Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Spartan #195

Merged
merged 3 commits into from
May 8, 2020
Merged

Spartan #195

merged 3 commits into from
May 8, 2020

Conversation

DarthHater
Copy link
Member

Allow for a more sparse SBOM to be created

This pull request makes the following changes:

  • Adds a spartan option to the SBOM creator
  • Only fills out the details if we want them to be, otherwise creates a minimal sbom with what I thik are the required fields

cc @bhamail / @DarthHater / @allenhsieh / @ken-duck

@DarthHater DarthHater changed the base branch from master to sbomOutput May 8, 2020 21:56
@DarthHater DarthHater merged commit ed5692c into sbomOutput May 8, 2020
@DarthHater DarthHater deleted the CycloneMinimal branch May 8, 2020 22:25
ButterB0wl added a commit that referenced this pull request May 8, 2020
@ButterB0wl @DarthHater
fix: Pipe cyclonedx sbom to std_out (#194)
9bf2ae0 
* added 'sbom' subcommand to pipe the cyclonedx bom to std_out so it can be picked up by other scanners

* fixed the linting issues

* pinned the production dependency on minimist from node-persist -> mkdirp -> [email protected] to [email protected] due to a security vuln failing our dogfood scan

* added node script in package.json for an iq dogfood scan

* made include license data false for getInstalledDeps, but getSbomFromCommand already had it as false so it didn't change IQ scan times.  Might be worth stripping everything but the purls to keep it standard with the boms of the other tools

* fixed linting errors and removed the vscode settings json as those options are going to differ locally

* changed the circle-ci build to install from the package-lock.json

* trying npm ci install...

* removed the package-lock.json dependency

* Spartan (#195)

💥

* implemented spartan bom for sbom output and iq scans

Co-authored-by: Jeffry Hesse <[email protected]>
DarthHater pushed a commit that referenced this pull request May 8, 2020
chore(release): 4.0.15 [skip ci]
9308460 
## [4.0.15](v4.0.14...v4.0.15) (2020-05-08)

### Bug Fixes

* Pipe cyclonedx sbom to std_out ([#194](#194)) ([9bf2ae0](9bf2ae0)), closes [#195](#195)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@DarthHater