From be9b4bec46f80fc3d2aa06cc951daf1dc3be2114 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonas=20Galv=C3=A3o=20Xavier?= Date: Tue, 5 Apr 2022 15:41:20 -0700 Subject: [PATCH 1/3] always output SBOM table MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jonas Galvão Xavier --- src/github/SyftGithubAction.ts | 2 +- .../__snapshots__/spdx.test.ts.snap | 21 +++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/src/github/SyftGithubAction.ts b/src/github/SyftGithubAction.ts index 67fa70d1..786a050d 100644 --- a/src/github/SyftGithubAction.ts +++ b/src/github/SyftGithubAction.ts @@ -126,7 +126,7 @@ async function executeSyft({ throw new Error("Invalid input, no image or path specified"); } - args = [...args, "-o", format]; + args = [...args, "-o", format, "-o", "table"]; if (opts.uploadToDependencySnapshotAPI) { // generate github dependency format diff --git a/tests/integration/__snapshots__/spdx.test.ts.snap b/tests/integration/__snapshots__/spdx.test.ts.snap index 708dfdec..8bb3ac70 100644 --- a/tests/integration/__snapshots__/spdx.test.ts.snap +++ b/tests/integration/__snapshots__/spdx.test.ts.snap @@ -414,6 +414,20 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:yallist:yallist:4.0.0:*:*:*:*:*:*:* ExternalRef: SECURITY cpe23Type cpe:2.3:a:*:yallist:4.0.0:*:*:*:*:*:*:* ExternalRef: PACKAGE_MANAGER purl pkg:npm/yallist@4.0.0 +NAME VERSION TYPE +chownr 2.0.0 npm +fs-minipass 2.1.0 npm +js-tokens 4.0.0 npm +loose-envify 1.4.0 npm +minipass 3.1.3 npm +minizlib 2.1.2 npm +mkdirp 1.0.4 npm +object-assign 4.1.1 npm +prop-types 15.7.2 npm +react 16.14.0 npm +react-is 16.13.1 npm +tar 6.1.0 npm +yallist 4.0.0 npm " `; @@ -556,5 +570,12 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:trim:trim:0.0.2:*:*:*:*:*:*:* ExternalRef: SECURITY cpe23Type cpe:2.3:a:*:trim:0.0.2:*:*:*:*:*:*:* ExternalRef: PACKAGE_MANAGER purl pkg:npm/trim@0.0.2 +NAME VERSION TYPE +loose-envify 1.4.0 npm +object-assign 4.1.1 npm +prop-types 15.7.2 npm +react 16.14.0 npm +react-is 16.13.1 npm +trim 0.0.2 npm " `; From e52d7423f6d55a95ed0a8c1ebfc4a04dd2e6d688 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonas=20Galv=C3=A3o=20Xavier?= Date: Tue, 5 Apr 2022 21:28:48 -0700 Subject: [PATCH 2/3] fix snapshots MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jonas Galvão Xavier --- tests/integration/__snapshots__/spdx.test.ts.snap | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/integration/__snapshots__/spdx.test.ts.snap b/tests/integration/__snapshots__/spdx.test.ts.snap index 8bb3ac70..55d40b81 100644 --- a/tests/integration/__snapshots__/spdx.test.ts.snap +++ b/tests/integration/__snapshots__/spdx.test.ts.snap @@ -24,6 +24,8 @@ PackageCopyrightText: NOASSERTION ExternalRef: SECURITY cpe23Type cpe:2.3:a:libvncserver:libvncserver:0.9.9:*:*:*:*:*:*:* ExternalRef: PACKAGE_MANAGER purl pkg:alpine/libvncserver@0.9.9?arch=x86_64&upstream=libvncserver&distro=alpine-3.12.0 +NAME VERSION TYPE +libvncserver 0.9.9 apk " `; @@ -182,6 +184,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:python:Pygments:2.6.1:*:*:*:*:*:*:* ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg:Pygments:2.6.1:*:*:*:*:*:*:* ExternalRef: PACKAGE_MANAGER purl pkg:pypi/Pygments@2.6.1 +NAME VERSION TYPE +Pygments 2.6.1 python +apt 1.8.2 deb +bundler 2.1.4 gem +example-java-app-maven 0.1.0 java-archive +joda-time 2.9.2 java-archive +npm 6.14.6 npm " `; @@ -571,6 +580,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:*:trim:0.0.2:*:*:*:*:*:*:* ExternalRef: PACKAGE_MANAGER purl pkg:npm/trim@0.0.2 NAME VERSION TYPE +js-tokens 4.0.0 npm loose-envify 1.4.0 npm object-assign 4.1.1 npm prop-types 15.7.2 npm From b0c6301662f94c6cf666d3afdeaa6b955a59627a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonas=20Galv=C3=A3o=20Xavier?= Date: Tue, 5 Apr 2022 21:39:08 -0700 Subject: [PATCH 3/3] npm run production MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jonas Galvão Xavier --- dist/attachReleaseAssets/index.js | 2 +- dist/downloadSyft/index.js | 2 +- dist/runSyftAction/index.js | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/dist/attachReleaseAssets/index.js b/dist/attachReleaseAssets/index.js index dcb78a14..585bc56f 100644 --- a/dist/attachReleaseAssets/index.js +++ b/dist/attachReleaseAssets/index.js @@ -19283,7 +19283,7 @@ function executeSyft(_a) { else { throw new Error("Invalid input, no image or path specified"); } - args = [...args, "-o", format]; + args = [...args, "-o", format, "-o", "table"]; if (opts.uploadToDependencySnapshotAPI) { // generate github dependency format args = [...args, "-o", `github=${githubDependencySnapshotFile}`]; diff --git a/dist/downloadSyft/index.js b/dist/downloadSyft/index.js index fed877b3..a0c509ec 100644 --- a/dist/downloadSyft/index.js +++ b/dist/downloadSyft/index.js @@ -19327,7 +19327,7 @@ function executeSyft(_a) { else { throw new Error("Invalid input, no image or path specified"); } - args = [...args, "-o", format]; + args = [...args, "-o", format, "-o", "table"]; if (opts.uploadToDependencySnapshotAPI) { // generate github dependency format args = [...args, "-o", `github=${githubDependencySnapshotFile}`]; diff --git a/dist/runSyftAction/index.js b/dist/runSyftAction/index.js index a31e5c21..b48f2670 100644 --- a/dist/runSyftAction/index.js +++ b/dist/runSyftAction/index.js @@ -19283,7 +19283,7 @@ function executeSyft(_a) { else { throw new Error("Invalid input, no image or path specified"); } - args = [...args, "-o", format]; + args = [...args, "-o", format, "-o", "table"]; if (opts.uploadToDependencySnapshotAPI) { // generate github dependency format args = [...args, "-o", `github=${githubDependencySnapshotFile}`];