GithubHelp home page GithubHelp logo

cyclonedx / gh-dotnet-generate-sbom Goto Github PK

View Code? Open in Web Editor NEW
8.0 4.0 4.0 46 KB

GitHub action to generate a CycloneDX SBOM for .NET

License: Apache License 2.0

JavaScript 100.00%
sbom bom bill-of-materials software-bill-of-materials cyclonedx github-action dotnet owasp sbom-generator

gh-dotnet-generate-sbom's Introduction

Website Slack Invite Group Discussion Twitter

GitHub action to generate a CycloneDX SBOM for .NET

Inputs

path

Required The path to a .sln, .csproj, .vbproj, or packages.config file or the path to a directory which will be recursively analyzed for packages.config files.

Be sure to quote paths with spaces.

out

Output directory, default is "./"

Be sure to quote paths with spaces.

json

Produce a JSON BOM instead of XML, set to any value instead of false.

github-bearer-token

Optionally provide the GitHub action bearer token for license resolution (example below).

Example usage

- name: Generate XML SBOM
  uses: CycloneDX/gh-dotnet-generate-sbom@v1
  with:
    path: ./CycloneDX.sln
    github-bearer-token: ${{ secrets.GITHUB_TOKEN }}

- name: Generate JSON SBOM
  uses: CycloneDX/gh-dotnet-generate-sbom@master
  with:
    path: ./CycloneDX.sln
    json: true
    github-bearer-token: ${{ secrets.GITHUB_TOKEN }}

gh-dotnet-generate-sbom's People

Contributors

coderpatros avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

samad-ssa lakshmikiranreddy visakhunnikrishnan alec-malcolm

gh-dotnet-generate-sbom's Issues

Use of deprecated node versions

This action is still using node node12. When I use it, I get a warning of a deprecated node version. Could this be updated to the latest Node version?

Incorrect BOM results

Summary

In my PANSearcher repository, I have couple of Nuget dependencies but the result is totally different and incorrect.

Expected result

No PANHunter reference should be there. Nuget packages might be listed.

Evidence

bom.xml

<?xml version="1.0" encoding="utf-8"?>
<bom xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" serialNumber="urn:uuid:27c79928-b624-4285-9f12-cb6da3b60fc2" version="1" xmlns="http://cyclonedx.org/schema/bom/1.3">
	<metadata>
		<tools>
			<tool>
				<vendor>CycloneDX</vendor>
				<name>CycloneDX module for .NET</name>
				<version>2.3.0.0</version>
			</tool>
		</tools>
		<component type="application" bom-ref="[email protected]">
			<name>PANHunter</name>
			<version>0.0.0</version>
		</component>
	</metadata>
	<components />
	<dependencies>
		<dependency ref="[email protected]" />
	</dependencies>
</bom>

bom.json

{
  "bomFormat": "CycloneDX",
  "specVersion": "1.3",
  "serialNumber": "urn:uuid:d7696838-a4c7-4a42-8e6a-d9a92c9ef88d",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "vendor": "CycloneDX",
        "name": "CycloneDX module for .NET",
        "version": "2.3.0.0"
      }
    ],
    "component": {
      "type": "application",
      "bom-ref": "[email protected]",
      "name": "PANHunter",
      "version": "0.0.0"
    }
  },
  "components": [],
  "dependencies": [
    {
      "ref": "[email protected]",
      "dependsOn": []
    }
  ]
}

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.