From c601150f1ad8f4a3f18c63dfd263859dba7adba9 Mon Sep 17 00:00:00 2001 From: prabhu Date: Thu, 3 Oct 2024 10:59:32 +0100 Subject: [PATCH] Refer to new custom images in the code (#1406) Signed-off-by: Prabhu Subramanian --- .github/workflows/build-base-images.yml | 30 +++++++++++--------- ci/base-images/cdxgen/Dockerfile.dotnet6 | 9 ++---- ci/base-images/cdxgen/Dockerfile.dotnet7 | 11 +++---- ci/base-images/cdxgen/Dockerfile.dotnet8 | 11 +++---- ci/base-images/cdxgen/Dockerfile.java | 11 +++---- ci/base-images/cdxgen/Dockerfile.java-slim | 11 +++---- ci/base-images/cdxgen/Dockerfile.java17 | 11 +++---- ci/base-images/cdxgen/Dockerfile.java17-slim | 11 +++---- ci/base-images/cdxgen/Dockerfile.node20 | 11 +++---- ci/base-images/cdxgen/Dockerfile.python | 9 ++---- ci/base-images/cdxgen/Dockerfile.python310 | 14 ++++----- ci/base-images/cdxgen/Dockerfile.python311 | 9 ++---- ci/base-images/cdxgen/Dockerfile.python36 | 9 ++---- ci/base-images/cdxgen/Dockerfile.python39 | 14 ++++----- ci/base-images/cdxgen/Dockerfile.rolling | 4 +-- docs/ADVANCED.md | 13 +++++++-- lib/cli/index.js | 8 +++--- lib/helpers/utils.js | 4 +-- types/lib/cli/index.d.ts.map | 2 +- 19 files changed, 85 insertions(+), 117 deletions(-) diff --git a/.github/workflows/build-base-images.yml b/.github/workflows/build-base-images.yml index fe6ab7842..82655d8a9 100644 --- a/.github/workflows/build-base-images.yml +++ b/.github/workflows/build-base-images.yml @@ -6,6 +6,8 @@ on: push: branches: - master + tags: + - 'v*' workflow_dispatch: concurrency: @@ -120,7 +122,7 @@ jobs: - name: Build and push Docker images uses: docker/build-push-action@v5 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/master' with: context: . file: ci/base-images/cdxgen/Dockerfile.dotnet6 @@ -206,7 +208,7 @@ jobs: - name: Build and push Docker images uses: docker/build-push-action@v5 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/master' with: context: . file: ci/base-images/cdxgen/Dockerfile.dotnet7 @@ -292,7 +294,7 @@ jobs: - name: Build and push Docker images uses: docker/build-push-action@v5 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/master' with: context: . file: ci/base-images/cdxgen/Dockerfile.dotnet8 @@ -416,7 +418,7 @@ jobs: - name: Build and push Docker images uses: docker/build-push-action@v5 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/master' with: context: . file: ci/base-images/cdxgen/Dockerfile.java @@ -466,7 +468,7 @@ jobs: - name: Build and push Docker images uses: docker/build-push-action@v5 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/master' with: context: . file: ci/base-images/cdxgen/Dockerfile.java-slim @@ -553,7 +555,7 @@ jobs: - name: Build and push Docker images uses: docker/build-push-action@v5 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/master' with: context: . file: ci/base-images/cdxgen/Dockerfile.node20 @@ -676,7 +678,7 @@ jobs: - name: Build and push Docker images uses: docker/build-push-action@v5 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/master' with: context: . file: ci/base-images/cdxgen/Dockerfile.java17 @@ -725,7 +727,7 @@ jobs: - name: Build and push Docker images uses: docker/build-push-action@v5 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/master' with: context: . file: ci/base-images/cdxgen/Dockerfile.java17-slim @@ -775,7 +777,7 @@ jobs: - name: Build and push Docker images uses: docker/build-push-action@v5 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/master' with: context: . file: ci/base-images/cdxgen/Dockerfile.python @@ -861,7 +863,7 @@ jobs: - name: Build and push Docker images uses: docker/build-push-action@v5 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/master' with: context: . file: ci/base-images/cdxgen/Dockerfile.python311 @@ -947,7 +949,7 @@ jobs: - name: Build and push Docker images uses: docker/build-push-action@v5 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/master' with: context: . file: ci/base-images/cdxgen/Dockerfile.python36 @@ -1033,7 +1035,7 @@ jobs: - name: Build and push Docker images uses: docker/build-push-action@v5 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/master' with: context: . file: ci/base-images/cdxgen/Dockerfile.rolling @@ -1108,7 +1110,7 @@ jobs: - name: Build and push Docker images uses: docker/build-push-action@v5 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/master' with: context: . file: ci/base-images/cdxgen/Dockerfile.python310 @@ -1194,7 +1196,7 @@ jobs: - name: Build and push Docker images uses: docker/build-push-action@v5 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/master' with: context: . file: ci/base-images/cdxgen/Dockerfile.python39 diff --git a/ci/base-images/cdxgen/Dockerfile.dotnet6 b/ci/base-images/cdxgen/Dockerfile.dotnet6 index 5d7e94360..2dad83d08 100644 --- a/ci/base-images/cdxgen/Dockerfile.dotnet6 +++ b/ci/base-images/cdxgen/Dockerfile.dotnet6 @@ -1,4 +1,4 @@ -FROM ghcr.io/cyclonedx/bci-dotnet:main +FROM ghcr.io/cyclonedx/bci-dotnet:master LABEL maintainer="CycloneDX" \ org.opencontainers.image.authors="Team AppThreat " \ @@ -11,14 +11,11 @@ LABEL maintainer="CycloneDX" \ org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for legacy .Net Core and .Net Framework apps" \ org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-dotnet:v10 -r /app --server" -ARG CDXGEN_VERSION=10.10.2 - -ENV CDXGEN_NO_BANNER=true \ - CDXGEN_IN_CONTAINER=true \ +ENV CDXGEN_IN_CONTAINER=true \ PYTHONPATH=/opt/pypi ENV PATH=${PATH}:/usr/local/bin:/opt/pypi/bin: -RUN npm install -g @cyclonedx/cdxgen@${CDXGEN_VERSION} --omit=dev \ +RUN npm install -g @cyclonedx/cdxgen --omit=dev \ && pip install --upgrade --no-cache-dir blint --target /opt/pypi ENTRYPOINT ["cdxgen"] diff --git a/ci/base-images/cdxgen/Dockerfile.dotnet7 b/ci/base-images/cdxgen/Dockerfile.dotnet7 index 3026bdfbc..a67d58cf7 100644 --- a/ci/base-images/cdxgen/Dockerfile.dotnet7 +++ b/ci/base-images/cdxgen/Dockerfile.dotnet7 @@ -1,6 +1,6 @@ -FROM ghcr.io/cyclonedx/bci-dotnet7:main +FROM ghcr.io/cyclonedx/bci-dotnet7:master -LABEL maintainer="AppThreat" \ +LABEL maintainer="CycloneDX" \ org.opencontainers.image.authors="Team AppThreat " \ org.opencontainers.image.source="https://github.com/CycloneDX/cdxgen" \ org.opencontainers.image.url="https://github.com/CycloneDX/cdxgen" \ @@ -11,14 +11,11 @@ LABEL maintainer="AppThreat" \ org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for dotnet 7 apps" \ org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-dotnet7:v10 -r /app --server" -ARG CDXGEN_VERSION=10.10.2 - -ENV CDXGEN_NO_BANNER=true \ - CDXGEN_IN_CONTAINER=true \ +ENV CDXGEN_IN_CONTAINER=true \ PYTHONPATH=/opt/pypi ENV PATH=${PATH}:/usr/local/bin:/opt/pypi/bin: -RUN npm install -g @cyclonedx/cdxgen@${CDXGEN_VERSION} --omit=dev \ +RUN npm install -g @cyclonedx/cdxgen --omit=dev \ && pip install --upgrade --no-cache-dir blint --target /opt/pypi ENTRYPOINT ["cdxgen"] diff --git a/ci/base-images/cdxgen/Dockerfile.dotnet8 b/ci/base-images/cdxgen/Dockerfile.dotnet8 index d75c37ab4..1b51998d6 100644 --- a/ci/base-images/cdxgen/Dockerfile.dotnet8 +++ b/ci/base-images/cdxgen/Dockerfile.dotnet8 @@ -1,6 +1,6 @@ -FROM ghcr.io/cyclonedx/bci-dotnet8:main +FROM ghcr.io/cyclonedx/bci-dotnet8:master -LABEL maintainer="AppThreat" \ +LABEL maintainer="CycloneDX" \ org.opencontainers.image.authors="Team AppThreat " \ org.opencontainers.image.source="https://github.com/CycloneDX/cdxgen" \ org.opencontainers.image.url="https://github.com/CycloneDX/cdxgen" \ @@ -11,14 +11,11 @@ LABEL maintainer="AppThreat" \ org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for dotnet 8 apps" \ org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-dotnet8:v10 -r /app --server" -ARG CDXGEN_VERSION=10.10.2 - -ENV CDXGEN_NO_BANNER=true \ - CDXGEN_IN_CONTAINER=true \ +ENV CDXGEN_IN_CONTAINER=true \ PYTHONPATH=/opt/pypi ENV PATH=${PATH}:/usr/local/bin:/opt/pypi/bin: -RUN npm install -g @cyclonedx/cdxgen@${CDXGEN_VERSION} --omit=dev \ +RUN npm install -g @cyclonedx/cdxgen --omit=dev \ && pip install --upgrade --no-cache-dir blint --target /opt/pypi ENTRYPOINT ["cdxgen"] diff --git a/ci/base-images/cdxgen/Dockerfile.java b/ci/base-images/cdxgen/Dockerfile.java index 0e8a95864..2524f112c 100644 --- a/ci/base-images/cdxgen/Dockerfile.java +++ b/ci/base-images/cdxgen/Dockerfile.java @@ -1,6 +1,6 @@ -FROM ghcr.io/cyclonedx/bci-java:main +FROM ghcr.io/cyclonedx/bci-java:master -LABEL maintainer="AppThreat" \ +LABEL maintainer="CycloneDX" \ org.opencontainers.image.authors="Team AppThreat " \ org.opencontainers.image.source="https://github.com/CycloneDX/cdxgen" \ org.opencontainers.image.url="https://github.com/CycloneDX/cdxgen" \ @@ -11,11 +11,8 @@ org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for Java 11 and android apps" \ org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-java:v10 -r /app --server" -ARG CDXGEN_VERSION=10.10.2 +ENV CDXGEN_IN_CONTAINER=true -ENV CDXGEN_NO_BANNER=true \ - CDXGEN_IN_CONTAINER=true - -RUN npm install -g @cyclonedx/cdxgen@${CDXGEN_VERSION} --omit=dev +RUN npm install -g @cyclonedx/cdxgen --omit=dev ENTRYPOINT ["cdxgen"] diff --git a/ci/base-images/cdxgen/Dockerfile.java-slim b/ci/base-images/cdxgen/Dockerfile.java-slim index f71d5f899..abb8da24d 100644 --- a/ci/base-images/cdxgen/Dockerfile.java-slim +++ b/ci/base-images/cdxgen/Dockerfile.java-slim @@ -1,6 +1,6 @@ -FROM ghcr.io/cyclonedx/bci-java-slim:main +FROM ghcr.io/cyclonedx/bci-java-slim:master -LABEL maintainer="AppThreat" \ +LABEL maintainer="CycloneDX" \ org.opencontainers.image.authors="Team AppThreat " \ org.opencontainers.image.source="https://github.com/CycloneDX/cdxgen" \ org.opencontainers.image.url="https://github.com/CycloneDX/cdxgen" \ @@ -11,11 +11,8 @@ LABEL maintainer="AppThreat" \ org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for Java 11 apps" \ org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-java-slim:v10 -r /app --server" -ARG CDXGEN_VERSION=10.10.2 +ENV CDXGEN_IN_CONTAINER=true -ENV CDXGEN_NO_BANNER=true \ - CDXGEN_IN_CONTAINER=true - -RUN npm install -g @cyclonedx/cdxgen@${CDXGEN_VERSION} --omit=dev +RUN npm install -g @cyclonedx/cdxgen --omit=dev ENTRYPOINT ["cdxgen"] diff --git a/ci/base-images/cdxgen/Dockerfile.java17 b/ci/base-images/cdxgen/Dockerfile.java17 index 3db4a7861..2c66ae9a3 100644 --- a/ci/base-images/cdxgen/Dockerfile.java17 +++ b/ci/base-images/cdxgen/Dockerfile.java17 @@ -1,6 +1,6 @@ -FROM ghcr.io/cyclonedx/bci-java17:main +FROM ghcr.io/cyclonedx/bci-java17:master -LABEL maintainer="AppThreat" \ +LABEL maintainer="CycloneDX" \ org.opencontainers.image.authors="Team AppThreat " \ org.opencontainers.image.source="https://github.com/CycloneDX/cdxgen" \ org.opencontainers.image.url="https://github.com/CycloneDX/cdxgen" \ @@ -11,11 +11,8 @@ LABEL maintainer="AppThreat" \ org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for Java 17 and android apps" \ org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-java17:v10 -r /app --server" -ARG CDXGEN_VERSION=10.10.2 +ENV CDXGEN_IN_CONTAINER=true -ENV CDXGEN_NO_BANNER=true \ - CDXGEN_IN_CONTAINER=true - -RUN npm install -g @cyclonedx/cdxgen@${CDXGEN_VERSION} --omit=dev +RUN npm install -g @cyclonedx/cdxgen --omit=dev ENTRYPOINT ["cdxgen"] diff --git a/ci/base-images/cdxgen/Dockerfile.java17-slim b/ci/base-images/cdxgen/Dockerfile.java17-slim index 76df640d4..b9491d401 100644 --- a/ci/base-images/cdxgen/Dockerfile.java17-slim +++ b/ci/base-images/cdxgen/Dockerfile.java17-slim @@ -1,6 +1,6 @@ -FROM ghcr.io/cyclonedx/bci-java17-slim:main +FROM ghcr.io/cyclonedx/bci-java17-slim:master -LABEL maintainer="AppThreat" \ +LABEL maintainer="CycloneDX" \ org.opencontainers.image.authors="Team AppThreat " \ org.opencontainers.image.source="https://github.com/CycloneDX/cdxgen" \ org.opencontainers.image.url="https://github.com/CycloneDX/cdxgen" \ @@ -11,11 +11,8 @@ LABEL maintainer="AppThreat" \ org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for Java 17 apps" \ org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-java17-slim:v10 -r /app --server" -ARG CDXGEN_VERSION=10.10.2 +ENV CDXGEN_IN_CONTAINER=true -ENV CDXGEN_NO_BANNER=true \ - CDXGEN_IN_CONTAINER=true - -RUN npm install -g @cyclonedx/cdxgen@${CDXGEN_VERSION} --omit=dev +RUN npm install -g @cyclonedx/cdxgen --omit=dev ENTRYPOINT ["cdxgen"] diff --git a/ci/base-images/cdxgen/Dockerfile.node20 b/ci/base-images/cdxgen/Dockerfile.node20 index cdbd1a4ec..edcede26d 100644 --- a/ci/base-images/cdxgen/Dockerfile.node20 +++ b/ci/base-images/cdxgen/Dockerfile.node20 @@ -1,6 +1,6 @@ -FROM ghcr.io/cyclonedx/bci-node20:main +FROM ghcr.io/cyclonedx/bci-node20:master -LABEL maintainer="AppThreat" \ +LABEL maintainer="CycloneDX" \ org.opencontainers.image.authors="Team AppThreat " \ org.opencontainers.image.source="https://github.com/CycloneDX/cdxgen" \ org.opencontainers.image.url="https://github.com/CycloneDX/cdxgen" \ @@ -11,11 +11,8 @@ LABEL maintainer="AppThreat" \ org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for Node.js 20 apps" \ org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-node20:v10 -r /app --server" -ARG CDXGEN_VERSION=10.10.2 +ENV CDXGEN_IN_CONTAINER=true -ENV CDXGEN_NO_BANNER=true \ - CDXGEN_IN_CONTAINER=true - -RUN npm install -g @cyclonedx/cdxgen@${CDXGEN_VERSION} --omit=dev +RUN npm install -g @cyclonedx/cdxgen --omit=dev ENTRYPOINT ["cdxgen"] diff --git a/ci/base-images/cdxgen/Dockerfile.python b/ci/base-images/cdxgen/Dockerfile.python index 384c275a8..1932cbf97 100644 --- a/ci/base-images/cdxgen/Dockerfile.python +++ b/ci/base-images/cdxgen/Dockerfile.python @@ -1,6 +1,6 @@ -FROM ghcr.io/cyclonedx/bci-lang:main +FROM ghcr.io/cyclonedx/bci-lang:master -LABEL maintainer="AppThreat" \ +LABEL maintainer="CycloneDX" \ org.opencontainers.image.authors="Team AppThreat " \ org.opencontainers.image.source="https://github.com/CycloneDX/cdxgen" \ org.opencontainers.image.url="https://github.com/CycloneDX/cdxgen" \ @@ -12,7 +12,6 @@ LABEL maintainer="AppThreat" \ org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python:v10 -r /app --server" ARG NODE_VERSION=22.9.0 -ARG CDXGEN_VERSION=10.10.2 ENV NVM_DIR="/root/.nvm" \ PYTHON_CMD=python3 \ @@ -21,8 +20,6 @@ ENV NVM_DIR="/root/.nvm" \ LC_ALL=en_US.UTF-8 \ LANG=en_US.UTF-8 \ LANGUAGE=en_US.UTF-8 \ - CDXGEN_NO_BANNER=true \ - FETCH_LICENSE=true \ CDXGEN_IN_CONTAINER=true \ SAFE_PIP_INSTALL=true \ PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:${JAVA_HOME}/bin:${MAVEN_HOME}/bin: @@ -32,7 +29,7 @@ RUN source /root/.nvm/nvm.sh \ postgresql-devel postgresql16-server-devel libopenssl-devel libopenblas_pthreads-devel lapacke-devel \ && python3 -m pip install --no-cache-dir --upgrade pip virtualenv \ && python3 -m pip install --no-cache-dir --upgrade --user pipenv poetry blint \ - && npm install -g @cyclonedx/cdxgen@${CDXGEN_VERSION} --omit=dev \ + && npm install -g @cyclonedx/cdxgen --omit=dev \ && zypper clean -a ENTRYPOINT ["cdxgen"] diff --git a/ci/base-images/cdxgen/Dockerfile.python310 b/ci/base-images/cdxgen/Dockerfile.python310 index bb80b5680..565dd6959 100644 --- a/ci/base-images/cdxgen/Dockerfile.python310 +++ b/ci/base-images/cdxgen/Dockerfile.python310 @@ -1,6 +1,6 @@ -FROM ghcr.io/cyclonedx/opensuse-python310:main +FROM ghcr.io/cyclonedx/opensuse-python310:master -LABEL maintainer="AppThreat" \ +LABEL maintainer="CycloneDX" \ org.opencontainers.image.authors="Team AppThreat " \ org.opencontainers.image.source="https://github.com/CycloneDX/cdxgen" \ org.opencontainers.image.url="https://github.com/CycloneDX/cdxgen" \ @@ -11,17 +11,13 @@ LABEL maintainer="AppThreat" \ org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for python 3.10 apps" \ org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python310:v10 -r /app --server" -ARG CDXGEN_VERSION=10.10.2 - -ENV CDXGEN_NO_BANNER=true \ - CDXGEN_IN_CONTAINER=true \ +ENV CDXGEN_IN_CONTAINER=true \ SAFE_PIP_INSTALL=true \ - CRYPTOGRAPHY_DONT_BUILD_RUST=1 \ - FETCH_LICENSE=true + CRYPTOGRAPHY_DONT_BUILD_RUST=1 RUN zypper --non-interactive install --allow-downgrade -l --no-recommends readline-devel clang13 llvm13 llvm13-devel libjpeg62-devel libmariadb-devel \ postgresql16-devel postgresql16-server-devel libopenssl-devel libopenblas_pthreads-devel lapacke-devel graphviz-devel \ - && npm install -g @cyclonedx/cdxgen@${CDXGEN_VERSION} --omit=dev \ + && npm install -g @cyclonedx/cdxgen --omit=dev \ && zypper clean -a ENTRYPOINT ["cdxgen"] diff --git a/ci/base-images/cdxgen/Dockerfile.python311 b/ci/base-images/cdxgen/Dockerfile.python311 index 1e16453d8..c0b62520a 100644 --- a/ci/base-images/cdxgen/Dockerfile.python311 +++ b/ci/base-images/cdxgen/Dockerfile.python311 @@ -1,6 +1,6 @@ -FROM ghcr.io/cyclonedx/bci-python311:main +FROM ghcr.io/cyclonedx/bci-python311:master -LABEL maintainer="AppThreat" \ +LABEL maintainer="CycloneDX" \ org.opencontainers.image.authors="Team AppThreat " \ org.opencontainers.image.source="https://github.com/CycloneDX/cdxgen" \ org.opencontainers.image.url="https://github.com/CycloneDX/cdxgen" \ @@ -12,7 +12,6 @@ LABEL maintainer="AppThreat" \ org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python311:v10 -r /app --server" ARG NODE_VERSION=20.17.0 -ARG CDXGEN_VERSION=10.10.2 ENV NVM_DIR="/root/.nvm" \ PYTHON_CMD=python3 \ @@ -21,8 +20,6 @@ ENV NVM_DIR="/root/.nvm" \ LC_ALL=en_US.UTF-8 \ LANG=en_US.UTF-8 \ LANGUAGE=en_US.UTF-8 \ - CDXGEN_NO_BANNER=true \ - FETCH_LICENSE=true \ CDXGEN_IN_CONTAINER=true \ SAFE_PIP_INSTALL=true \ CRYPTOGRAPHY_DONT_BUILD_RUST=1 \ @@ -31,7 +28,7 @@ ENV NVM_DIR="/root/.nvm" \ RUN source /root/.nvm/nvm.sh \ && zypper --non-interactive install -l --no-recommends clang7 llvm7 llvm7-devel libcurl-devel libjpeg62-devel libmariadb-devel \ postgresql-devel postgresql16-server-devel libopenssl-devel libopenblas_pthreads-devel lapacke-devel graphviz-devel \ - && npm install -g @cyclonedx/cdxgen@${CDXGEN_VERSION} --omit=dev \ + && npm install -g @cyclonedx/cdxgen --omit=dev \ && zypper clean -a ENTRYPOINT ["cdxgen"] diff --git a/ci/base-images/cdxgen/Dockerfile.python36 b/ci/base-images/cdxgen/Dockerfile.python36 index 328602d53..59a110e22 100644 --- a/ci/base-images/cdxgen/Dockerfile.python36 +++ b/ci/base-images/cdxgen/Dockerfile.python36 @@ -1,6 +1,6 @@ -FROM ghcr.io/cyclonedx/bci-python36:main +FROM ghcr.io/cyclonedx/bci-python36:master -LABEL maintainer="AppThreat" \ +LABEL maintainer="CycloneDX" \ org.opencontainers.image.authors="Team AppThreat " \ org.opencontainers.image.source="https://github.com/CycloneDX/cdxgen" \ org.opencontainers.image.url="https://github.com/CycloneDX/cdxgen" \ @@ -12,7 +12,6 @@ LABEL maintainer="AppThreat" \ org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python36:v10 -r /app --server" ARG NODE_VERSION=20.17.0 -ARG CDXGEN_VERSION=10.10.2 ENV NVM_DIR="/root/.nvm" \ PYTHON_CMD=python3 \ @@ -21,8 +20,6 @@ ENV NVM_DIR="/root/.nvm" \ LC_ALL=en_US.UTF-8 \ LANG=en_US.UTF-8 \ LANGUAGE=en_US.UTF-8 \ - CDXGEN_NO_BANNER=true \ - FETCH_LICENSE=true \ CDXGEN_IN_CONTAINER=true \ SAFE_PIP_INSTALL=true \ CRYPTOGRAPHY_DONT_BUILD_RUST=1 \ @@ -31,7 +28,7 @@ ENV NVM_DIR="/root/.nvm" \ RUN source /root/.nvm/nvm.sh \ && zypper --non-interactive install -l --no-recommends clang7 llvm7 llvm7-devel libcurl-devel libjpeg62-devel libmariadb-devel \ postgresql-devel postgresql16-server-devel libopenssl-devel libopenblas_pthreads-devel lapacke-devel \ - && npm install -g @cyclonedx/cdxgen@${CDXGEN_VERSION} --omit=dev \ + && npm install -g @cyclonedx/cdxgen --omit=dev \ && zypper clean -a ENTRYPOINT ["cdxgen"] diff --git a/ci/base-images/cdxgen/Dockerfile.python39 b/ci/base-images/cdxgen/Dockerfile.python39 index daaf8a7ad..4d6c73037 100644 --- a/ci/base-images/cdxgen/Dockerfile.python39 +++ b/ci/base-images/cdxgen/Dockerfile.python39 @@ -1,6 +1,6 @@ -FROM ghcr.io/cyclonedx/opensuse-python39:main +FROM ghcr.io/cyclonedx/opensuse-python39:master -LABEL maintainer="AppThreat" \ +LABEL maintainer="CycloneDX" \ org.opencontainers.image.authors="Team AppThreat " \ org.opencontainers.image.source="https://github.com/CycloneDX/cdxgen" \ org.opencontainers.image.url="https://github.com/CycloneDX/cdxgen" \ @@ -11,17 +11,13 @@ LABEL maintainer="AppThreat" \ org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for python 3.9 apps" \ org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python39:v10 -r /app --server" -ARG CDXGEN_VERSION=10.10.2 - -ENV CDXGEN_NO_BANNER=true \ - CDXGEN_IN_CONTAINER=true \ +ENV CDXGEN_IN_CONTAINER=true \ SAFE_PIP_INSTALL=true \ - CRYPTOGRAPHY_DONT_BUILD_RUST=1 \ - FETCH_LICENSE=true + CRYPTOGRAPHY_DONT_BUILD_RUST=1 RUN zypper --non-interactive install --allow-downgrade -l --no-recommends readline-devel clang13 llvm13 llvm13-devel libjpeg62-devel libmariadb-devel \ postgresql16-devel postgresql16-server-devel libopenssl-devel libopenblas_pthreads-devel lapacke-devel graphviz-devel \ - && npm install -g @cyclonedx/cdxgen@${CDXGEN_VERSION} --omit=dev \ + && npm install -g @cyclonedx/cdxgen --omit=dev \ && zypper clean -a ENTRYPOINT ["cdxgen"] diff --git a/ci/base-images/cdxgen/Dockerfile.rolling b/ci/base-images/cdxgen/Dockerfile.rolling index d1274a442..d27c409d7 100644 --- a/ci/base-images/cdxgen/Dockerfile.rolling +++ b/ci/base-images/cdxgen/Dockerfile.rolling @@ -1,4 +1,4 @@ -FROM ghcr.io/cyclonedx/opensuse-lang:main +FROM ghcr.io/cyclonedx/opensuse-lang:master ENV PREFER_MAVEN_DEPS_TREE=true \ CDXGEN_DEBUG_MODE=debug \ @@ -7,7 +7,7 @@ ENV PREFER_MAVEN_DEPS_TREE=true \ PYTHONPATH=/opt/pypi ENV PATH=${PATH}:/usr/local/bin:/opt/pypi/bin: -LABEL maintainer="AppThreat" \ +LABEL maintainer="CycloneDX" \ org.opencontainers.image.authors="Team AppThreat " \ org.opencontainers.image.source="https://github.com/CycloneDX/cdxgen" \ org.opencontainers.image.url="https://github.com/CycloneDX/cdxgen" \ diff --git a/docs/ADVANCED.md b/docs/ADVANCED.md index af183e61e..4afbfd39b 100644 --- a/docs/ADVANCED.md +++ b/docs/ADVANCED.md @@ -419,15 +419,22 @@ This, however, requires the correct version of dotnet SDK to be installed. The o docker run --rm -v /tmp:/tmp -v $(pwd):/app:rw -it ghcr.io/cyclonedx/cdxgen -r /app -o bom.json -t dotnet ``` -If the project requires a different version of the SDK, such as .Net core 3.1 or dotnet 6.0, then try with the below unofficial [image](https://github.com/AppThreat/base-images) from AppThreat. +If the project requires a different version of the SDK, such as .Net core 3.1 or dotnet 6.0, then try with the below custom [images](https://github.com/CycloneDX/cdxgen/ci/base-images). ```shell -docker run --rm -v /tmp:/tmp -v $(pwd):/app:rw -it ghcr.io/appthreat/cdxgen-dotnet:v10 -r /app -o bom.json -t dotnet +docker run --rm -v /tmp:/tmp -v $(pwd):/app:rw -it ghcr.io/cyclonedx/cdxgen-dotnet:v10 -r /app -o bom.json -t dotnet ``` If the project requires legacy frameworks such as .Net Framework 4.6/4.7, then a Windows operating system or container is required to generate the SBOM correctly. A workaround is to commit the project.assets.json and the lock files to the repository from Windows and run cdxgen from Linux as normal. -For legacy Java projects, use the unofficial image `ghcr.io/appthreat/cdxgen-java:v10` (Java 11) or `ghcr.io/appthreat/cdxgen-java17:v10` (Java 17). +For legacy Java projects, use the custom images `ghcr.io/cyclonedx/cdxgen-java:v10` (Java 11) or `ghcr.io/cyclonedx/cdxgen-java17:v10` (Java 17). Alternatively, use the CLI arguments as shown. + +```shell +cdxgen -t java11 +cdxgen -t java17 +``` + +[sdkman](https://sdkman.io) must be installed and setup for these arguments to work. ## Nydus - next-generation container image diff --git a/lib/cli/index.js b/lib/cli/index.js index b15e76c8f..e91bb911c 100644 --- a/lib/cli/index.js +++ b/lib/cli/index.js @@ -1470,7 +1470,7 @@ export async function createJavaBom(path, options) { ); } else { console.log( - "1. Java version requirement: cdxgen container image bundles Java 23 with maven 3.9 which might be incompatible. Try running cdxgen with the unofficial JDK11-based image `ghcr.io/appthreat/cdxgen-java:v10`.", + "1. Java version requirement: cdxgen container image bundles Java 23 with maven 3.9 which might be incompatible. Try running cdxgen with the custom JDK11-based image `ghcr.io/cyclonedx/cdxgen-java:v10`.", ); } console.log( @@ -5088,7 +5088,7 @@ export async function createCsharpBom(path, options) { "This project requires a specific version of dotnet sdk to be installed. The cdxgen container image bundles dotnet SDK 8.0, which might be incompatible.", ); console.log( - "Try using the unofficial `ghcr.io/appthreat/cdxgen-dotnet6:v10` or `ghcr.io/appthreat/cdxgen-dotnet7:v10` container images.", + "Try using the custom `ghcr.io/cyclonedx/cdxgen-dotnet6:v10` or `ghcr.io/cyclonedx/cdxgen-dotnet7:v10` container images.", ); } else { console.error( @@ -5099,7 +5099,7 @@ export async function createCsharpBom(path, options) { ); if (process.env?.CDXGEN_IN_CONTAINER !== "true") { console.log( - "Alternatively, try using the unofficial `ghcr.io/appthreat/cdxgen-dotnet6:v10` container image, which bundles nuget (mono) and a range of dotnet SDKs.", + "Alternatively, try using the custom `ghcr.io/cyclonedx/cdxgen-dotnet6:v10` container image, which bundles nuget (mono) and a range of dotnet SDKs.", ); } } @@ -5189,7 +5189,7 @@ export async function createCsharpBom(path, options) { "3. If the project uses the legacy .Net Framework 4.6/4.7/4.8, it might require execution on Windows.", ); console.log( - "Alternatively, try using the unofficial `ghcr.io/appthreat/cdxgen-dotnet:v10` container image, which bundles a range of dotnet SDKs.", + "Alternatively, try using the custom `ghcr.io/cyclonedx/cdxgen-dotnet:v10` container image, which bundles a range of dotnet SDKs.", ); options.failOnError && process.exit(1); } diff --git a/lib/helpers/utils.js b/lib/helpers/utils.js index f37aba3fd..a032e4ed3 100644 --- a/lib/helpers/utils.js +++ b/lib/helpers/utils.js @@ -3059,7 +3059,7 @@ export function executeParallelGradleProperties(dir, allProjectsStr) { "1. Check if the correct version of java and gradle are installed and available in PATH. For example, some project might require Java 11 with gradle 7.\n cdxgen container image bundles Java 23 with gradle 8 which might be incompatible.", ); console.log( - "2. Try running cdxgen with the unofficial JDK11-based image `ghcr.io/appthreat/cdxgen-java:v10`.", + "2. Try running cdxgen with the custom JDK11-based image `ghcr.io/cyclonedx/cdxgen-java:v10`.", ); if (result.stderr?.includes("not get unknown property")) { console.log( @@ -10859,7 +10859,7 @@ export function getPipFrozenTree( "1. Try invoking cdxgen with a specific python version type. Example: `-t python36` or `-t python39`", ); console.log( - "2. Alternatively, try using the unofficial `ghcr.io/appthreat/cdxgen-python39:v10` or `ghcr.io/appthreat/cdxgen-python311:v10` container images, which bundles a range of build tools and development libraries.", + "2. Alternatively, try using the custom container images `ghcr.io/cyclonedx/cdxgen-python39:v10` or `ghcr.io/cyclonedx/cdxgen-python311:v10`, which bundles a range of build tools and development libraries.", ); } else if ( process.env?.PIP_INSTALL_ARGS?.includes("--python-version") diff --git a/types/lib/cli/index.d.ts.map b/types/lib/cli/index.d.ts.map index 8dcff0e6e..e7125267c 100644 --- a/types/lib/cli/index.d.ts.map +++ b/types/lib/cli/index.d.ts.map @@ -1 +1 @@ -{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/cli/index.js"],"names":[],"mappings":"AA0wBA;;;;;;;;GAQG;AACH,gFAFW,MAAM,SAchB;AAyUD;;;;;;;GAOG;AACH,mCALW,MAAM,qBAiEhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;EAKhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM;;;;EAkBhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BA04BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA2chB;AAED;;;;;;;;;;GAUG;AACH,+DAyEC;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA6bhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BA6YhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAqIhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAiDhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBA+KhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBAsHhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,qBAuBhB;AAED;;;;;GAKG;AACH,oEAkDC;AAED;;;;;GAKG;AACH,uCAHW,MAAM,8BA4ChB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,8BAwFhB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,qBAiUhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBAwJhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAmFhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA6XhB;AAED;;;;;GAKG;AACH,2CAHW,MAAM;;;;;;;;;;;;;;;;;;;;GAoChB;AAED;;;;;;;;KA+DC;AAED;;;;;;GAMG;AACH,yDA2CC;AAED;;;;;;;;;GASG;AACH,2GA6BC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,EAAE,8BAmclB;AAED;;;;;GAKG;AACH,iCAHW,MAAM,8BAiUhB;AAED;;;;;GAKG;AACH,gCAHW,MAAM,qBAsOhB;AAED;;;;;;GAMG;AACH,wDAFY,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,GAAG,SAAS,CAAC,CAwHxE"} \ No newline at end of file +{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/cli/index.js"],"names":[],"mappings":"AA0wBA;;;;;;;;GAQG;AACH,gFAFW,MAAM,SAchB;AAyUD;;;;;;;GAOG;AACH,mCALW,MAAM,qBAiEhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;EAKhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM;;;;EAkBhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BA04BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA2chB;AAED;;;;;;;;;;GAUG;AACH,+DAyEC;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA6bhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BA6YhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAqIhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAiDhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBA+KhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBAsHhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,qBAuBhB;AAED;;;;;GAKG;AACH,oEAkDC;AAED;;;;;GAKG;AACH,uCAHW,MAAM,8BA4ChB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,8BAwFhB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,qBAiUhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBAwJhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAmFhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA6XhB;AAED;;;;;GAKG;AACH,2CAHW,MAAM;;;;;;;;;;;;;;;;;;;;GAoChB;AAED;;;;;;;;KA+DC;AAED;;;;;;GAMG;AACH,yDAuCC;AAED;;;;;;;;;GASG;AACH,2GA6BC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,EAAE,8BAmclB;AAED;;;;;GAKG;AACH,iCAHW,MAAM,8BAiUhB;AAED;;;;;GAKG;AACH,gCAHW,MAAM,qBAsOhB;AAED;;;;;;GAMG;AACH,wDAFY,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,GAAG,SAAS,CAAC,CAwHxE"} \ No newline at end of file