | s.bindir = "exe".freeze 12 | s.date = "2017-02-16" 13 | s.description = "XMLRPC is a lightweight protocol that enables remote procedure calls over HTTP.".freeze 14 | s.email = ["hsbt@ruby-lang.org".freeze] 15 | s.files = [".gitignore".freeze, ".travis.yml".freeze, "Gemfile".freeze, "LICENSE.txt".freeze, "README.md".freeze, "Rakefile".freeze, "bin/console".freeze, "bin/setup".freeze, "lib/xmlrpc.rb".freeze, "lib/xmlrpc/base64.rb".freeze, "lib/xmlrpc/client.rb".freeze, "lib/xmlrpc/config.rb".freeze, "lib/xmlrpc/create.rb".freeze, "lib/xmlrpc/datetime.rb".freeze, "lib/xmlrpc/marshal.rb".freeze, "lib/xmlrpc/parser.rb".freeze, "lib/xmlrpc/server.rb".freeze, "lib/xmlrpc/utils.rb".freeze, "xmlrpc.gemspec".freeze] 16 | s.homepage = "https://github.com/ruby/xmlrpc".freeze 17 | s.licenses = ["Ruby".freeze] 18 | s.required_ruby_version = Gem::Requirement.new(">= 2.3".freeze) 19 | s.rubygems_version = "3.1.2".freeze 20 | s.summary = "XMLRPC is a lightweight protocol that enables remote procedure calls over HTTP.".freeze 21 | 22 | if s.respond_to? :specification_version then 23 | s.specification_version = 4 24 | end 25 | 26 | if s.respond_to? :add_runtime_dependency then 27 | s.add_development_dependency(%q.freeze, [">= 0"]) 28 | s.add_development_dependency(%q.freeze, [">= 0"]) 29 | s.add_development_dependency(%q.freeze, [">= 0"]) 30 | else 31 | s.add_dependency(%q.freeze, [">= 0"]) 32 | s.add_dependency(%q.freeze, [">= 0"]) 33 | s.add_dependency(%q.freeze, [">= 0"]) 34 | end 35 | end 36 | -------------------------------------------------------------------------------- /test/data/xunit.nuspec: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | xunit 5 | 2.2.0 6 | xUnit.net 7 | James Newkirk,Brad Wilson 8 | James Newkirk,Brad Wilson 9 | false 10 | https://raw.githubusercontent.com/xunit/xunit/master/license.txt 11 | https://github.com/xunit/xunit 12 | https://raw.githubusercontent.com/xunit/media/master/logo-512-transparent.png 13 | xUnit.net is a developer testing framework, built to support Test Driven Development, with a design goal of extreme simplicity and alignment with framework features. 14 | 15 | Installing this package installs xunit.core and xunit.assert. 16 | xUnit.net is a developer testing framework, built to support Test Driven Development. 17 | en-US 18 | 19 | 20 | 21 | 22 | 23 | -------------------------------------------------------------------------------- /test/data/xunit.runner.utility.nuspec: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | xunit.runner.utility 5 | 2.2.0 6 | xUnit.net [Runner Utility] 7 | James Newkirk,Brad Wilson 8 | James Newkirk,Brad Wilson 9 | false 10 | https://raw.githubusercontent.com/xunit/xunit/master/license.txt 11 | https://github.com/xunit/xunit 12 | https://raw.githubusercontent.com/xunit/media/master/logo-512-transparent.png 13 | Includes the version-independent runner for xUnit.net to run both v1.9.2 and v2.0+ tests (xunit.runner.utility.*.dll). 14 | Includes the version-independent runner for xUnit.net (xunit.runner.utility.*.dll). 15 | en-US 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | -------------------------------------------------------------------------------- /test/data/yarn_locks/yarn-at.lock: -------------------------------------------------------------------------------- 1 | # This file is generated by running "yarn install" inside your project. 2 | # Manual changes might be lost - proceed with caution! 3 | 4 | __metadata: 5 | version: 6 6 | cacheKey: 8 7 | 8 | "@ac-synth/yjs@npm:^13.5.39-alpha1": 9 | version: 13.5.39-alpha1 10 | resolution: "@ac-synth/yjs@npm:13.5.39-alpha1" 11 | dependencies: 12 | lib0: ^0.2.49 13 | checksum: 244f7755657255ad3bc642b5c09e68823499df4367e29b54b945dd3e7bbc32c2a67b5c451cb1450f752d9c7c67c673434a71b1f962e586ec8774815f48262a62 14 | languageName: node 15 | linkType: hard 16 | 17 | "isomorphic.js@npm:^0.2.4": 18 | version: 0.2.5 19 | resolution: "isomorphic.js@npm:0.2.5" 20 | checksum: d8d1b083f05f3c337a06628b982ac3ce6db953bbef14a9de8ad49131250c3592f864b73c12030fdc9ef138ce97b76ef55c7d96a849561ac215b1b4b9d301c8e9 21 | languageName: node 22 | linkType: hard 23 | 24 | "lib0@npm:^0.2.49": 25 | version: 0.2.63 26 | resolution: "lib0@npm:0.2.63" 27 | dependencies: 28 | isomorphic.js: ^0.2.4 29 | checksum: 5f39ec7f3988e72e4ba11c021ca1ee57dfbb2ef1564a353c5377491105ea8f76791cd5f270876b8f36ba5142f1ac2666ecabbddadd35db0f925e9c33bb8fab9f 30 | languageName: node 31 | linkType: hard 32 | 33 | "root-workspace-0b6124@workspace:.": 34 | version: 0.0.0-use.local 35 | resolution: "root-workspace-0b6124@workspace:." 36 | dependencies: 37 | "@ac-synth/yjs": ^13.5.39-alpha1 38 | languageName: unknown 39 | linkType: soft 40 | -------------------------------------------------------------------------------- /test/data/yarn_locks/yarn4.lock: -------------------------------------------------------------------------------- 1 | husky@^8.0.1: 2 | version "8.0.1" 3 | resolved "https://registry.yarnpkg.com/husky/-/husky-8.0.1.tgz#511cb3e57de3e3190514ae49ed50f6bc3f50b3e9" 4 | integrity sha512-xs7/chUH/CKdOCs7Zy0Aev9e/dKOMZf3K1Az1nar3tzlv0jfqnYtu235bstsWTmXOR0EfINrPa97yy4Lz6RiKw= 5 | -------------------------------------------------------------------------------- /test/data/zstd_sys-dc50c4de2e4e7df8.d: -------------------------------------------------------------------------------- 1 | /mnt/work/test/actix-web/target/debug/deps/libzstd_sys-dc50c4de2e4e7df8.rmeta: /home/user/.cargo/registry/src/index.crates.io-hash/zstd-sys-2.0.10+zstd.1.5.6/src/lib.rs /home/user/.cargo/registry/src/index.crates.io-hash/zstd-sys-2.0.10+zstd.1.5.6/src/bindings_zstd.rs /home/user/.cargo/registry/src/index.crates.io-hash/zstd-sys-2.0.10+zstd.1.5.6/src/bindings_zdict.rs 2 | 3 | /mnt/work/test/actix-web/target/debug/deps/zstd_sys-dc50c4de2e4e7df8.d: /home/user/.cargo/registry/src/index.crates.io-hash/zstd-sys-2.0.10+zstd.1.5.6/src/lib.rs /home/user/.cargo/registry/src/index.crates.io-hash/zstd-sys-2.0.10+zstd.1.5.6/src/bindings_zstd.rs /home/user/.cargo/registry/src/index.crates.io-hash/zstd-sys-2.0.10+zstd.1.5.6/src/bindings_zdict.rs 4 | 5 | /home/user/.cargo/registry/src/index.crates.io-hash/zstd-sys-2.0.10+zstd.1.5.6/src/lib.rs: 6 | /home/user/.cargo/registry/src/index.crates.io-hash/zstd-sys-2.0.10+zstd.1.5.6/src/bindings_zstd.rs: 7 | /home/user/.cargo/registry/src/index.crates.io-hash/zstd-sys-2.0.10+zstd.1.5.6/src/bindings_zdict.rs: 8 | -------------------------------------------------------------------------------- /test/diff/container-tests-repos.csv: -------------------------------------------------------------------------------- 1 | project,link,commit,image,language,cdxgen_vars 2 | java-sec-code,https://github.com/JoyChou93/java-sec-code.git,457d703e8f89bff657c6c51151ada71ebd09a1c6,ghcr.io/cyclonedx/cdxgen:master,java8,, 3 | jazzer,https://github.com/CodeIntelligenceTesting/jazzer.git,3947707d7db7e5cae0c8cfaeb10bdfeb06fc32bb,ghcr.io/cyclonedx/cdxgen:master,java8,, 4 | plantuml,https://github.com/plantuml/plantuml.git,8eb791f39478778788fd47a9195dc1b2feb3eade,ghcr.io/cyclonedx/cdxgen:master,java8,, 5 | syncthing,https://github.com/syncthing/syncthing.git,ba6ac2f604eb1cd27764460b687537c5e40aaaf8,ghcr.io/cyclonedx/cdxgen:master,go,, 6 | restic,https://github.com/restic/restic.git,3786536dc18ef27aedcfa8e4c6953b48353eee79,ghcr.io/cyclonedx/cdxgen:master,go,, 7 | astro,https://github.com/withastro/astro.git,9d6bcdb88fcb9df0c5c70e2b591bcf962ce55f63,ghcr.io/cyclonedx/cdxgen-node20:v11,js,, 8 | funcy,https://github.com/Suor/funcy.git,859056d039adea75c1c3550286437ce0b612fe92,ghcr.io/cyclonedx/cdxgen-python310:v11,python,, 9 | numpy,https://github.com/numpy/numpy.git,93fdebfcb4bc4cd53c959ccd0117a612d5f13f1a,ghcr.io/cyclonedx/cdxgen-python311:v11,python,, 10 | requests,https://github.com/psf/requests.git,23540c93cac97c763fe59e843a08fa2825aa80fd,ghcr.io/cyclonedx/cdxgen-python311:v11,python,, 11 | genforce,https://github.com/genforce/genforce.git,197feee82101b78266521c8470648bbb9b7f31f4,ghcr.io/cyclonedx/cdxgen-python310:v11,python,, 12 | tinydb,https://github.com/msiemens/tinydb.git,10644a0e07ad180c5b756aba272ee6b0dbd12df8,ghcr.io/cyclonedx/cdxgen-python311:v11,python,, 13 | github-readme-stats,https://github.com/anuraghazra/github-readme-stats.git,9a0d9ae2c17e007cbb8e9f32654941e1f0a8268e,ghcr.io/cyclonedx/cdxgen-node20:v11,js,, 14 | prettier,https://github.com/prettier/prettier.git,9cf9079f75a30f1088529e0cae6296aeb71205ba,ghcr.io/cyclonedx/cdxgen-node20:v11,js,, -------------------------------------------------------------------------------- /test/diff/requirements.txt: -------------------------------------------------------------------------------- 1 | custom-json-diff~=2.1.0 -------------------------------------------------------------------------------- /test/gomod/go.mod: -------------------------------------------------------------------------------- 1 | module cdxgen/test 2 | 3 | go 1.24 4 | 5 | toolchain go1.24 6 | 7 | tool github.com/spf13/cobra 8 | 9 | tool ( 10 | github.com/spf13/cobra 11 | github.com/spf13/viper 12 | ) 13 | 14 | require ( 15 | google.golang.org/grpc v1.32.0 16 | github.com/aws/aws-sdk-go v1.38.47 17 | github.com/spf13/viper v1.3.0 18 | github.com/spf13/cobra v1.0.0 19 | ) 20 | 21 | // Having both replace sections is invalid in a go.mod file, but it allows the tests to validate both cases 22 | replace google.golang.org/grpc => google.golang.org/grpc v1.21.0 23 | 24 | replace ( 25 | github.com/spf13/viper => github.com/spf13/viper v1.0.2 26 | ) -------------------------------------------------------------------------------- /test/gomod/go.sum: -------------------------------------------------------------------------------- 1 | google.golang.org/grpc v1.21.0 h1:G+97AoqBnmZIT91cLG/EkCoK9NSelj64P8bOHHNmGn0= 2 | google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= 3 | github.com/spf13/cobra v1.0.0 h1:6m/oheQuQ13N9ks4hubMG6BnvwOeaJrqSPLahSnczz8= 4 | github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= 5 | github.com/spf13/viper v1.0.2 h1:Ncr3ZIuJn322w2k1qmzXDnkLAdQMlJqBa9kfAH+irso= 6 | github.com/spf13/viper v1.0.2/go.mod h1:A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM= 7 | github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= 8 | github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -------------------------------------------------------------------------------- /test/sample.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | netcoreapp3.1 5 | latest 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | Always 19 | 20 | 21 | 22 | 23 | -------------------------------------------------------------------------------- /tools_config/org.cyclonedx.cdxgen.appdata.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | org.cyclonedx.cdxgen 4 | 5 | cdxgen 6 | Create valid CycloneDX Software Bill of Materials (SBOM) containing an aggregate of all 7 | project dependencies for node.js, php, python, java and Go projects 8 | 9 | FSFAP 10 | Apache-2.0 11 | 12 | 13 |

14 | Create valid CycloneDX Software Bill of Materials (SBOM) containing an aggregate of all 15 | project dependencies for node.js, php, python, java and Go projects. 16 |

17 |

18 | CycloneDX is a lightweight SBOM specification that is easily created, human and machine 19 | readable, and simple to parse. 20 |

21 | 22 | 23 | utilities-terminal 24 | 25 | 26 | Development 27 | Building 28 | 29 | https://cyclonedx.org 30 | CycloneDX 31 | 32 | 33 | cdxgen 34 | 35 | -------------------------------------------------------------------------------- /tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "include": ["*.js", "lib/**/*.js"], 3 | "exclude": [ 4 | "*.test.js", 5 | "lib/evinser/evinser.js", 6 | "lib/**/*.test.js", 7 | "types/**/*" 8 | ], 9 | "compilerOptions": { 10 | "allowJs": true, 11 | // Generate d.ts files 12 | "declaration": true, 13 | // This compiler run should 14 | // only output d.ts files 15 | "emitDeclarationOnly": true, 16 | "outDir": "types", 17 | "declarationMap": true, 18 | "skipLibCheck": true 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /types/jest.config.d.ts: -------------------------------------------------------------------------------- 1 | export const clearMocks: true; 2 | export const coverageDirectory: "coverage"; 3 | export const coveragePathIgnorePatterns: string[]; 4 | export const coverageReporters: string[]; 5 | export const testEnvironment: "node"; 6 | declare namespace _default { 7 | let transform: {}; 8 | } 9 | export default _default; 10 | //# sourceMappingURL=jest.config.d.ts.map -------------------------------------------------------------------------------- /types/jest.config.d.ts.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"jest.config.d.ts","sourceRoot":"","sources":["../jest.config.js"],"names":[],"mappings":"AAAA,yBAA0B,IAAI,CAAC;AAC/B,gCAAiC,UAAU,CAAC;AAC5C,kDAA0E;AAC1E,yCAAkD;AAClD,8BAA+B,MAAM,CAAC"} -------------------------------------------------------------------------------- /types/lib/cli/index.d.ts.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/cli/index.js"],"names":[],"mappings":"AA47BA;;;;;;;;GAQG;AACH,gFAFW,MAAM,SAchB;AAqYD;;;;;;;GAOG;AACH,mCALW,MAAM,qBAyEhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;EAKhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM;;;;EAkBhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAgvChB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BAmvBhB;AAED;;;;;;;;;;GAUG;AACH,+DAsEC;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BAkehB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BAqZhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAuIhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAkEhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBAkLhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBAsHhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,qBAuBhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,8BAqDhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,8BA4ChB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,8BA8IhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,8BAmJhB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,qBAmUhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBAiJhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAwNhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA8ZhB;AAED;;;;;GAKG;AACH,2CAHW,MAAM;;;;;;;;;;;;;;;;;;;;GAoChB;AAED;;;;;;;;KA+DC;AAED;;;;;;GAMG;AACH,yDAiGC;AAED;;;;;;;;;GASG;AACH,2GAuCC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,EAAE,8BA6vBlB;AAED;;;;;GAKG;AACH,iCAHW,MAAM,8BAqUhB;AAED;;;;;GAKG;AACH,gCAHW,MAAM,qBA2QhB;AAED;;;;;;;GAOG;AACH,wDAHY,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG,SAAS,CAAC,CA2HjD"} -------------------------------------------------------------------------------- /types/lib/evinser/evinser.d.ts.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"evinser.d.ts","sourceRoot":"","sources":["../../../lib/evinser/evinser.js"],"names":[],"mappings":"AAgwBA;;;;;;GAMG;AACH,iFAyFC;AAl0BM;;;;;;;;;;;;;qBAsjD264C,CAAC;qBAAgB,CAAC;;;qBAA4F,CAAC;qBAAgB,CAAC;;;qBAAkE,CAAC;qBAAgB,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;wGAAr3wC,QAAa;;;;;;;;;;;;;;sHAAq3M,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;wJAAmkY,CAAC;;;wJAA2rB,CAAC;qUAAg+C,CAAC;2JAAqH,CAAC,kJAAgH,CAAC;qUAA8wB,CAAC;2JAAqH,CAAC,kJAAgH,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qBAA81kB,CAAC;qBAAgB,CAAC;;;qBAA4F,CAAC;qBAAgB,CAAC;;;qBAAkE,CAAC;qBAAgB,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;wGAAr3wC,QAAa;;;;;;;;;;;;;;sHAAq3M,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;wJAAmkY,CAAC;;;wJAA2rB,CAAC;qUAAg+C,CAAC;2JAAqH,CAAC,kJAAgH,CAAC;qUAA8wB,CAAC;2JAAqH,CAAC,kJAAgH,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qBAA81kB,CAAC;qBAAgB,CAAC;;;qBAA4F,CAAC;qBAAgB,CAAC;;;qBAAkE,CAAC;qBAAgB,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;wGAAr3wC,QAAa;;;;;;;;;;;;;;sHAAq3M,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;wJAAmkY,CAAC;;;wJAA2rB,CAAC;qUAAg+C,CAAC;2JAAqH,CAAC,kJAAgH,CAAC;qUAA8wB,CAAC;2JAAqH,CAAC,kJAAgH,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAr/Cnl0B;AAEM,6GAiDN;AAEM,gGAkCN;AAEM,wGAqBN;AAEM;;;;;;;;EAqFN;AAEM,iEAoBN;AAEM;;;EA8BN;AAQM;;;;;;;;;;;;;GAsJN;AAEM,2JA4CN;AAcM,2CARI,MAAM,mHAkNhB;AA2HM,sGAqEN;AASM,mDAJI,MAAM,0CA6DhB;AASM,gDAJI,MAAM,mDA8DhB;AAEM,yEAWN;AAEM,gEAmDN;AASM,yEAmJN;AAaM,gDAPI,MAAM,wHAyHhB;AAUM,kDAHI,MAAM;;;;;;;;;;;;;EA2FhB;AAQM,kDAaN;AAQM,2CAHI,MAAM,UAKhB;AAEM,oFAyCN"} -------------------------------------------------------------------------------- /types/lib/evinser/scalasem.d.ts: -------------------------------------------------------------------------------- 1 | export function findPurlLocations(components: any, semanticsSlice: any): { 2 | purlLocationMap?: undefined; 3 | } | { 4 | purlLocationMap: {}; 5 | }; 6 | //# sourceMappingURL=scalasem.d.ts.map -------------------------------------------------------------------------------- /types/lib/evinser/scalasem.d.ts.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"scalasem.d.ts","sourceRoot":"","sources":["../../../lib/evinser/scalasem.js"],"names":[],"mappings":"AAqBA;;;;EA8BC"} -------------------------------------------------------------------------------- /types/lib/evinser/swiftsem.d.ts.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"swiftsem.d.ts","sourceRoot":"","sources":["../../../lib/evinser/swiftsem.js"],"names":[],"mappings":"AAqEA;;;;;;GAMG;AACH,gDAFa,SAAS,MAAO,CAI5B;AAED;;;;;GAKG;AACH,oDAFa,MAAO,SAAS,CAkB5B;AAqCD;;;;;GAKG;AACH,gDAFa,SAAS,SAAO,CAM5B;AAED;;;;;GAKG;AACH,yEAkEC;AAED;;;;;;GAMG;AACH,+DAFa,SAAS,MAAO,CAW5B;AAED;;;;;GAKG;AACH,4CAFa,MAAO,SAAS,CA6B5B;AAgED;;;;;GAKG;AACH,+CAFa,SAAS,MAAO,CAQ5B;AAED;;;;;GAKG;AACH,iDAFa,MAAO,SAAS,CA4B5B;AAED;;;;;;GAMG;AACH,sEAFa,SAAS,MAAO,CAU5B;AAED;;;;;GAKG;AACH,sDAFa,MAAO,SAAS,CAqF5B;AAED;;;;;;GAMG;AACH,yEAgBC;AAED;;;;;;GAMG;AACH,yDAcC;AAED;;;;;GAKG;AACH;;;;;;EA+FC"} -------------------------------------------------------------------------------- /types/lib/helpers/analyzer.d.ts: -------------------------------------------------------------------------------- 1 | export function findJSImportsExports(src: any, deep: any): Promise<{ 2 | allImports: {}; 3 | allExports: {}; 4 | }>; 5 | //# sourceMappingURL=analyzer.d.ts.map -------------------------------------------------------------------------------- /types/lib/helpers/analyzer.d.ts.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"analyzer.d.ts","sourceRoot":"","sources":["../../../lib/helpers/analyzer.js"],"names":[],"mappings":"AAkSO;;;GAkBN"} -------------------------------------------------------------------------------- /types/lib/helpers/cbomutils.d.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Method to collect crypto and ssl libraries from the OS. 3 | * 4 | * @param {Object} options 5 | * @returns osPkgsList Array of OS crypto packages 6 | */ 7 | export function collectOSCryptoLibs(options: any): any[]; 8 | /** 9 | * Find crypto algorithm in the given code snippet 10 | * 11 | * @param {String} Code snippet 12 | * @returns {Array} Arary of crypto algorithm objects with oid and description 13 | */ 14 | export function findCryptoAlgos(code: any): any[]; 15 | //# sourceMappingURL=cbomutils.d.ts.map -------------------------------------------------------------------------------- /types/lib/helpers/cbomutils.d.ts.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"cbomutils.d.ts","sourceRoot":"","sources":["../../../lib/helpers/cbomutils.js"],"names":[],"mappings":"AAWA;;;;;GAKG;AACH,yDAwBC;AAMD;;;;;GAKG;AACH,kDAaC"} -------------------------------------------------------------------------------- /types/lib/helpers/db.d.ts: -------------------------------------------------------------------------------- 1 | export function createOrLoad(dbName: any, dbPath: any, logging?: boolean): Promise<{ 2 | sequelize: Sequelize; 3 | Namespaces: typeof Namespaces; 4 | Usages: typeof Usages; 5 | DataFlows: typeof DataFlows; 6 | }>; 7 | import { Sequelize } from "sequelize"; 8 | declare class Namespaces extends Model { 9 | constructor(values?: import("sequelize").Optional, options?: import("sequelize").BuildOptions); 10 | } 11 | declare class Usages extends Model { 12 | constructor(values?: import("sequelize").Optional, options?: import("sequelize").BuildOptions); 13 | } 14 | declare class DataFlows extends Model { 15 | constructor(values?: import("sequelize").Optional, options?: import("sequelize").BuildOptions); 16 | } 17 | import { Model } from "sequelize"; 18 | export {}; 19 | //# sourceMappingURL=db.d.ts.map -------------------------------------------------------------------------------- /types/lib/helpers/db.d.ts.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"db.d.ts","sourceRoot":"","sources":["../../../lib/helpers/db.js"],"names":[],"mappings":"AAQO;;;;;GAuEN;0BA9E2C,WAAW;AAGvD;;CAAiC;AACjC;;CAA6B;AAC7B;;CAAgC;sBALY,WAAW"} -------------------------------------------------------------------------------- /types/lib/helpers/display.d.ts: -------------------------------------------------------------------------------- 1 | export function printTable(bomJson: any, filterTypes?: any, highlight?: any): void; 2 | export function printOSTable(bomJson: any): void; 3 | export function printServices(bomJson: any): void; 4 | export function printFormulation(bomJson: any): void; 5 | export function printOccurrences(bomJson: any): void; 6 | export function printCallStack(bomJson: any): void; 7 | export function printDependencyTree(bomJson: any, mode?: string, highlight?: any): void; 8 | export function printReachables(sliceArtefacts: any): void; 9 | export function printVulnerabilities(vulnerabilities: any): void; 10 | export function printSponsorBanner(options: any): void; 11 | export function printSummary(bomJson: any): void; 12 | //# sourceMappingURL=display.d.ts.map -------------------------------------------------------------------------------- /types/lib/helpers/display.d.ts.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"display.d.ts","sourceRoot":"","sources":["../../../lib/helpers/display.js"],"names":[],"mappings":"AAoBA,mFAuEC;AAQD,iDAmBC;AACD,kDAsBC;AAED,qDAqBC;AAeD,qDAqCC;AAED,mDA8CC;AACD,wFA0CC;AA4DD,2DA+BC;AAED,iEA0BC;AAED,uDAoBC;AAED,iDAgDC"} -------------------------------------------------------------------------------- /types/lib/helpers/envcontext.d.ts.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"envcontext.d.ts","sourceRoot":"","sources":["../../../lib/helpers/envcontext.js"],"names":[],"mappings":"AAwCA;;;;;;GAMG;AACH,wCALW,MAAM,OACN,MAAM,OAMhB;AAED;;;;;GAKG;AACH,kCAJW,MAAM,OAMhB;AAED;;;;;;GAMG;AACH,gDAJW,MAAM,OAMhB;AAED;;;;;GAKG;AACH,mCAJW,MAAM,MAsBhB;AAED;;;;;GAKG;AACH,+BAJW,MAAM,SAgChB;AAED;;;;;;;GAOG;AACH,oCALW,MAAM,oBAOhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM;;;;;;;;;EAsBhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;;EAgBhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;;EAgBhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM;;;;;EAkBhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM;;;;;EAehB;AAED;;;;;GAKG;AACH,qCAHW,MAAM;;;;;EAehB;AAED;;;;;GAKG;AACH,mCAHW,MAAM;;;;EAahB;AAED;;;;;GAKG;AACH,sCAHW,MAAM;;;;EAahB;AAED;;;;;GAKG;AACH,qCAHW,MAAM;;;;EAahB;AAED;;;;;;GAMG;AACH,+DAEC;AAED;;;;;;;;;IAmCC;AAwCD;;GAEG;AACH,6CAeC;AAED;;GAEG;AACH,0CAUC;AAED;;;;;;;GAOG;AACH,mFAqBC;AAED;;;;;;;GAOG;AACH,+EAiGC;AAED;;;;;;GAMG;AACH,8DAuBC;AAED;;;;;;GAMG;AACH,iEAmCC;AASD;;;;GAIG;AACH,4CAiBC;AAED,yDAIC;AAED;;;;;;GAMG;AACH,sGAsCC;AAED;;;;;GAKG;AACH;;;EAyFC;AAED;;;;;GAKG;AACH,mFA6DC;AAED;;;;;;;;;GASG;AACH,+GAFa,OAAO,CAkLnB;AApjCD,8BAAwD"} -------------------------------------------------------------------------------- /types/lib/helpers/logger.d.ts: -------------------------------------------------------------------------------- 1 | export function thoughtLog(s: any, args: any): void; 2 | export function thoughtEnd(): void; 3 | export const THINK_MODE: any; 4 | //# sourceMappingURL=logger.d.ts.map -------------------------------------------------------------------------------- /types/lib/helpers/logger.d.ts.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../../lib/helpers/logger.js"],"names":[],"mappings":"AA0BA,oDAaC;AACD,mCAKC;AAvCD,6BAG8C"} -------------------------------------------------------------------------------- /types/lib/helpers/package_specific/gradleutils.d.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Function to parse the given gradle build file to identify properties such as included builds 3 | * 4 | * @param buildFile {build,settings}.gradle(.kts)? Build file in groovy or kotlin format 5 | * @param buildContent String content to parse directly. 6 | */ 7 | export function analyzeBuildSettings(buildFile: build, buildContent: any): { 8 | includedBuilds: any[]; 9 | }; 10 | //# sourceMappingURL=gradleutils.d.ts.map -------------------------------------------------------------------------------- /types/lib/helpers/package_specific/gradleutils.d.ts.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"gradleutils.d.ts","sourceRoot":"","sources":["../../../../lib/helpers/package_specific/gradleutils.js"],"names":[],"mappings":"AAEA;;;;;GAKG;AACH,gDAHqB,KAAK;;EA0CzB"} -------------------------------------------------------------------------------- /types/lib/helpers/protobom.d.ts: -------------------------------------------------------------------------------- 1 | export function writeBinary(bomJson: string | any, binFile: string): void; 2 | export function readBinary(binFile: string, asJson?: boolean, specVersion?: number): any; 3 | //# sourceMappingURL=protobom.d.ts.map -------------------------------------------------------------------------------- /types/lib/helpers/protobom.d.ts.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"protobom.d.ts","sourceRoot":"","sources":["../../../lib/helpers/protobom.js"],"names":[],"mappings":"AAsBO,qCAHI,MAAM,MAAS,WACf,MAAM,QAmBhB;AASM,oCAJI,MAAM,WACN,OAAO,gBACP,MAAM,OAmBhB"} -------------------------------------------------------------------------------- /types/lib/helpers/validator.d.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Validate the component properties 3 | * 4 | * @param {object} bomJson Bom json object 5 | */ 6 | export function validateProps(bomJson: object): boolean; 7 | export function validateBom(bomJson: object): boolean; 8 | export function validateMetadata(bomJson: object): boolean; 9 | export function validatePurls(bomJson: object): boolean; 10 | export function validateRefs(bomJson: object): boolean; 11 | //# sourceMappingURL=validator.d.ts.map -------------------------------------------------------------------------------- /types/lib/helpers/validator.d.ts.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"validator.d.ts","sourceRoot":"","sources":["../../../lib/helpers/validator.js"],"names":[],"mappings":"AAuUA;;;;GAIG;AACH,uCAFW,MAAM,WA0FhB;AAjZM,qCAJI,MAAM,WAkDhB;AAOM,0CAFI,MAAM,WA2DhB;AAOM,uCAFI,MAAM,WA4EhB;AA6BM,sCAFI,MAAM,WAwFhB"} -------------------------------------------------------------------------------- /types/lib/managers/binary.d.ts: -------------------------------------------------------------------------------- 1 | export function getCargoAuditableInfo(src: any): string; 2 | /** 3 | * Execute sourcekitten plugin with the given arguments 4 | * 5 | * @param args {Array} Arguments 6 | * @returns {undefined|Object} Command output 7 | */ 8 | export function executeSourcekitten(args: any[]): undefined | any; 9 | /** 10 | * Get the packages installed in the container image filesystem. 11 | * 12 | * @param src {String} Source directory containing the extracted filesystem. 13 | * @param imageConfig {Object} Image configuration containing environment variables, command, entrypoints etc 14 | * 15 | * @returns {Object} Metadata containing packages, dependencies, etc 16 | */ 17 | export function getOSPackages(src: string, imageConfig: any): any; 18 | export function executeOsQuery(query: any): any; 19 | /** 20 | * Method to execute dosai to create slices for dotnet 21 | * 22 | * @param {string} src Source Path 23 | * @param {string} slicesFile Slices file name 24 | * @returns boolean 25 | */ 26 | export function getDotnetSlices(src: string, slicesFile: string): boolean; 27 | /** 28 | * Method to generate binary SBOM using blint 29 | * 30 | * @param {string} src Path to binary or its directory 31 | * @param {string} binaryBomFile Path to binary 32 | * @param {boolean} deepMode Deep mode flag 33 | * 34 | * @return {boolean} Result of the generation 35 | */ 36 | export function getBinaryBom(src: string, binaryBomFile: string, deepMode: boolean): boolean; 37 | //# sourceMappingURL=binary.d.ts.map -------------------------------------------------------------------------------- /types/lib/managers/binary.d.ts.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"binary.d.ts","sourceRoot":"","sources":["../../../lib/managers/binary.js"],"names":[],"mappings":"AAyXA,wDAkBC;AAED;;;;;GAKG;AACH,kDAFa,SAAS,MAAO,CAqB5B;AAED;;;;;;;GAOG;AACH,kEAqaC;AAsDD,gDAoDC;AAED;;;;;;GAMG;AACH,qCAJW,MAAM,cACN,MAAM,WA0ChB;AAED;;;;;;;;GAQG;AACH,kCANW,MAAM,iBACN,MAAM,YACN,OAAO,GAEN,OAAO,CA8BlB"} -------------------------------------------------------------------------------- /types/lib/managers/docker.d.ts.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"docker.d.ts","sourceRoot":"","sources":["../../../lib/managers/docker.js"],"names":[],"mappings":"AAkFA;;GAEG;AACH,oCAsBC;AAED;;GAEG;AACH,4CA6CC;AAhID,4BAA6C;AAC7C,kCAAmC,WAAW,CAAC;AAmCxC,kDAeN;AAwFM,iCAHI,MAAM,WACN,MAAM,iDAehB;AAqBM,6DAmBN;AAgLM,4EAsGN;AAEM,oFAwBN;AAUM;;;;;;;;EA2EN;AAyBM,2DAoMN;AAgBM,yFAuGN;AAMM;;;;;;;;;;;;;;GAwDN;AAEM;;;;;;;;GAyGN;AAMM,4EA+IN;AAKM,4EA2GN;AAEM,+EAEN;AAEM,4EA2CN;AAEM,iFA0BN"} -------------------------------------------------------------------------------- /types/lib/managers/oci.d.ts: -------------------------------------------------------------------------------- 1 | export function getBomWithOras(image: any, platform?: any): any; 2 | //# sourceMappingURL=oci.d.ts.map -------------------------------------------------------------------------------- /types/lib/managers/oci.d.ts.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"oci.d.ts","sourceRoot":"","sources":["../../../lib/managers/oci.js"],"names":[],"mappings":"AAUA,gEA2DC"} -------------------------------------------------------------------------------- /types/lib/managers/piptree.d.ts: -------------------------------------------------------------------------------- 1 | export function getTreeWithPlugin(env: any, python_cmd: string, basePath: string): any; 2 | //# sourceMappingURL=piptree.d.ts.map -------------------------------------------------------------------------------- /types/lib/managers/piptree.d.ts.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"piptree.d.ts","sourceRoot":"","sources":["../../../lib/managers/piptree.js"],"names":[],"mappings":"AA+HO,uFAoCN"} -------------------------------------------------------------------------------- /types/lib/server/server.d.ts: -------------------------------------------------------------------------------- 1 | export function configureServer(cdxgenServer: any): void; 2 | export function start(options: any): void; 3 | //# sourceMappingURL=server.d.ts.map -------------------------------------------------------------------------------- /types/lib/server/server.d.ts.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../../lib/server/server.js"],"names":[],"mappings":"AA6IA,yDAKC;AAED,0CA0KC"} -------------------------------------------------------------------------------- /types/lib/stages/postgen/annotator.d.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Method to determine the type of the BOM. 3 | * 4 | * @param {Object} bomJson BOM JSON Object 5 | * 6 | * @returns {String} Type of the bom such as sbom, cbom, obom, ml-bom etc 7 | */ 8 | export function findBomType(bomJson: any): string; 9 | /** 10 | * Create the textual representation of the metadata section. 11 | * 12 | * @param {Object} bomJson BOM JSON Object 13 | * 14 | * @returns {String | undefined} Textual representation of the metadata 15 | */ 16 | export function textualMetadata(bomJson: any): string | undefined; 17 | /** 18 | * Extract interesting tags from the component attribute 19 | * 20 | * @param {Object} component CycloneDX component 21 | * @param {String} bomType BOM type 22 | * @param {String} parentComponentType Parent component type 23 | * 24 | * @returns {Array | undefined} Array of string tags 25 | */ 26 | export function extractTags(component: any, bomType?: string, parentComponentType?: string): any[] | undefined; 27 | //# sourceMappingURL=annotator.d.ts.map -------------------------------------------------------------------------------- /types/lib/stages/postgen/annotator.d.ts.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"annotator.d.ts","sourceRoot":"","sources":["../../../../lib/stages/postgen/annotator.js"],"names":[],"mappings":"AA2CA;;;;;;GAMG;AACH,kDAkCC;AAED;;;;;;GAMG;AACH,+CAFa,SAAS,SAAS,CAuN9B;AAED;;;;;;;;GAQG;AACH,6FAFa,QAAQ,SAAS,CAsF7B"} -------------------------------------------------------------------------------- /types/lib/stages/postgen/postgen.d.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Filter and enhance BOM post generation. 3 | * 4 | * @param {Object} bomNSData BOM with namespaces object 5 | * @param {Object} options CLI options 6 | * 7 | * @returns {Object} Modified bomNSData 8 | */ 9 | export function postProcess(bomNSData: any, options: any): any; 10 | /** 11 | * Apply additional metadata based on components 12 | * 13 | * @param {Object} bomJson BOM JSON Object 14 | * @param {Object} options CLI options 15 | * 16 | * @returns {Object} Filtered BOM JSON 17 | */ 18 | export function applyMetadata(bomJson: any, options: any): any; 19 | /** 20 | * Apply definitions.standards based on options 21 | * 22 | * @param {Object} bomJson BOM JSON Object 23 | * @param {Object} options CLI options 24 | * 25 | * @returns {Object} Filtered BOM JSON 26 | */ 27 | export function applyStandards(bomJson: any, options: any): any; 28 | /** 29 | * Filter BOM based on options 30 | * 31 | * @param {Object} bomJson BOM JSON Object 32 | * @param {Object} options CLI options 33 | * 34 | * @returns {Object} Filtered BOM JSON 35 | */ 36 | export function filterBom(bomJson: any, options: any): any; 37 | /** 38 | * Clean up 39 | */ 40 | export function cleanupEnv(_options: any): void; 41 | export function cleanupTmpDir(): void; 42 | /** 43 | * Annotate the document with annotator 44 | * 45 | * @param {Object} bomJson BOM JSON Object 46 | * @param {Object} options CLI options 47 | * 48 | * @returns {Object} Annotated BOM JSON 49 | */ 50 | export function annotate(bomJson: any, options: any): any; 51 | //# sourceMappingURL=postgen.d.ts.map -------------------------------------------------------------------------------- /types/lib/stages/postgen/postgen.d.ts.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"postgen.d.ts","sourceRoot":"","sources":["../../../../lib/stages/postgen/postgen.js"],"names":[],"mappings":"AAwCA;;;;;;;GAOG;AACH,+DAmBC;AAED;;;;;;;GAOG;AACH,+DA0GC;AAED;;;;;;;GAOG;AACH,gEA+BC;AA8CD;;;;;;;GAOG;AACH,2DAmKC;AAED;;GAEG;AACH,gDAIC;AAED,sCAIC;AAMD;;;;;;;GAOG;AACH,0DAuHC"} -------------------------------------------------------------------------------- /types/lib/stages/pregen/pregen.d.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Method to prepare the build environment for BOM generation purposes. 3 | * 4 | * @param {String} filePath Path 5 | * @param {Object} options CLI options 6 | */ 7 | export function prepareEnv(filePath: string, options: any): void; 8 | /** 9 | * Method to prepare sdkman build environment for BOM generation purposes. 10 | * 11 | * @param {String} projectType Project type 12 | */ 13 | export function prepareSdkmanBuild(projectType: string): boolean; 14 | /** 15 | * Method to check and prepare the environment for python 16 | * 17 | * @param {String} _filePath Path 18 | * @param {Object} options CLI Options 19 | */ 20 | export function preparePythonEnv(_filePath: string, options: any): void; 21 | /** 22 | * Method to check and prepare the environment for node 23 | * 24 | * @param {String} filePath Path 25 | * @param {Object} options CLI Options 26 | */ 27 | export function prepareNodeEnv(filePath: string, options: any): void; 28 | /** 29 | * If NVM_DIR is in path, however nvm command is not loaded. 30 | * it is possible that required nodeVersion is not installed. 31 | * This function loads nvm and install the nodeVersion 32 | * 33 | * @param {String} nodeVersion required version number 34 | * 35 | * @returns {Boolean} true if successful, otherwise false 36 | */ 37 | export function tryLoadNvmAndInstallTool(nodeVersion: string): boolean; 38 | /** 39 | * This method installs and create package-lock.json 40 | * 41 | * @param {String} filePath Path 42 | * @param {String} nvmNodePath Path to node version in nvm 43 | */ 44 | export function doNpmInstall(filePath: string, nvmNodePath: string): void; 45 | /** 46 | * Method to check and build the swift project 47 | * 48 | * @param {String} filePath Path 49 | * @param {Object} options CLI Options 50 | */ 51 | export function prepareSwiftEnv(filePath: string, options: any): void; 52 | /** 53 | * Method to check and prepare the environment for Ruby projects 54 | * 55 | * @param {String} filePath Path 56 | * @param {Object} options CLI Options 57 | */ 58 | export function prepareRubyEnv(filePath: string, options: any): void; 59 | //# sourceMappingURL=pregen.d.ts.map -------------------------------------------------------------------------------- /types/lib/stages/pregen/pregen.d.ts.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"pregen.d.ts","sourceRoot":"","sources":["../../../../lib/stages/pregen/pregen.js"],"names":[],"mappings":"AA+BA;;;;;GAKG;AACH,iEAkBC;AAED;;;;GAIG;AACH,iEASC;AAED;;;;;GAKG;AACH,wEAyCC;AAED;;;;;GAKG;AACH,qEAyDC;AAED;;;;;;;;GAQG;AACH,uEAmBC;AAED;;;;;GAKG;AACH,0EAyCC;AAED;;;;;GAKG;AACH,sEA6EC;AAED;;;;;GAKG;AACH,qEA8PC"} --------------------------------------------------------------------------------