From be9a8649113b0c8663b868874f5a06d5aace5119 Mon Sep 17 00:00:00 2001 From: sg Date: Thu, 22 Aug 2024 14:37:59 +0100 Subject: [PATCH] make cyclonedx report how many components it imported --- components/producers/cdxgen/task.yaml | 5 ++++- examples/pipelines/cdxgen-project/pipelinerun.yaml | 2 +- pkg/cyclonedx/cyclonedx.go | 7 +++++++ 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/components/producers/cdxgen/task.yaml b/components/producers/cdxgen/task.yaml index e9334b379..8d2e55e0a 100644 --- a/components/producers/cdxgen/task.yaml +++ b/components/producers/cdxgen/task.yaml @@ -5,6 +5,8 @@ metadata: name: producer-cdxgen labels: v1.dracon.ocurity.com/component: producer + v1.dracon.ocurity.com/test-type: sbom + v1.dracon.ocurity.com/language: all spec: description: Generate a CycloneDX SBOM from source code. params: @@ -41,7 +43,8 @@ spec: value: $(params.producer-cdxgen-astgen-ignore-file-pattern) - name: ASTGEN_IGNORE_DIRS value: $(params.producer-cdxgen-astgen-ignore-dirs) - script: node /opt/cdxgen/bin/cdxgen.js -r -p -o /scratch/out.json $(workspaces.output.path)/ --spec-version 1.4 + script: | + node /opt/cdxgen/bin/cdxgen.js -r -p -o /scratch/out.json $(workspaces.output.path)/ --spec-version 1.4 volumeMounts: - mountPath: /scratch name: scratch diff --git a/examples/pipelines/cdxgen-project/pipelinerun.yaml b/examples/pipelines/cdxgen-project/pipelinerun.yaml index 80d9557f7..9cb917173 100644 --- a/examples/pipelines/cdxgen-project/pipelinerun.yaml +++ b/examples/pipelines/cdxgen-project/pipelinerun.yaml @@ -8,7 +8,7 @@ spec: pipelineRef: name: dracon-cdxgen-project params: - - name: repository_url + - name: git-clone-url value: https://github.com/ocurity/e2e-monorepo.git - name: b64-signature-key # THIS IS AN EXAMPLE, PLEASE USE A PROPERLY SECURED SECRET KEY IN PRODUCTION diff --git a/pkg/cyclonedx/cyclonedx.go b/pkg/cyclonedx/cyclonedx.go index e43e98fc5..8a71a055b 100644 --- a/pkg/cyclonedx/cyclonedx.go +++ b/pkg/cyclonedx/cyclonedx.go @@ -3,6 +3,7 @@ package cyclonedx import ( "bytes" "fmt" + "log/slog" "strings" cdx "github.com/CycloneDX/cyclonedx-go" @@ -27,6 +28,12 @@ func ToDracon(inFile []byte, format string) ([]*v1.Issue, error) { if err := decoder.Decode(bom); err != nil { return issues, err } + componentLen := 0 + if bom.Components != nil { + componentLen = len(*bom.Components) + } + slog.Info(fmt.Sprintf("Successfully parsed CycloneDX BOM, recorded %d components", componentLen)) + buf := new(bytes.Buffer) // Encode the BOM err := cdx.NewBOMEncoder(buf, cdx.BOMFileFormatJSON).SetPretty(false).Encode(bom)