-
-
Notifications
You must be signed in to change notification settings - Fork 16
Expand file tree
/
Copy pathexample.cjs
More file actions
96 lines (81 loc) · 3.2 KB
/
Copy pathexample.cjs
File metadata and controls
96 lines (81 loc) · 3.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
/*!
This file is part of CycloneDX JavaScript Library.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
SPDX-License-Identifier: Apache-2.0
Copyright (c) OWASP Foundation. All Rights Reserved.
*/
/** Example how to serialize a Bom to JSON / XML. */
const CDX = require('@cyclonedx/cyclonedx-library')
// Full library is available as `CDX`, now.
// Alternative for better tree-shaking on bundling, import only the needed symbols like so:
// const { Bom, Component } = require('@cyclonedx/cyclonedx-library/Models')
// const { ComponentType } = require('@cyclonedx/cyclonedx-library/Enums')
const spdxExpressionParser = require('spdx-expression-parse')
const lFac = new CDX.Contrib.License.Factories.LicenseFactory(spdxExpressionParser)
const bom = new CDX.Models.Bom()
bom.metadata.component = new CDX.Models.Component(
CDX.Enums.ComponentType.Application,
'MyProject'
)
bom.metadata.component.licenses.add(lFac.makeFromString('MIT OR Apache-2.0'))
const componentA = new CDX.Models.Component(
CDX.Enums.ComponentType.Library,
'myComponentA',
{
group: 'acme',
version: '1.33.7'
}
)
componentA.licenses.add(lFac.makeFromString('Apache-2.0'))
componentA.purl = `pkg:generic/${componentA.group}/${componentA.name}@${componentA.version}`
bom.components.add(componentA)
bom.metadata.component.dependencies.add(componentA.bomRef)
const serializeSpec = CDX.Spec.Spec1dot7
const jsonSerializer = new CDX.Serialize.JsonSerializer(
new CDX.Serialize.JSON.Normalize.Factory(serializeSpec))
const serializedJson = jsonSerializer.serialize(bom)
console.log(serializedJson)
const jsonValidator = new CDX.Validation.JsonStrictValidator(serializeSpec.version)
jsonValidator.validate(serializedJson)
.then(validationErrors => {
if (validationErrors === null) {
console.info('JSON valid')
} else {
throw new Error('JSON ValidationError:\n' + JSON.stringify(validationErrors))
}
})
.catch(err => {
if (err instanceof CDX.Validation.MissingOptionalDependencyError) {
console.info('JSON validation skipped:', err)
} else {
throw err
}
})
const xmlSerializer = new CDX.Serialize.XmlSerializer(
new CDX.Serialize.XML.Normalize.Factory(serializeSpec))
const serializedXML = xmlSerializer.serialize(bom)
console.log(serializedXML)
const xmlValidator = new CDX.Validation.XmlValidator(serializeSpec.version)
xmlValidator.validate(serializedXML)
.then(validationErrors => {
if (validationErrors === null) {
console.info('XML valid')
} else {
throw new Error('XML ValidationError:\n' + JSON.stringify(validationErrors))
}
})
.catch(err => {
if (err instanceof CDX.Validation.MissingOptionalDependencyError) {
console.info('XML validation skipped:', err)
} else {
throw err
}
})