-
-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathexample.cjs
91 lines (78 loc) · 2.88 KB
/
example.cjs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
/*!
This file is part of CycloneDX JavaScript Library.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
SPDX-License-Identifier: Apache-2.0
Copyright (c) OWASP Foundation. All Rights Reserved.
*/
/** Example how to serialize a Bom to JSON / XML. */
const CDX = require('@cyclonedx/cyclonedx-library')
// full Library is available as `CDX`, now
const lFac = new CDX.Factories.LicenseFactory()
const purlFac = new CDX.Factories.PackageUrlFactory('generic')
const bom = new CDX.Models.Bom()
bom.metadata.component = new CDX.Models.Component(
CDX.Enums.ComponentType.Application,
'MyProject'
)
bom.metadata.component.licenses.add(lFac.makeFromString('MIT OR Apache-2.0'))
const componentA = new CDX.Models.Component(
CDX.Enums.ComponentType.Library,
'myComponentA',
{
group: 'acme',
version: '1.33.7'
}
)
componentA.licenses.add(lFac.makeFromString('Apache-2.0'))
componentA.purl = purlFac.makeFromComponent(componentA)
bom.components.add(componentA)
bom.metadata.component.dependencies.add(componentA.bomRef)
const serializeSpec = CDX.Spec.Spec1dot6
const jsonSerializer = new CDX.Serialize.JsonSerializer(
new CDX.Serialize.JSON.Normalize.Factory(serializeSpec))
const serializedJson = jsonSerializer.serialize(bom)
console.log(serializedJson)
const jsonValidator = new CDX.Validation.JsonStrictValidator(serializeSpec.version)
jsonValidator.validate(serializedJson)
.then(validationErrors => {
if (validationErrors === null) {
console.info('JSON valid')
} else {
throw new Error('JSON ValidationError:\n' + JSON.stringify(validationErrors))
}
})
.catch(err => {
if (err instanceof CDX.Validation.MissingOptionalDependencyError) {
console.info('JSON validation skipped:', err)
} else {
throw err
}
})
const xmlSerializer = new CDX.Serialize.XmlSerializer(
new CDX.Serialize.XML.Normalize.Factory(serializeSpec))
const serializedXML = xmlSerializer.serialize(bom)
console.log(serializedXML)
const xmlValidator = new CDX.Validation.XmlValidator(serializeSpec.version)
xmlValidator.validate(serializedXML)
.then(validationErrors => {
if (validationErrors === null) {
console.info('XML valid')
} else {
throw new Error('XML ValidationError:\n' + JSON.stringify(validationErrors))
}
})
.catch(err => {
if (err instanceof CDX.Validation.MissingOptionalDependencyError) {
console.info('XML validation skipped:', err)
} else {
throw err
}
})