Comments (6)
@coderpatros so the proper way to achieve my goal is to
- Cd desired location
- Npm install
- Cyclonedx-bom
- Cd project root
- Cyclonedx-npm -a desiredlocation/bom.xml
And iterate through all packages?
from cyclonedx-node-module.
@stevespringett I am not an expert in field of npm projects. It happen to me multiple times that I have encountered multi module project where running npm install && cyclonedx-bom in root directory produced me an empty bom while running cyclonedx-bom on separate modules provide results
try this repo for example: https://github.com/lerna/lerna
running npm install && cyclonedx-bom in root directory produce bom.xml with 62 lines
while running npm install && cyclonedx-bom in utils/log-packed produce 873 lines bom.xml
combining them with @coderpatros tip result in 921 bom.xml combined
PS @coderpatros this works, thank You!
from cyclonedx-node-module.
Hi @siewer it works the other way around.
When you invoke cyclonedx-bom -a /tmp/lerna/bom.xml
it is appending /tmp/lerna/bom.xml
to the newly generated SBOM.
from cyclonedx-node-module.
That should do it.
Although a comma separated list should work for the last step too.
from cyclonedx-node-module.
@siewer I'm curious why this approach is being taken. When generating BOMs, transitive dependencies will be included, so normally, there isn't a need to create BOMs for every package, unless of course that is the requirement.
from cyclonedx-node-module.
For any future visitors to this issue. You shouldn't normally need this for a single Node.js project. But might need it for mono repos where you want to create a consolidated view for the entire repo.
Another really good use case is where you are generating an SBOM for server and client side dependencies. i.e. .NET for server side and JS client side.
from cyclonedx-node-module.
Related Issues (20)
- FF in license file throws error HOT 3
- Invalid or unexpected token in 3.4.1 HOT 2
- URL within ExternalReferences array can contain just a period if project is created by create-react-app
- No dependencies(dependency graph) in the generated bom HOT 1
- bump integration tests: use non-vulnerable components HOT 1
- [YARN] support yarn2/yarn3 HOT 1
- use CDX-JS lib for data models, serialization and everythig. HOT 2
- Question: Does it suffice to run npm install instead of ng build in order to generate the BOM for an Angular project? HOT 2
- chore: have check for license-text file-header
- split code in library and application part HOT 2
- [Yarn] First-use experience has some issues HOT 6
- Exception if #purl is not available HOT 5
- Conflicts between cyclonedx-node-module and cyclonedx-python commands HOT 2
- Is the last element in property "dependencies" meaning "direct dependencies"?
- There are no components in the bom HOT 6
- [PSA] ALTERNATIVES :exclamation: :mega: HOT 1
- Missing feature in Version 4 / cyclonedx-npm to inlcuse License text HOT 3
- "cyclonedx-bom: command not found" when installing [email protected] HOT 3
- SBOM can contain invalid URLs in externalReferences HOT 7
- yarn 3.6.1 lockfile issue HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cyclonedx-node-module.