From 7d14de2ca4f7ed7f23762505bee2a4b23a31f897 Mon Sep 17 00:00:00 2001 From: prabhu Date: Wed, 13 Nov 2024 17:32:38 +0000 Subject: [PATCH] Annotations text for saasbom and cdxa (#1452) * Annotations text for saasbom and cdxa Signed-off-by: Prabhu Subramanian --------- Signed-off-by: Prabhu Subramanian --- data/component-tags.json | 11 ++++++--- lib/stages/postgen/annotator.js | 25 +++++++++++++++++++++ types/lib/stages/postgen/annotator.d.ts.map | 2 +- 3 files changed, 34 insertions(+), 4 deletions(-) diff --git a/data/component-tags.json b/data/component-tags.json index 5201ef580..8a10b9bb4 100644 --- a/data/component-tags.json +++ b/data/component-tags.json @@ -21,7 +21,6 @@ "socket", "proto", "resource", - "data", "sensitive", "template", "log", @@ -150,7 +149,6 @@ "encrypt", "decrypt", "registry", - "maps", "payment", "stripe", "apple-pay", @@ -232,6 +230,13 @@ ] }, "name": { + "sbom": [ + { "test": ["(junit|xmlunit|testng|chai|mocha|jest)"] }, + { "security": ["(boringssl|openssl|libressl|gnutls|jose|keyutils)"] }, + { "native": ["(ffi|native)"] }, + { "parse": ["(parser)"] }, + { "transform": ["(transformer)"] } + ], "obom": [ { "devel": [ @@ -248,7 +253,7 @@ { "kernel": ["^(linux|kernel|os-image)"] }, { "security": [ - "(selinux|apparmor|security|openssl|libressl|gnutls|jose|keyutils|passwd)" + "(selinux|apparmor|security|boringssl|openssl|libressl|gnutls|jose|keyutils|passwd)" ] }, { diff --git a/lib/stages/postgen/annotator.js b/lib/stages/postgen/annotator.js index 66e414eb5..15aaac908 100644 --- a/lib/stages/postgen/annotator.js +++ b/lib/stages/postgen/annotator.js @@ -70,6 +70,12 @@ export function findBomType(bomJson) { } else if (dataCount > 0) { bomType = "ML-BOM"; description = "Machine-Learning Bill-of-Materials (ML-BOM)"; + } else if (bomJson?.services?.length > 0) { + bomType = "SaaSBOM"; + description = "Software-as-a-Service BOM (SaaSBOM)"; + } else if (bomJson.declarations?.attestations?.length > 0) { + bomType = "CDXA"; + description = "CycloneDX Attestations (CDXA)"; } return { bomType, @@ -137,6 +143,16 @@ export function textualMetadata(bomJson) { let versionType = "version"; if (parentVersion.includes(" ") || parentVersion.includes("(")) { versionType = "the build name"; + } else if ( + parentVersion.toLowerCase().includes("dev") || + parentVersion.toLowerCase().includes("snapshot") + ) { + versionType = "the dev version"; + } else if ( + parentVersion.toLowerCase().includes("release") || + parentVersion.toLowerCase().includes("final") + ) { + versionType = "the release version"; } text = `${text} The document describes ${toArticle(metadata.component.type)} ${cleanTypeName} named '${cleanNames(metadata.component.name)}' with ${versionType} '${parentVersion}'.`; } else { @@ -220,6 +236,15 @@ export function textualMetadata(bomJson) { text = `${text} In addition, there are ${swidCount} applications installed on the system.`; } } + if (bomType === "SaaSBOM") { + text = `${text} ${bomJson.services.length} are described in this ${bomType} under services.`; + } + if (bomType === "CDXA") { + text = `${text} ${bomJson.declarations.attestations.length} attestations are found under declarations.`; + } + if (bomJson?.formulation?.length > 0) { + text = `${text} Further, there is a formulation section with components, workflows and steps for reproducibility.`; + } return text; } diff --git a/types/lib/stages/postgen/annotator.d.ts.map b/types/lib/stages/postgen/annotator.d.ts.map index 940562358..7fb7868cc 100644 --- a/types/lib/stages/postgen/annotator.d.ts.map +++ b/types/lib/stages/postgen/annotator.d.ts.map @@ -1 +1 @@ -{"version":3,"file":"annotator.d.ts","sourceRoot":"","sources":["../../../../lib/stages/postgen/annotator.js"],"names":[],"mappings":"AA0CA;;;;;;GAMG;AACH,kDA4BC;AAED;;;;;;GAMG;AACH,+CAFa,SAAS,SAAS,CA2I9B;AAED;;;;;;GAMG;AACH,+DAFa,QAAQ,SAAS,CAiE7B"} \ No newline at end of file +{"version":3,"file":"annotator.d.ts","sourceRoot":"","sources":["../../../../lib/stages/postgen/annotator.js"],"names":[],"mappings":"AA0CA;;;;;;GAMG;AACH,kDAkCC;AAED;;;;;;GAMG;AACH,+CAFa,SAAS,SAAS,CA8J9B;AAED;;;;;;GAMG;AACH,+DAFa,QAAQ,SAAS,CAiE7B"} \ No newline at end of file