UNPKG

@cyclonedx/cdxgen

Version:

Creates CycloneDX Software Bill of Materials (SBOM) from source or container image

github.com/cdxgen/cdxgen

cdxgen/cdxgen

159 lines 5.19 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
/** * Read and validate a CycloneDX BOM file. * * @param {string} bomPath BOM file path * @returns {object} parsed CycloneDX BOM */ export function loadBomFile(bomPath: string): object; /** * Recursively list JSON files under a BOM directory. * * @param {string} bomDir directory path * @returns {string[]} discovered file paths */ export function listBomFiles(bomDir: string): string[]; /** * Load input BOM files from either a single file or a directory. * * @param {object} options CLI options * @returns {{ source: string, bomJson: object }[]} loaded input BOMs */ export function loadInputBoms(options: object): { source: string; bomJson: object; }[]; export function runDirectBomAuditFromBoms(inputBoms: any, options?: {}): Promise<{ auditMode: string; generatedAt: string; inputs: any; results: { auditOptions: { bomAuditCategories: any; bomAuditMinSeverity: any; bomAuditRulesDir: any; }; bomFormat: any; findings: any[]; serialNumber: any; source: any; specVersion: any; status: string; summary: { findingsBySeverity: { critical: number; high: number; low: number; medium: number; }; findingsCount: number; maxSeverity: string; }; }[]; summary: { findingsBySeverity: { critical: number; high: number; low: number; medium: number; }; inputBomCount: any; maxSeverity: string; totalFindings: number; bomsWithFindings: number; }; tool: { name: string; version: string; }; }>; /** * Build low-noise provenance-aware contextual findings from the root BOM target. * * These are intentionally conservative and only fire when there is explicit risk * posture already present in the target metadata. * * @param {object} target audit target * @returns {object[]} contextual findings */ export function buildTargetContextFindings(target: object): object[]; /** * Resolve the most specific Python package directory inside a cloned repo. * * @param {string} cloneDir cloned repository root * @param {object} target audit target * @returns {{ confidence: string, scanDir: string }} selected directory and confidence */ export function resolvePythonSourceDirectory(cloneDir: string, target: object): { confidence: string; scanDir: string; }; /** * Resolve the most appropriate scan directory for a cloned target repository. * * @param {string} cloneDir cloned repository root * @param {object} target audit target * @param {object} resolution repository resolution metadata * @returns {{ confidence: string, scanDir: string }} selected directory and confidence */ export function resolveTargetSourceDirectory(cloneDir: string, target: object, resolution: object): { confidence: string; scanDir: string; }; /** * Build shallow predictive findings for suspicious Python packaging files. * * Phase 1 intentionally focuses on high-signal packaging surfaces (`setup.py` * and package `__init__.py`) until deeper Python static analysis is added. * * @param {string} scanDir cloned repository scan directory * @param {object} target audit target * @returns {object[]} predictive findings */ export function buildPythonSourceHeuristicFindings(scanDir: string, target: object): object[]; /** * Analyze a single purl target by generating a child SBOM and auditing it. * * @param {object} target audit target * @param {object} options CLI options * @returns {Promise<object>} analyzed target result */ export function auditTarget(target: object, options: object): Promise<object>; export function groupAuditResults(results: any): any[]; /** * Run the predictive audit flow from one or more already-loaded CycloneDX BOM inputs. * * @param {{ source: string, bomJson: object }[]} inputBoms loaded CycloneDX BOM objects * @param {object} options CLI options * @returns {Promise<object>} aggregate audit report */ export function runAuditFromBoms(inputBoms: { source: string; bomJson: object; }[], options: object): Promise<object>; /** * Run the predictive audit flow from one or more CycloneDX BOM inputs. * * @param {object} options CLI options * @returns {Promise<object>} aggregate audit report */ export function runAudit(options: object): Promise<object>; /** * Render a report and compute the proper process exit code. * * @param {object} report aggregate report * @param {object} options CLI options * @returns {{ exitCode: number, output: string }} rendered output and exit code */ export function finalizeAuditReport(report: object, options: object): { exitCode: number; output: string; }; /** * Build a result file name for user-provided report output paths. * * @param {object} options CLI options * @returns {string | undefined} output file path */ export function defaultOutputFile(options: object): string | undefined; export const DEFAULT_AUDIT_CATEGORIES: string[]; //# sourceMappingURL=index.d.ts.map