Annotations text for saasbom and cdxa (#1452)

* Annotations text for saasbom and cdxa Signed-off-by: Prabhu Subramanian <[email protected]> --------- Signed-off-by: Prabhu Subramanian <[email protected]>
CycloneDX · Nov 13, 2024 · 7d14de2 · 7d14de2
1 parent a45feac
commit 7d14de2
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 4 deletions.
diff --git a/data/component-tags.json b/data/component-tags.json
@@ -21,7 +21,6 @@
       "socket",
       "proto",
       "resource",
-      "data",
       "sensitive",
       "template",
       "log",
@@ -150,7 +149,6 @@
       "encrypt",
       "decrypt",
       "registry",
-      "maps",
       "payment",
       "stripe",
       "apple-pay",
@@ -232,6 +230,13 @@
     ]
   },
   "name": {
+    "sbom": [
+      { "test": ["(junit|xmlunit|testng|chai|mocha|jest)"] },
+      { "security": ["(boringssl|openssl|libressl|gnutls|jose|keyutils)"] },
+      { "native": ["(ffi|native)"] },
+      { "parse": ["(parser)"] },
+      { "transform": ["(transformer)"] }
+    ],
     "obom": [
       {
         "devel": [
@@ -248,7 +253,7 @@
       { "kernel": ["^(linux|kernel|os-image)"] },
       {
         "security": [
-          "(selinux|apparmor|security|openssl|libressl|gnutls|jose|keyutils|passwd)"
+          "(selinux|apparmor|security|boringssl|openssl|libressl|gnutls|jose|keyutils|passwd)"
         ]
       },
       {

diff --git a/lib/stages/postgen/annotator.js b/lib/stages/postgen/annotator.js
@@ -70,6 +70,12 @@ export function findBomType(bomJson) {
   } else if (dataCount > 0) {
     bomType = "ML-BOM";
     description = "Machine-Learning Bill-of-Materials (ML-BOM)";
+  } else if (bomJson?.services?.length > 0) {
+    bomType = "SaaSBOM";
+    description = "Software-as-a-Service BOM (SaaSBOM)";
+  } else if (bomJson.declarations?.attestations?.length > 0) {
+    bomType = "CDXA";
+    description = "CycloneDX Attestations (CDXA)";
   }
   return {
     bomType,
@@ -137,6 +143,16 @@ export function textualMetadata(bomJson) {
       let versionType = "version";
       if (parentVersion.includes(" ") || parentVersion.includes("(")) {
         versionType = "the build name";
+      } else if (
+        parentVersion.toLowerCase().includes("dev") ||
+        parentVersion.toLowerCase().includes("snapshot")
+      ) {
+        versionType = "the dev version";
+      } else if (
+        parentVersion.toLowerCase().includes("release") ||
+        parentVersion.toLowerCase().includes("final")
+      ) {
+        versionType = "the release version";
       }
       text = `${text} The document describes ${toArticle(metadata.component.type)} ${cleanTypeName} named '${cleanNames(metadata.component.name)}' with ${versionType} '${parentVersion}'.`;
     } else {
@@ -220,6 +236,15 @@ export function textualMetadata(bomJson) {
       text = `${text} In addition, there are ${swidCount} applications installed on the system.`;
     }
   }
+  if (bomType === "SaaSBOM") {
+    text = `${text} ${bomJson.services.length} are described in this ${bomType} under services.`;
+  }
+  if (bomType === "CDXA") {
+    text = `${text} ${bomJson.declarations.attestations.length} attestations are found under declarations.`;
+  }
+  if (bomJson?.formulation?.length > 0) {
+    text = `${text} Further, there is a formulation section with components, workflows and steps for reproducibility.`;
+  }
   return text;
 }
 

diff --git a/types/lib/stages/postgen/annotator.d.ts.map b/types/lib/stages/postgen/annotator.d.ts.map