make cyclonedx report how many components it imported

components/producers/cdxgen/task.yaml

@@ -5,6 +5,8 @@ metadata:
   name: producer-cdxgen
   labels:
     v1.dracon.ocurity.com/component: producer
+    v1.dracon.ocurity.com/test-type: sbom
+    v1.dracon.ocurity.com/language: all
 spec:
   description: Generate a CycloneDX SBOM from source code.
   params:
@@ -41,7 +43,8 @@ spec:
           value: $(params.producer-cdxgen-astgen-ignore-file-pattern)
         - name: ASTGEN_IGNORE_DIRS
           value: $(params.producer-cdxgen-astgen-ignore-dirs)
-      script: node /opt/cdxgen/bin/cdxgen.js -r -p -o /scratch/out.json $(workspaces.output.path)/ --spec-version 1.4
+      script: |
+        node /opt/cdxgen/bin/cdxgen.js -r -p -o /scratch/out.json $(workspaces.output.path)/ --spec-version 1.4
       volumeMounts:
         - mountPath: /scratch
           name: scratch

examples/pipelines/cdxgen-project/pipelinerun.yaml

@@ -8,7 +8,7 @@ spec:
   pipelineRef:
     name: dracon-cdxgen-project
   params:
-  - name: repository_url
+  - name: git-clone-url
     value: https://github.com/ocurity/e2e-monorepo.git
   - name: b64-signature-key
   # THIS IS AN EXAMPLE, PLEASE USE A PROPERLY SECURED SECRET KEY IN PRODUCTION

pkg/cyclonedx/cyclonedx.go

@@ -3,6 +3,7 @@ package cyclonedx
 import (
 	"bytes"
 	"fmt"
+	"log/slog"
 	"strings"
 
 	cdx "github.com/CycloneDX/cyclonedx-go"
@@ -27,6 +28,12 @@ func ToDracon(inFile []byte, format string) ([]*v1.Issue, error) {
 	if err := decoder.Decode(bom); err != nil {
 		return issues, err
 	}
+	componentLen := 0
+	if bom.Components != nil {
+		componentLen = len(*bom.Components)
+	}
+	slog.Info(fmt.Sprintf("Successfully parsed CycloneDX BOM, recorded %d components", componentLen))
+
 	buf := new(bytes.Buffer)
 	// Encode the BOM
 	err := cdx.NewBOMEncoder(buf, cdx.BOMFileFormatJSON).SetPretty(false).Encode(bom)