Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: update BoM references #622

Merged
merged 3 commits into from
Oct 9, 2023
Merged

docs: update BoM references #622

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
99ddfe8
docs: replace uses of OBoM with OBOM
setchy Oct 9, 2023
8afebf3
docs: replace uses of BoM with BOM
setchy Oct 9, 2023
5697069
fix pretty
setchy Oct 9, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion ADVANCED.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ To improve performance for re-runs, pass the argument `--skip-maven-collector` t

## Interactive mode

`cdxi` is a new interactive REPL server to create, import, and search a BoM. All the exported functions from cdxgen and node.js could be used in this mode. In addition, several custom commands are defined.
`cdxi` is a new interactive REPL server to create, import, and search a BOM. All the exported functions from cdxgen and node.js could be used in this mode. In addition, several custom commands are defined.

[![cdxi demo](https://asciinema.org/a/602361.svg)](https://asciinema.org/a/602361)

Expand Down
14 changes: 7 additions & 7 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

cdxgen is a cli tool, library, [REPL](./ADVANCED.md), and server to create a valid and compliant [CycloneDX][cyclonedx-homepage] Software Bill of Materials (SBOM) containing an aggregate of all project dependencies for c/c++, node.js, php, python, ruby, rust, java, .Net, dart, haskell, elixir, and Go projects in JSON format. CycloneDX 1.5 is a lightweight SBOM specification that is easily created, human and machine-readable, and simple to parse.

When used with plugins, cdxgen could generate an OBoM for Linux docker images and even VMs running Linux or Windows operating systems. cdxgen also includes an evinse tool to generate component evidence and SaaSBOM for some languages.
When used with plugins, cdxgen could generate an OBOM for Linux docker images and even VMs running Linux or Windows operating systems. cdxgen also includes an evinse tool to generate component evidence and SaaSBOM for some languages.

NOTE:

Expand Down Expand Up @@ -61,7 +61,7 @@ NOTE:

Footnotes:

- [1] - For multi-module applications, the BoM file could include components not included in the packaged war or ear file.
- [1] - For multi-module applications, the BOM file could include components not included in the packaged war or ear file.
- [2] - Pip freeze is automatically performed to improve precision. Requires virtual environment.
- [3] - Perform dotnet or nuget restore to generate project.assets.json. Without this file, cdxgen would not include indirect dependencies.
- [4] - See the section on plugins
Expand Down Expand Up @@ -197,7 +197,7 @@ To print the SBOM as a table pass `-p` argument.
cdxgen -t java -o bom.json -p
```

To recursively generate a single BoM for all languages pass `-r` argument.
To recursively generate a single BOM for all languages pass `-r` argument.

```shell
cdxgen -r -o bom.json
Expand Down Expand Up @@ -281,7 +281,7 @@ docker compose up

## War file support

cdxgen can generate a BoM file from a given war file.
cdxgen can generate a BOM file from a given war file.

```shell
# cdxgen -t java app.war
Expand Down Expand Up @@ -399,9 +399,9 @@ systemctl --user start podman.socket
podman system service -t 0 &
```

### Generate OBoM for a live system
### Generate OBOM for a live system

You can use the `obom` command to generate an OBoM for a live system or a VM for compliance and vulnerability management purposes. Windows and Linux operating systems are supported in this mode.
You can use the `obom` command to generate an OBOM for a live system or a VM for compliance and vulnerability management purposes. Windows and Linux operating systems are supported in this mode.

```shell
# obom is an alias for cdxgen -t os
Expand All @@ -417,7 +417,7 @@ See [evinse mode](./ADVANCED.md) in the advanced documentation.

## BoM signing

cdxgen can sign the generated BoM json file to increase authenticity and non-repudiation capabilities. To enable this, set the following environment variables.
cdxgen can sign the generated BOM json file to increase authenticity and non-repudiation capabilities. To enable this, set the following environment variables.

- SBOM_SIGN_ALGORITHM: Algorithm. Example: RS512
- SBOM_SIGN_PRIVATE_KEY: Location to the RSA private key
Expand Down
40 changes: 20 additions & 20 deletions bin/repl.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,16 +110,16 @@ cdxgenRepl.defineCommand("create", {
});
if (bomNSData) {
sbom = bomNSData.bomJson;
console.log("✅ BoM imported successfully.");
console.log("💭 Type .print to view the BoM as a table");
console.log("✅ BOM imported successfully.");
console.log("💭 Type .print to view the BOM as a table");
} else {
console.log("BoM was not generated successfully");
console.log("BOM was not generated successfully");
}
this.displayPrompt();
}
});
cdxgenRepl.defineCommand("import", {
help: "import an existing BoM",
help: "import an existing BOM",
action(sbomOrPath) {
this.clearBufferedCommand();
importSbom(sbomOrPath);
Expand All @@ -139,7 +139,7 @@ cdxgenRepl.defineCommand("sbom", {
console.log(sbom);
} else {
console.log(
"⚠ No BoM is loaded. Use .import command to import an existing BoM"
"⚠ No BOM is loaded. Use .import command to import an existing BOM"
);
}
this.displayPrompt();
Expand Down Expand Up @@ -171,7 +171,7 @@ cdxgenRepl.defineCommand("search", {
}
} else {
console.log(
"⚠ No BoM is loaded. Use .import command to import an existing BoM"
"⚠ No BOM is loaded. Use .import command to import an existing BOM"
);
}
this.displayPrompt();
Expand Down Expand Up @@ -205,7 +205,7 @@ cdxgenRepl.defineCommand("sort", {
}
} else {
console.log(
"⚠ No BoM is loaded. Use .import command to import an existing BoM"
"⚠ No BOM is loaded. Use .import command to import an existing BOM"
);
}
this.displayPrompt();
Expand All @@ -229,7 +229,7 @@ cdxgenRepl.defineCommand("query", {
}
} else {
console.log(
"⚠ No BoM is loaded. Use .import command to import an existing BoM"
"⚠ No BOM is loaded. Use .import command to import an existing BOM"
);
}
this.displayPrompt();
Expand All @@ -242,7 +242,7 @@ cdxgenRepl.defineCommand("print", {
printTable(sbom);
} else {
console.log(
"⚠ No BoM is loaded. Use .import command to import an existing BoM"
"⚠ No BOM is loaded. Use .import command to import an existing BOM"
);
}
this.displayPrompt();
Expand All @@ -255,7 +255,7 @@ cdxgenRepl.defineCommand("tree", {
printDependencyTree(sbom);
} else {
console.log(
"⚠ No BoM is loaded. Use .import command to import an existing BoM"
"⚠ No BOM is loaded. Use .import command to import an existing BOM"
);
}
this.displayPrompt();
Expand All @@ -271,7 +271,7 @@ cdxgenRepl.defineCommand("validate", {
}
} else {
console.log(
"⚠ No BoM is loaded. Use .import command to import an existing BoM"
"⚠ No BOM is loaded. Use .import command to import an existing BOM"
);
}
this.displayPrompt();
Expand All @@ -285,10 +285,10 @@ cdxgenRepl.defineCommand("save", {
saveToFile = "bom.json";
}
fs.writeFileSync(saveToFile, JSON.stringify(sbom, null, 2));
console.log(`BoM saved successfully to ${saveToFile}`);
console.log(`BOM saved successfully to ${saveToFile}`);
} else {
console.log(
"⚠ No BoM is loaded. Use .import command to import an existing BoM"
"⚠ No BOM is loaded. Use .import command to import an existing BOM"
);
}
this.displayPrompt();
Expand All @@ -313,10 +313,10 @@ cdxgenRepl.defineCommand("update", {
if (newSbom && newSbom.components.length <= sbom.components.length) {
sbom = newSbom;
}
console.log("BoM updated successfully.");
console.log("BOM updated successfully.");
} else {
console.log(
"⚠ No BoM is loaded. Use .import command to import an existing BoM"
"⚠ No BOM is loaded. Use .import command to import an existing BOM"
);
}
this.displayPrompt();
Expand All @@ -333,7 +333,7 @@ cdxgenRepl.defineCommand("occurrences", {
let components = await expression.evaluate(sbom);
if (!components) {
console.log(
"No results found. Use evinse command to generate an BoM with evidence."
"No results found. Use evinse command to generate an BOM with evidence."
);
} else {
if (!Array.isArray(components)) {
Expand All @@ -346,7 +346,7 @@ cdxgenRepl.defineCommand("occurrences", {
}
} else {
console.log(
"⚠ No BoM is loaded. Use .import command to import an evinse BoM"
"⚠ No BOM is loaded. Use .import command to import an evinse BOM"
);
}
this.displayPrompt();
Expand Down Expand Up @@ -437,7 +437,7 @@ cdxgenRepl.defineCommand("osinfocategories", {
let catgories = await expression.evaluate(sbom);
if (!catgories) {
console.log(
"Unable to retrieve the os info categories. Only OBoMs generated by cdxgen are supported by this tool."
"Unable to retrieve the os info categories. Only OBOMs generated by cdxgen are supported by this tool."
);
} else {
console.log(catgories.join("\n"));
Expand All @@ -447,7 +447,7 @@ cdxgenRepl.defineCommand("osinfocategories", {
}
} else {
console.log(
"⚠ No OBoM is loaded. Use .import command to import an OBoM"
"⚠ No OBOM is loaded. Use .import command to import an OBOM"
);
}
this.displayPrompt();
Expand Down Expand Up @@ -546,7 +546,7 @@ cdxgenRepl.defineCommand("osinfocategories", {
}
} else {
console.log(
"⚠ No OBoM is loaded. Use .import command to import an OBoM"
"⚠ No OBOM is loaded. Use .import command to import an OBOM"
);
}
this.displayPrompt();
Expand Down
16 changes: 8 additions & 8 deletions docs/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ To print the SBOM as a table pass `-p` argument.
cdxgen -t java -o bom.json -p
```

To recursively generate a single BoM for all languages pass `-r` argument.
To recursively generate a single BOM for all languages pass `-r` argument.

```shell
cdxgen -r -o bom.json
Expand Down Expand Up @@ -107,9 +107,9 @@ systemctl --user start podman.socket
podman system service -t 0 &
```

#### **Generate OBoM**
#### **Generate OBOM**

You can use the `obom` command to generate an OBoM for a live system or a VM for compliance and vulnerability management purposes. Windows and Linux operating systems are supported in this mode.
You can use the `obom` command to generate an OBOM for a live system or a VM for compliance and vulnerability management purposes. Windows and Linux operating systems are supported in this mode.

```shell
# obom is an alias for cdxgen -t os
Expand All @@ -121,7 +121,7 @@ This feature is powered by osquery, which is [installed](https://github.com/cycl

#### **Integrate with Dependency Track**

Invoke cdxgen with the below aruments to automatically submit the BoM to your organization's Dependency Track server.
Invoke cdxgen with the below arguments to automatically submit the BOM to your organization's Dependency Track server.

```shell
--server-url Dependency track url. Eg: https://deptrack.cyclon
Expand Down Expand Up @@ -189,7 +189,7 @@ NOTE:

Footnotes:

- [1] - For multi-module applications, the BoM file could include components not included in the packaged war or ear file.
- [1] - For multi-module applications, the BOM file could include components not included in the packaged war or ear file.
- [2] - Pip freeze is automatically performed to improve precision. Requires virtual environment.
- [3] - Perform dotnet or nuget restore to generate project.assets.json. Without this file, cdxgen would not include indirect dependencies.
- [4] - See the section on plugins
Expand Down Expand Up @@ -263,9 +263,9 @@ const bomNSData = await createBom(filePath, options);
const dbody = await submitBom(args, bomNSData.bomJson);
```

#### **BoM Signing**
#### **BOM Signing**

cdxgen can sign the generated BoM json file to increase authenticity and non-repudiation capabilities. To enable this, set the following environment variables.
cdxgen can sign the generated BOM json file to increase authenticity and non-repudiation capabilities. To enable this, set the following environment variables.

- SBOM_SIGN_ALGORITHM: Algorithm. Example: RS512
- SBOM_SIGN_PRIVATE_KEY: Location to the RSA private key
Expand Down Expand Up @@ -309,7 +309,7 @@ if (validationResult) {

#### **REPL Mode**

`cdxi` is a new interactive REPL server to create, import, and search a BoM. All the exported functions from cdxgen and node.js could be used in this mode. In addition, several custom commands are defined.
`cdxi` is a new interactive REPL server to create, import, and search a BOM. All the exported functions from cdxgen and node.js could be used in this mode. In addition, several custom commands are defined.

[![cdxi demo](https://asciinema.org/a/602361.svg)](https://asciinema.org/a/602361)

Expand Down
4 changes: 2 additions & 2 deletions docs/_coverpage.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,6 @@
> A polyglot tool and a library for generating various Bill of Materials in CycloneDX specification.

- Generate Software Bill of Materials (SBOM) for most applications and container images with a single command
- Generate Operations Bill of Materials (OBoM) for Linux and Windows hosts
- Generate Operations Bill of Materials (OBOM) for Linux and Windows hosts
- Integrate with any CI/CD pipeline
- Automatically submit the generated BoM to your dependency track server for analysis
- Automatically submit the generated BOM to your dependency track server for analysis
10 changes: 5 additions & 5 deletions index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2634,7 +2634,7 @@ export const createGoBom = async (path, options) => {
);
if (gomodFiles.length) {
let shouldManuallyParse = false;
// Use the go list -deps and go mod why commands to generate a good quality BoM for non-docker invocations
// Use the go list -deps and go mod why commands to generate a good quality BOM for non-docker invocations
if (!["docker", "oci", "os"].includes(options.projectType)) {
for (const f of gomodFiles) {
const basePath = dirname(f);
Expand Down Expand Up @@ -2738,10 +2738,10 @@ export const createGoBom = async (path, options) => {
});
}
}
// Parse the gomod files manually. The resultant BoM would be incomplete
// Parse the gomod files manually. The resultant BOM would be incomplete
if (!["docker", "oci", "os"].includes(options.projectType)) {
console.log(
"Manually parsing go.mod files. The resultant BoM would be incomplete."
"Manually parsing go.mod files. The resultant BOM would be incomplete."
);
}
for (const f of gomodFiles) {
Expand Down Expand Up @@ -3285,7 +3285,7 @@ export const createCloudBuildBom = (path, options) => {
*/
export const createOSBom = (path, options) => {
console.warn(
"About to generate OBoM for the current OS installation. This will take several minutes ..."
"About to generate OBOM for the current OS installation. This will take several minutes ..."
);
let pkgList = [];
let bomData = {};
Expand Down Expand Up @@ -4165,7 +4165,7 @@ export const dedupeBom = (
componentsXmls = trimComponents(componentsXmls, "xml");
if (DEBUG_MODE) {
console.log(
`BoM includes ${components.length} components and ${dependencies.length} dependencies after dedupe`
`BOM includes ${components.length} components and ${dependencies.length} dependencies after dedupe`
);
}
const serialNum = "urn:uuid:" + uuidv4();
Expand Down
Loading