Add compute libyear command

[edwinkortman]

compute libyear

freshli compute libyear [filepath]

What does this command do?

The CycloneDX(SBOM) file passed to this command is generated by the bom:generate command. This file contains the Bill of Materials including the package URL.

This command will use the CycloneDX file to check each package what the current version is. It will use the packge URL for finding out what the current version is and which date it was released.

graph LR;
 subgraph what it should query
  queries-.-latest[What's the latest version? And it's release date?]
  queries-.-current[What's the currents version release date?]
 end

  subgraph different repositories
   Repositories-.-Composer
   Repositories-.-Bundler
   Repositories-.-Carton
   Repositories-.-Pip
   Repositories-.-NuGet
  end

 subgraph the flow
  purl[Package URL]-->Repository
  Repository-->query[Query info, find out where the code lives github.com etc.]
  query-->git[Ask git for the repository's tags and what date they were published]
  git-->calc[Calculate lib year]
 end

Loading

Command parameters

• filepath: Filepath of CycloneDX file containing the BOM history.

Notes

Fetching repository info with bundler:

root ➜ /code (calculate-libyear) $ bundle info sqlite3

  * sqlite3 (1.4.2)

        Summary: This module allows Ruby programs to interface with the SQLite3 database engine (http://www.sqlite.org)

        Homepage: https://github.com/sparklemotion/sqlite3-ruby

        Path: /usr/local/bundle/gems/sqlite3-1.4.2

Fetching repository info with carton (https://metacpan.org/dist/carton/view/lib/Carton/Doc/Show.pod):

carton show Module