UNPKG

add-vulnerabilities-to-bom

Version:

Adds known vulnerabilities to BOM

gitlab.com/kabo/add-vulnerabilities-to-bom

69 lines (47 loc) 1.7 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# Add vulnerabilities to BOM > Adds known vulnerabilities to BOM This is still beta software, do NOT rely on it for critical security. ## Install Install globally if you want to use the CLI. ```sh yarn global add add-vulnerabilities-to-bom # or npm i -g add-vulnerabilities-to-bom ``` Install locally if you want to use it as a library. ```sh yarn add add-vulnerabilities-to-bom # or npm i --save add-vulnerabilities-to-bom ``` ## Usage Expects a BOM generated by [@cyclonedx/bom](https://github.com/CycloneDX/cyclonedx-node-module), e.g. ```sh $ cyclonedx-bom -o bom.json --include-dev ``` ### CLI ```sh $ add-vulnerabilities-to-bom --help Options: --version Show version number [boolean] -f, --file path to bom.json [string] [default: "bom.json"] --help Show help [boolean] $ add-vulnerabilities-to-bom -f my-bom.json > bom-with-vulns.json ``` ### As a library ```typescript import { addVulnerabilitiesToBom, BomFile } from 'add-vulnerabilities-to-bom' const bom: BomFile = require('./bom.json') addVulnerabilitiesToBom(bom) .then(console.log) .catch(console.error) ``` ## Developing 1. Clone the repo 1. Run `yarn install` 1. Run `yarn test-watch` to run the tests while deving 1. Run `git add . && git commit -m some-message` to commit changes 1. Run `yarn release` to create a new version using [standard-version](https://github.com/conventional-changelog/standard-version) Lint checks and tests are run automatically on commit and built by the pipeline on push. ## License add-vulnerabilities-to-bom is licensed under the terms of the MIT license.