Skip to content

Commit

Permalink
chore(workflows): add standalone SBOM diffing script for local testing
Browse files Browse the repository at this point in the history
  • Loading branch information
ThorbenLindhauer committed Sep 29, 2023
1 parent 0bc9a6d commit 583276c
Show file tree
Hide file tree
Showing 3 changed files with 63 additions and 0 deletions.
1 change: 1 addition & 0 deletions common/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
sbom-workspace
12 changes: 12 additions & 0 deletions common/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,3 +13,15 @@ git push ...
```

Make sure to commit and push the changes to the `dist` directory to the repository.

# How to test

Run `npm run test` to run the unit tests

# How to try SBOM diffing

1. Generate two SBOMs that you want to compare
1. For example, use `mvn org.cyclonedx:cyclonedx-maven-plugin:2.7.9:makeAggregateBom` to generate an SBOM for a maven (multi-module) project
1. Run `npm run diff-sboms <path to base SBOM> <path to comparing SBOM> <output file path>` to generate an SBOM diff
1. Hint: The `sbom-workspace` subdirectory is in `.gitignore`, so you can put files there
1. In Visual Studio Code, you can run the script from the Javascript Debugger Console to attach a debugger and put breakpoints in the business logic
50 changes: 50 additions & 0 deletions common/diff-sboms-standalone.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
const diffSBOMs = require('./src/sbom-diff/differ.js');
const formatTemplate = require('./src/sbom-diff/format-handlebars-template.js');
const fs = require('fs');

const readFile = function(path) {
return fs.readFileSync(path, 'utf8')
}

const writeFile = function(path, content) {
fs.writeFileSync(path, content); // default encoding is utf8
}

var args = process.argv.slice(2); // first two arguments are the executable and the JS file

if (args.length != 3) {
throw new Error('Requires three arguments: <path to base SBOM> <path to comparing SBOM> <path to output file>');
}

const baseSbomPath = args[0];
const headSbomPath = args[1];
const outPath = args[2];

const baseSbom = readFile(baseSbomPath);
const headSbom = readFile(headSbomPath);

const licenseList = readFile('../java-dependency-check/licenses.json');

const commentTemplate = readFile('../java-dependency-check/diff.hbs');

const partialPaths = [
'componentDetails:../java-dependency-check/component-details.hbs',
'componentDiff:../java-dependency-check/component-diff.hbs',
'componentTree:../java-dependency-check/component-tree.hbs',
'componentVersion:../java-dependency-check/component-version.hbs'
];

const partials = partialPaths.reduce(
(result, input) => {
[ partialId, partialPath ] = input.split(':');
result[partialId.trim()] = readFile(partialPath.trim());
return result;
},
{}
);

diffSBOMs(baseSbom, headSbom, '^org\\.camunda', licenseList)
.then(rootComponentDiff => formatTemplate(rootComponentDiff, commentTemplate, partials)
.then(diff => writeFile(outPath, diff.fullDiff)));


0 comments on commit 583276c

Please sign in to comment.