登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
开源项目 > DevOps/运维/网管 > DevOps工具 &&
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
14 Star 127 Fork 35

GVP京东开源 / sbom-tool

代码 Issues 1 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
generate_command.go 6.31 KB
一键复制 编辑 原始数据 按行查看 历史
jdtdevops 提交于 2024-01-22 15:42 . fix: typo
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144
// Copyright (c) 2023 Jingdong Technology Information Technology Co., Ltd.

// SBOM-TOOL is licensed under Mulan PSL v2.

// You can use this software according to the terms and conditions of the Mulan PSL v2.

// You may obtain a copy of Mulan PSL v2 at:

//          http://license.coscl.org.cn/MulanPSL2

// THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,

// EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,

// MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.

// See the Mulan PSL v2 for more details.



package subcmds



import (

	"fmt"

	"os"

	"path/filepath"

	"strings"



	"github.com/spf13/cobra"



	"gitee.com/JD-opensource/sbom-tool/pkg/config"

	"gitee.com/JD-opensource/sbom-tool/pkg/inventory/sbom"

	"gitee.com/JD-opensource/sbom-tool/pkg/spec"

	"gitee.com/JD-opensource/sbom-tool/pkg/util/log"

)



var (

	// generateConfig is the config for generate command

	generateConfig = &config.GenerateConfig{Parallelism: config.DefaultParallelism}

	// generateCmd represents the generate command

	generateCmd = &cobra.Command{

		Use:   "generate",

		Short: "generate sbom document",

		Long:  "",

		Run:   runGenerateCmd,

		Example: config.APPNAME +

			" generate -m 4 -p /path/to/project -s /path/to/source -d /path/to/dist " +

			" -l java -o sbom.spdx.json -f spdx-json --ignore-dirs .git  " +

			" -n app -v 1.0 -u company -b https://example.com/sbom/xxx",

		PreRun: func(cmd *cobra.Command, args []string) {

			// set parallelism

			generateConfig.SourceConfig.Parallelism = generateConfig.Parallelism

			generateConfig.PackageConfig.Parallelism = generateConfig.Parallelism

			generateConfig.ArtifactConfig.Parallelism = generateConfig.Parallelism

			generateConfig.SourceConfig.Path = generateConfig.Path

			generateConfig.PackageConfig.Path = generateConfig.Path

			// init ignore dirs

			generateConfig.SourceConfig.InitIgnoreDirs()

			generateConfig.PackageConfig.InitIgnoreDirs()

			generateConfig.ArtifactConfig.InitIgnoreDirs()

		},

	}

)



// runGenerateCmd is the entry of generate command

func runGenerateCmd(_ *cobra.Command, _ []string) {

	format := spec.GetFormat(generateConfig.Format)

	if format == nil {

		log.Warnf("supported formats:", strings.Join(spec.AllFormatNames(), ","))

		log.Fatalf("format not supported! %s\n", generateConfig.Format)

	}

	if len(generateConfig.Path) == 0 && len(generateConfig.SrcPath) == 0 {

		log.Fatalf("project root and source path is blank")

	}

	if len(generateConfig.Path) == 0 {

		log.Warnf("project root is blank, use source path: %s", sourceConfig.SrcPath)

		sourceConfig.Path = sourceConfig.SrcPath

	}

	if len(generateConfig.SrcPath) == 0 {

		log.Warnf("source path is blank, use project root: %s", sourceConfig.Path)

		sourceConfig.SrcPath = sourceConfig.Path

	}

	if len(generateConfig.DistPath) == 0 {

		log.Fatalf("distribution path is blank")

	}

	_, err := os.Stat(generateConfig.DistPath)

	if err != nil {

		log.Fatalf("distribution path is invalid")

	}

	log.Quietf("generating sbom(%s): %s", generateConfig.Format, generateConfig.Path)

	newSBOM, err := sbom.GenerateSBOM(generateConfig)

	if err != nil {

		log.Fatalf("generate sbom error: %s", err.Error())

	}

	// convert to target format from inner model

	format.Spec().FromModel(newSBOM)



	output := generateConfig.Output

	if len(output) == 0 {

		output = fmt.Sprintf("sbom-%s.%s", format.Spec().Name(), format.Type())

	}

	output, _ = filepath.Abs(output)

	file, err := os.Create(output)

	if err != nil {

		log.Fatalf("create file error: %s\n", output)

	}

	defer func(file *os.File) {

		_ = file.Close()

	}(file)

	log.Quietf("writing to file: %s", output)

	err = format.Dump(file)

	if err != nil {

		log.Fatalf("save file error: %s\n", err.Error())

	}

	log.Quietf("finish")

}



func init() {

	// add flags for generate command

	generateCmd.PersistentFlags().IntVarP(&generateConfig.Parallelism, "parallelism", "m", config.DefaultParallelism,

		"number of parallelism")

	generateCmd.PersistentFlags().StringVarP(&generateConfig.SrcPath, "src", "s", ".",

		"project source directory(use project root if empty)")

	generateCmd.PersistentFlags().StringVarP(&generateConfig.Language, "language", "l", "*",

		"specify language(sample: java,cpp)")

	generateCmd.PersistentFlags().StringVarP(&generateConfig.Collectors, "collectors", "c", "*", "enable package collectors")

	generateCmd.PersistentFlags().StringVarP(&generateConfig.SkipPhases, "skip", "", "", "skip some phases.(one of source|package|artifact)")

	generateCmd.PersistentFlags().StringVar(&generateConfig.SourceConfig.IgnoreDirs, "ignore-src", "",

		"dirs to ignore for source, skip all dot dirs, split by comma. sample: node_modules,logs")

	generateCmd.PersistentFlags().StringVar(&generateConfig.PackageConfig.IgnoreDirs, "ignore-pkg", "",

		"dirs to ignore for package, skip all dot dirs, split by comma. sample: node_modules,logs")

	generateCmd.PersistentFlags().StringVar(&generateConfig.ArtifactConfig.IgnoreDirs, "ignore-dist", "",

		"dirs to ignore for dist, skip all dot dirs, split by comma. sample: node_modules,logs")

	generateCmd.PersistentFlags().StringVarP(&generateConfig.DistPath, "dist", "d", "./dist", "distribution directory")

	generateCmd.PersistentFlags().StringVarP(&generateConfig.PackageName, "name", "n", "", "package name of artifact")

	generateCmd.PersistentFlags().StringVarP(&generateConfig.PackageVersion, "version", "v", "",

		"package version of artifact")

	generateCmd.PersistentFlags().StringVarP(&generateConfig.PackageSupplier, "supplier", "u", "",

		"package supplier of artifact")

	generateCmd.PersistentFlags().StringVarP(&generateConfig.NamespaceURI, "namespace", "b", "",

		"document namespace base uri")

	generateCmd.PersistentFlags().StringVarP(&generateConfig.Path, "path", "p", ".", "project root path")

	generateCmd.PersistentFlags().StringVarP(&generateConfig.Format, "format", "f", "spdx-json", "sbom document format")

	generateCmd.PersistentFlags().StringVarP(&generateConfig.Output, "output", "o", "", "output sbom file")



	generateCmd.PersistentFlags().BoolVarP(&generateConfig.ExtractFiles, "extract", "x", false, "extract files(only for a single zip,rpm,deb file)")



	_ = generateCmd.MarkPersistentFlagRequired("path")

	_ = generateCmd.MarkPersistentFlagRequired("dist")

	_ = generateCmd.MarkPersistentFlagRequired("name")

	_ = generateCmd.MarkPersistentFlagRequired("version")

	_ = generateCmd.MarkPersistentFlagRequired("supplier")

	_ = generateCmd.MarkPersistentFlagRequired("namespace")

}
Go
1
https://gitee.com/JD-opensource/sbom-tool.git
git@gitee.com:JD-opensource/sbom-tool.git
JD-opensource
sbom-tool
sbom-tool
v0.1.0
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部
53164aa7 5694891 3bd8fe86 5694891