From 506e83b32d98678b99372ea6e3dfd43202418f3b Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Thu, 16 Jan 2025 13:37:58 +0000 Subject: [PATCH 1/5] Adds dosai full binary to all dotnet 6-8 images Signed-off-by: Prabhu Subramanian --- ci/base-images/README.md | 10 ++++---- ci/base-images/cdxgen/Dockerfile.dotnet6 | 23 +++++++++++++++-- ci/base-images/cdxgen/Dockerfile.dotnet7 | 23 +++++++++++++++-- ci/base-images/cdxgen/Dockerfile.dotnet8 | 23 +++++++++++++++-- .../cdxgen/debian/Dockerfile.dotnet6 | 23 +++++++++++++++-- .../cdxgen/debian/Dockerfile.dotnet8 | 23 +++++++++++++++-- ci/base-images/debian/Dockerfile.dotnet6 | 3 --- ci/base-images/debian/Dockerfile.dotnet8 | 3 --- ci/base-images/debian/Dockerfile.dotnet9 | 3 --- ci/base-images/debian/Dockerfile.ruby18 | 5 +--- ci/base-images/debian/Dockerfile.ruby26 | 3 --- ci/base-images/debian/Dockerfile.ruby33 | 3 --- ci/base-images/debian/Dockerfile.ruby34 | 3 --- ci/base-images/debian/install.sh | 2 -- lib/managers/binary.js | 25 +++++++------------ types/lib/managers/binary.d.ts.map | 2 +- 16 files changed, 121 insertions(+), 56 deletions(-) diff --git a/ci/base-images/README.md b/ci/base-images/README.md index cb11f7db0..e5f3ef5ba 100644 --- a/ci/base-images/README.md +++ b/ci/base-images/README.md @@ -12,11 +12,11 @@ Below table summarizes all available container image versions. These images incl | Java | 23 | ghcr.io/cyclonedx/cdxgen-deno:master | Default all-in-one container image with all the latest and greatest tools with deno runtime. | | Java | 11 | ghcr.io/cyclonedx/cdxgen-java11-slim:v11, ghcr.io/cyclonedx/cdxgen-java11:v11 | Java 11 version with and without Android 33 SDK. | | Java | 17 | ghcr.io/cyclonedx/cdxgen-java17-slim:v11, ghcr.io/cyclonedx/cdxgen-java17:v11 | Java 17 version with and without Android 34 SDK. | -| Dotnet | .Net Framework 4.6 - 4.8 | ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11, ghcr.io/cyclonedx/cdxgen-dotnet6:v11 | .Net Framework. --deep mode unsupported. | -| Dotnet | .Net Core 3.1 | ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11, ghcr.io/cyclonedx/cdxgen-dotnet6:v11 | .Net Core 3.1. --deep mode unsupported. | -| Dotnet | .Net 6 | ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11, ghcr.io/cyclonedx/cdxgen-dotnet6:v11 | .Net 6. --deep mode unsupported. | -| Dotnet | .Net 7 | ghcr.io/cyclonedx/cdxgen-dotnet7:v11 | .Net 7. --deep mode unsupported. | -| Dotnet | .Net 8 | ghcr.io/cyclonedx/cdxgen-debian-dotnet8:v11, ghcr.io/cyclonedx/cdxgen-dotnet8:v11 | .Net 8. --deep mode unsupported. | +| Dotnet | .Net Framework 4.6 - 4.8 | ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11, ghcr.io/cyclonedx/cdxgen-dotnet6:v11 | .Net Framework | +| Dotnet | .Net Core 3.1 | ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11, ghcr.io/cyclonedx/cdxgen-dotnet6:v11 | .Net Core 3.1 | +| Dotnet | .Net 6 | ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11, ghcr.io/cyclonedx/cdxgen-dotnet6:v11 | .Net 6 | +| Dotnet | .Net 7 | ghcr.io/cyclonedx/cdxgen-dotnet7:v11 | .Net 7 | +| Dotnet | .Net 8 | ghcr.io/cyclonedx/cdxgen-debian-dotnet8:v11, ghcr.io/cyclonedx/cdxgen-dotnet8:v11 | .Net 8 | | Dotnet | .Net 9 | ghcr.io/cyclonedx/cdxgen-debian-dotnet9:v11, ghcr.io/cyclonedx/cdxgen-dotnet9:v11 | .Net 9 | | Python | 3.6 | ghcr.io/cyclonedx/cdxgen-python36:v11 | No dependency tree | | Python | 3.9 | ghcr.io/cyclonedx/cdxgen-python39:v11 | | diff --git a/ci/base-images/cdxgen/Dockerfile.dotnet6 b/ci/base-images/cdxgen/Dockerfile.dotnet6 index 8b43ed2ed..6c16fd95e 100644 --- a/ci/base-images/cdxgen/Dockerfile.dotnet6 +++ b/ci/base-images/cdxgen/Dockerfile.dotnet6 @@ -13,12 +13,31 @@ LABEL maintainer="CycloneDX" \ ENV CDXGEN_IN_CONTAINER=true \ NODE_COMPILE_CACHE="/opt/cdxgen-node-cache" \ - PYTHONPATH=/opt/pypi + PYTHONPATH=/opt/pypi \ + DOSAI_CMD=/usr/local/bin/dosai ENV PATH=${PATH}:/usr/local/bin:/opt/pypi/bin:/opt/cdxgen/node_modules/.bin: COPY . /opt/cdxgen -RUN cd /opt/cdxgen && corepack enable && corepack pnpm install --prod --package-import-method copy && corepack pnpm cache delete \ +RUN set -e; \ + ARCH_NAME="$(rpm --eval '%{_arch}')"; \ + url=; \ + case "${ARCH_NAME##*-}" in \ + 'x86_64') \ + DOSAI_ARCH_SUFFIX='-full'; \ + ;; \ + 'arm64') \ + DOSAI_ARCH_SUFFIX='-linux-arm64-full'; \ + ;; \ + 'aarch64') \ + DOSAI_ARCH_SUFFIX='-linux-arm64-full'; \ + ;; \ + *) echo >&2 "error: unsupported architecture: '$ARCH_NAME'"; exit 1 ;; \ + esac \ + && cd /opt/cdxgen && corepack enable && corepack pnpm install --prod --package-import-method copy && corepack pnpm cache delete \ + && curl -L https://github.com/owasp-dep-scan/dosai/releases/latest/download/Dosai${DOSAI_ARCH_SUFFIX} -o /usr/local/bin/dosai \ + && chmod +x /usr/local/bin/dosai \ + && dosai --help \ && mkdir -p /opt/cdxgen-node-cache \ && node /opt/cdxgen/bin/cdxgen.js --help \ && pip install --upgrade --no-cache-dir blint atom-tools --target /opt/pypi \ diff --git a/ci/base-images/cdxgen/Dockerfile.dotnet7 b/ci/base-images/cdxgen/Dockerfile.dotnet7 index ca3223f7c..7970cbe81 100644 --- a/ci/base-images/cdxgen/Dockerfile.dotnet7 +++ b/ci/base-images/cdxgen/Dockerfile.dotnet7 @@ -13,12 +13,31 @@ LABEL maintainer="CycloneDX" \ ENV CDXGEN_IN_CONTAINER=true \ NODE_COMPILE_CACHE="/opt/cdxgen-node-cache" \ - PYTHONPATH=/opt/pypi + PYTHONPATH=/opt/pypi \ + DOSAI_CMD=/usr/local/bin/dosai ENV PATH=${PATH}:/usr/local/bin:/opt/pypi/bin:/opt/cdxgen/node_modules/.bin: COPY . /opt/cdxgen -RUN cd /opt/cdxgen && corepack enable && corepack pnpm install --prod --package-import-method copy && corepack pnpm cache delete \ +RUN set -e; \ + ARCH_NAME="$(rpm --eval '%{_arch}')"; \ + url=; \ + case "${ARCH_NAME##*-}" in \ + 'x86_64') \ + DOSAI_ARCH_SUFFIX='-full'; \ + ;; \ + 'arm64') \ + DOSAI_ARCH_SUFFIX='-linux-arm64-full'; \ + ;; \ + 'aarch64') \ + DOSAI_ARCH_SUFFIX='-linux-arm64-full'; \ + ;; \ + *) echo >&2 "error: unsupported architecture: '$ARCH_NAME'"; exit 1 ;; \ + esac \ + && cd /opt/cdxgen && corepack enable && corepack pnpm install --prod --package-import-method copy && corepack pnpm cache delete \ + && curl -L https://github.com/owasp-dep-scan/dosai/releases/latest/download/Dosai${DOSAI_ARCH_SUFFIX} -o /usr/local/bin/dosai \ + && chmod +x /usr/local/bin/dosai \ + && dosai --help \ && mkdir -p /opt/cdxgen-node-cache \ && node /opt/cdxgen/bin/cdxgen.js --help \ && pip install --upgrade --no-cache-dir blint atom-tools --target /opt/pypi \ diff --git a/ci/base-images/cdxgen/Dockerfile.dotnet8 b/ci/base-images/cdxgen/Dockerfile.dotnet8 index 38009298a..d590c22e5 100644 --- a/ci/base-images/cdxgen/Dockerfile.dotnet8 +++ b/ci/base-images/cdxgen/Dockerfile.dotnet8 @@ -13,12 +13,31 @@ LABEL maintainer="CycloneDX" \ ENV CDXGEN_IN_CONTAINER=true \ NODE_COMPILE_CACHE="/opt/cdxgen-node-cache" \ - PYTHONPATH=/opt/pypi + PYTHONPATH=/opt/pypi \ + DOSAI_CMD=/usr/local/bin/dosai ENV PATH=${PATH}:/usr/local/bin:/opt/pypi/bin:/opt/cdxgen/node_modules/.bin: COPY . /opt/cdxgen -RUN cd /opt/cdxgen && corepack enable && corepack pnpm install --prod --package-import-method copy && corepack pnpm cache delete \ +RUN set -e; \ + ARCH_NAME="$(rpm --eval '%{_arch}')"; \ + url=; \ + case "${ARCH_NAME##*-}" in \ + 'x86_64') \ + DOSAI_ARCH_SUFFIX='-full'; \ + ;; \ + 'arm64') \ + DOSAI_ARCH_SUFFIX='-linux-arm64-full'; \ + ;; \ + 'aarch64') \ + DOSAI_ARCH_SUFFIX='-linux-arm64-full'; \ + ;; \ + *) echo >&2 "error: unsupported architecture: '$ARCH_NAME'"; exit 1 ;; \ + esac \ + && cd /opt/cdxgen && corepack enable && corepack pnpm install --prod --package-import-method copy && corepack pnpm cache delete \ + && curl -L https://github.com/owasp-dep-scan/dosai/releases/latest/download/Dosai${DOSAI_ARCH_SUFFIX} -o /usr/local/bin/dosai \ + && chmod +x /usr/local/bin/dosai \ + && dosai --help \ && mkdir -p /opt/cdxgen-node-cache \ && node /opt/cdxgen/bin/cdxgen.js --help \ && pip install --upgrade --no-cache-dir blint atom-tools --target /opt/pypi \ diff --git a/ci/base-images/cdxgen/debian/Dockerfile.dotnet6 b/ci/base-images/cdxgen/debian/Dockerfile.dotnet6 index 3008dbd0a..53e170bd4 100644 --- a/ci/base-images/cdxgen/debian/Dockerfile.dotnet6 +++ b/ci/base-images/cdxgen/debian/Dockerfile.dotnet6 @@ -13,12 +13,31 @@ LABEL maintainer="CycloneDX" \ ENV CDXGEN_IN_CONTAINER=true \ NODE_COMPILE_CACHE="/opt/cdxgen-node-cache" \ - PYTHONPATH=/opt/pypi + PYTHONPATH=/opt/pypi \ + DOSAI_CMD=/usr/local/bin/dosai ENV PATH=${PATH}:/usr/local/bin:/opt/pypi/bin:/opt/cdxgen/node_modules/.bin: COPY . /opt/cdxgen -RUN cd /opt/cdxgen && corepack enable && corepack pnpm install --prod --package-import-method copy && corepack pnpm cache delete \ +RUN set -e; \ + ARCH_NAME="$(dpkg --print-architecture)"; \ + url=; \ + case "${ARCH_NAME##*-}" in \ + 'x86_64') \ + DOSAI_ARCH_SUFFIX='-full'; \ + ;; \ + 'arm64') \ + DOSAI_ARCH_SUFFIX='-linux-arm64-full'; \ + ;; \ + 'aarch64') \ + DOSAI_ARCH_SUFFIX='-linux-arm64-full'; \ + ;; \ + *) echo >&2 "error: unsupported architecture: '$ARCH_NAME'"; exit 1 ;; \ + esac \ + && cd /opt/cdxgen && corepack enable && corepack pnpm install --prod --package-import-method copy && corepack pnpm cache delete \ + && curl -L https://github.com/owasp-dep-scan/dosai/releases/latest/download/Dosai${DOSAI_ARCH_SUFFIX} -o /usr/local/bin/dosai \ + && chmod +x /usr/local/bin/dosai \ + && dosai --help \ && mkdir -p /opt/cdxgen-node-cache \ && node /opt/cdxgen/bin/cdxgen.js --help \ && pip install --upgrade --no-cache-dir blint atom-tools --target /opt/pypi \ diff --git a/ci/base-images/cdxgen/debian/Dockerfile.dotnet8 b/ci/base-images/cdxgen/debian/Dockerfile.dotnet8 index 8310ee8c6..8b26cd45b 100644 --- a/ci/base-images/cdxgen/debian/Dockerfile.dotnet8 +++ b/ci/base-images/cdxgen/debian/Dockerfile.dotnet8 @@ -13,12 +13,31 @@ LABEL maintainer="CycloneDX" \ ENV CDXGEN_IN_CONTAINER=true \ NODE_COMPILE_CACHE="/opt/cdxgen-node-cache" \ - PYTHONPATH=/opt/pypi + PYTHONPATH=/opt/pypi \ + DOSAI_CMD=/usr/local/bin/dosai ENV PATH=${PATH}:/usr/local/bin:/opt/pypi/bin:/opt/cdxgen/node_modules/.bin: COPY . /opt/cdxgen -RUN cd /opt/cdxgen && corepack enable && corepack pnpm install --prod --package-import-method copy && corepack pnpm cache delete \ +RUN set -e; \ + ARCH_NAME="$(dpkg --print-architecture)"; \ + url=; \ + case "${ARCH_NAME##*-}" in \ + 'x86_64') \ + DOSAI_ARCH_SUFFIX='-full'; \ + ;; \ + 'arm64') \ + DOSAI_ARCH_SUFFIX='-linux-arm64-full'; \ + ;; \ + 'aarch64') \ + DOSAI_ARCH_SUFFIX='-linux-arm64-full'; \ + ;; \ + *) echo >&2 "error: unsupported architecture: '$ARCH_NAME'"; exit 1 ;; \ + esac \ + && cd /opt/cdxgen && corepack enable && corepack pnpm install --prod --package-import-method copy && corepack pnpm cache delete \ + && curl -L https://github.com/owasp-dep-scan/dosai/releases/latest/download/Dosai${DOSAI_ARCH_SUFFIX} -o /usr/local/bin/dosai \ + && chmod +x /usr/local/bin/dosai \ + && dosai --help \ && mkdir -p /opt/cdxgen-node-cache \ && node /opt/cdxgen/bin/cdxgen.js --help \ && pip install --upgrade --no-cache-dir blint atom-tools --target /opt/pypi \ diff --git a/ci/base-images/debian/Dockerfile.dotnet6 b/ci/base-images/debian/Dockerfile.dotnet6 index cde8aff58..57be22f6b 100644 --- a/ci/base-images/debian/Dockerfile.dotnet6 +++ b/ci/base-images/debian/Dockerfile.dotnet6 @@ -11,9 +11,6 @@ ENV JAVA_VERSION=$JAVA_VERSION \ NUGET_XMLDOC_MODE=skip \ DOTNET_RUNNING_IN_CONTAINER=true \ DOTNET_CLI_TELEMETRY_OPTOUT=1 \ - LC_ALL=en_US.UTF-8 \ - LANG=en_US.UTF-8 \ - LANGUAGE=en_US.UTF-8 \ NVM_DIR="/root/.nvm" ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:${JAVA_HOME}/bin:${MAVEN_HOME}/bin:/usr/local/bin:/root/.local/bin: diff --git a/ci/base-images/debian/Dockerfile.dotnet8 b/ci/base-images/debian/Dockerfile.dotnet8 index 29aa30c1c..7a3625cce 100644 --- a/ci/base-images/debian/Dockerfile.dotnet8 +++ b/ci/base-images/debian/Dockerfile.dotnet8 @@ -12,9 +12,6 @@ ENV JAVA_VERSION=$JAVA_VERSION \ DOTNET_RUNNING_IN_CONTAINER=true \ DOTNET_CLI_TELEMETRY_OPTOUT=1 \ JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF-8" \ - LC_ALL=en_US.UTF-8 \ - LANG=en_US.UTF-8 \ - LANGUAGE=en_US.UTF-8 \ NVM_DIR="/root/.nvm" ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:${JAVA_HOME}/bin:${MAVEN_HOME}/bin:/usr/local/bin:/root/.local/bin: diff --git a/ci/base-images/debian/Dockerfile.dotnet9 b/ci/base-images/debian/Dockerfile.dotnet9 index 4d671f9d0..7197b27b3 100644 --- a/ci/base-images/debian/Dockerfile.dotnet9 +++ b/ci/base-images/debian/Dockerfile.dotnet9 @@ -12,9 +12,6 @@ ENV JAVA_VERSION=$JAVA_VERSION \ DOTNET_RUNNING_IN_CONTAINER=true \ DOTNET_CLI_TELEMETRY_OPTOUT=1 \ JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF-8" \ - LC_ALL=en_US.UTF-8 \ - LANG=en_US.UTF-8 \ - LANGUAGE=en_US.UTF-8 \ NVM_DIR="/root/.nvm" ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:${JAVA_HOME}/bin:${MAVEN_HOME}/bin:/usr/local/bin:/root/.local/bin: diff --git a/ci/base-images/debian/Dockerfile.ruby18 b/ci/base-images/debian/Dockerfile.ruby18 index 757a6c022..1f2fff301 100644 --- a/ci/base-images/debian/Dockerfile.ruby18 +++ b/ci/base-images/debian/Dockerfile.ruby18 @@ -15,10 +15,7 @@ ENV JAVA_VERSION=$JAVA_VERSION \ RAKE_VERSION=$RAKE_VERSION \ RMAGICK_VERSION=$RMAGICK_VERSION \ BUNDLE_SILENCE_ROOT_WARNING=true \ - JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF-8" \ - LC_ALL=en_US.UTF-8 \ - LANG=en_US.UTF-8 \ - LANGUAGE=en_US.UTF-8 + JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF-8" ENV PATH=/usr/local/rvm/gems/ruby-${RUBY_VERSION}/bin:/usr/local/rvm/gems/ruby-${RUBY_VERSION}@global/bin:/usr/local/rvm/rubies/ruby-${RUBY_VERSION}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/rvm/bin:${PATH}:/usr/local/bin:/root/.local/bin:/root/.rbenv/bin: COPY ci/base-images/debian/install.sh /tmp/ diff --git a/ci/base-images/debian/Dockerfile.ruby26 b/ci/base-images/debian/Dockerfile.ruby26 index a5822ce96..497232c8a 100644 --- a/ci/base-images/debian/Dockerfile.ruby26 +++ b/ci/base-images/debian/Dockerfile.ruby26 @@ -9,9 +9,6 @@ ENV JAVA_VERSION=$JAVA_VERSION \ ATOM_RUBY_VERSION=$ATOM_RUBY_VERSION \ BUNDLE_SILENCE_ROOT_WARNING=true \ JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF-8" \ - LC_ALL=en_US.UTF-8 \ - LANG=en_US.UTF-8 \ - LANGUAGE=en_US.UTF-8 \ NVM_DIR="/root/.nvm" ENV PATH=/root/.nvm/versions/node/v${NODE_VERSION}/bin:${PATH}:/usr/local/bin:/root/.local/bin:/root/.rbenv/bin: diff --git a/ci/base-images/debian/Dockerfile.ruby33 b/ci/base-images/debian/Dockerfile.ruby33 index 211821a44..9f9555a4c 100644 --- a/ci/base-images/debian/Dockerfile.ruby33 +++ b/ci/base-images/debian/Dockerfile.ruby33 @@ -9,9 +9,6 @@ ENV JAVA_VERSION=$JAVA_VERSION \ ATOM_RUBY_VERSION=$ATOM_RUBY_VERSION \ BUNDLE_SILENCE_ROOT_WARNING=true \ JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF-8" \ - LC_ALL=en_US.UTF-8 \ - LANG=en_US.UTF-8 \ - LANGUAGE=en_US.UTF-8 \ NVM_DIR="/root/.nvm" ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:/usr/local/bin:/root/.local/bin:/root/.rbenv/bin: diff --git a/ci/base-images/debian/Dockerfile.ruby34 b/ci/base-images/debian/Dockerfile.ruby34 index 26eda59e4..1d0dbbb09 100644 --- a/ci/base-images/debian/Dockerfile.ruby34 +++ b/ci/base-images/debian/Dockerfile.ruby34 @@ -7,9 +7,6 @@ ENV JAVA_VERSION=$JAVA_VERSION \ JAVA_HOME="/opt/java/${JAVA_VERSION}" \ BUNDLE_SILENCE_ROOT_WARNING=true \ JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF-8" \ - LC_ALL=en_US.UTF-8 \ - LANG=en_US.UTF-8 \ - LANGUAGE=en_US.UTF-8 \ NVM_DIR="/root/.nvm" ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:/usr/local/bin:/root/.local/bin:/root/.rbenv/bin: diff --git a/ci/base-images/debian/install.sh b/ci/base-images/debian/install.sh index 02371f2ff..150ba5957 100644 --- a/ci/base-images/debian/install.sh +++ b/ci/base-images/debian/install.sh @@ -36,5 +36,3 @@ if [ x"${SKIP_NODEJS}" != "xyes" ]; then source /root/.nvm/nvm.sh nvm install ${NODE_VERSION} fi -locale-gen en_US.UTF-8 -dpkg-reconfigure locales diff --git a/lib/managers/binary.js b/lib/managers/binary.js index 8c9822d46..6391b976d 100644 --- a/lib/managers/binary.js +++ b/lib/managers/binary.js @@ -159,27 +159,23 @@ if (existsSync(join(CDXGEN_PLUGINS_DIR, "goversion"))) { `goversion-${platform}-${arch}${extn}`, ); } -let TRIVY_BIN = null; +let TRIVY_BIN = process.env.TRIVY_CMD; if (existsSync(join(CDXGEN_PLUGINS_DIR, "trivy"))) { TRIVY_BIN = join( CDXGEN_PLUGINS_DIR, "trivy", `trivy-cdxgen-${platform}-${arch}${extn}`, ); -} else if (process.env.TRIVY_CMD) { - TRIVY_BIN = process.env.TRIVY_CMD; } -let CARGO_AUDITABLE_BIN = null; +let CARGO_AUDITABLE_BIN = process.env.CARGO_AUDITABLE_CMD; if (existsSync(join(CDXGEN_PLUGINS_DIR, "cargo-auditable"))) { CARGO_AUDITABLE_BIN = join( CDXGEN_PLUGINS_DIR, "cargo-auditable", `cargo-auditable-cdxgen-${platform}-${arch}${extn}`, ); -} else if (process.env.CARGO_AUDITABLE_CMD) { - CARGO_AUDITABLE_BIN = process.env.CARGO_AUDITABLE_CMD; } -let OSQUERY_BIN = null; +let OSQUERY_BIN = process.env.OSQUERY_CMD; if (existsSync(join(CDXGEN_PLUGINS_DIR, "osquery"))) { OSQUERY_BIN = join( CDXGEN_PLUGINS_DIR, @@ -190,29 +186,23 @@ if (existsSync(join(CDXGEN_PLUGINS_DIR, "osquery"))) { if (platform === "darwin") { OSQUERY_BIN = `${OSQUERY_BIN}.app/Contents/MacOS/osqueryd`; } -} else if (process.env.OSQUERY_CMD) { - OSQUERY_BIN = process.env.OSQUERY_CMD; } -let DOSAI_BIN = null; +let DOSAI_BIN = process.env.DOSAI_CMD; if (existsSync(join(CDXGEN_PLUGINS_DIR, "dosai"))) { DOSAI_BIN = join( CDXGEN_PLUGINS_DIR, "dosai", `dosai-${platform}-${arch}${extn}`, ); -} else if (process.env.DOSAI_CMD) { - DOSAI_BIN = process.env.DOSAI_CMD; } // Blint bin const BLINT_BIN = process.env.BLINT_CMD || "blint"; // sourcekitten -let SOURCEKITTEN_BIN = null; +let SOURCEKITTEN_BIN = process.env.SOURCEKITTEN_CMD; if (existsSync(join(CDXGEN_PLUGINS_DIR, "sourcekitten"))) { SOURCEKITTEN_BIN = join(CDXGEN_PLUGINS_DIR, "sourcekitten", "sourcekitten"); -} else if (process.env.SOURCEKITTEN_CMD) { - SOURCEKITTEN_BIN = process.env.SOURCEKITTEN_CMD; } // Keep this list updated every year @@ -859,7 +849,10 @@ export function getDotnetSlices(src, slicesFile) { ) ) { console.log( - "Dotnet 9 SDK is not installed. Please use the cdxgen container image 'ghcr.io/cyclonedx/cdxgen-debian-dotnet9:v11' to generate slices for dotnet.", + "Dotnet SDK is not installed. Please use the cdxgen dotnet container images to generate slices for this project.", + ); + console.log( + "Alternatively, download the dosai self-contained binary (-full suffix) from https://github.com/owasp-dep-scan/dosai/releases and set the environment variable DOSAI_CMD with its location.", ); } if (result.status !== 0 || result.error) { diff --git a/types/lib/managers/binary.d.ts.map b/types/lib/managers/binary.d.ts.map index e4757d1ad..e91633f40 100644 --- a/types/lib/managers/binary.d.ts.map +++ b/types/lib/managers/binary.d.ts.map @@ -1 +1 @@ -{"version":3,"file":"binary.d.ts","sourceRoot":"","sources":["../../../lib/managers/binary.js"],"names":[],"mappings":"AAkSA,iDA6BC;AAED,wDAkBC;AAED;;;;;GAKG;AACH,kDAFa,SAAS,MAAO,CAqB5B;AAED;;;;;;;EAwXC;AAkCD,gDAoDC;AAED;;;;;;GAMG;AACH,qCAJW,MAAM,cACN,MAAM,WAuChB;AAED;;;;;;;;GAQG;AACH,kCANW,MAAM,iBACN,MAAM,YACN,OAAO,GAEN,OAAO,CA8BlB"} \ No newline at end of file +{"version":3,"file":"binary.d.ts","sourceRoot":"","sources":["../../../lib/managers/binary.js"],"names":[],"mappings":"AAwRA,iDA6BC;AAED,wDAkBC;AAED;;;;;GAKG;AACH,kDAFa,SAAS,MAAO,CAqB5B;AAED;;;;;;;EAwXC;AAkCD,gDAoDC;AAED;;;;;;GAMG;AACH,qCAJW,MAAM,cACN,MAAM,WA0ChB;AAED;;;;;;;;GAQG;AACH,kCANW,MAAM,iBACN,MAAM,YACN,OAAO,GAEN,OAAO,CA8BlB"} \ No newline at end of file From 00e09b206642a809cf81abf4c5d1f25ab60c9972 Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Thu, 16 Jan 2025 14:44:01 +0000 Subject: [PATCH 2/5] Update nuget version in debian dotnet6 image. Improves troubleshooting messages for dotnet. Signed-off-by: Prabhu Subramanian --- ci/base-images/debian/Dockerfile.dotnet6 | 8 +++- ci/base-images/debian/Dockerfile.dotnet8 | 2 +- ci/base-images/debian/Dockerfile.dotnet9 | 2 +- ci/base-images/sle/Dockerfile.dotnet6 | 1 - lib/cli/index.js | 52 +++++++++++++++++++----- lib/helpers/utils.js | 10 ++--- types/lib/cli/index.d.ts.map | 2 +- 7 files changed, 55 insertions(+), 22 deletions(-) diff --git a/ci/base-images/debian/Dockerfile.dotnet6 b/ci/base-images/debian/Dockerfile.dotnet6 index 57be22f6b..80c54b60b 100644 --- a/ci/base-images/debian/Dockerfile.dotnet6 +++ b/ci/base-images/debian/Dockerfile.dotnet6 @@ -12,7 +12,7 @@ ENV JAVA_VERSION=$JAVA_VERSION \ DOTNET_RUNNING_IN_CONTAINER=true \ DOTNET_CLI_TELEMETRY_OPTOUT=1 \ NVM_DIR="/root/.nvm" -ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:${JAVA_HOME}/bin:${MAVEN_HOME}/bin:/usr/local/bin:/root/.local/bin: +ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:${JAVA_HOME}/bin:/usr/local/bin:/root/.local/bin: COPY ci/base-images/debian/install.sh /tmp/ @@ -22,7 +22,11 @@ RUN apt-get update && apt-get install -qq -y --no-install-recommends curl bash b && ./tmp/install.sh && rm /tmp/install.sh \ && node -v \ && npm -v \ - && dotnet --list-sdks \ + && rm -rf /usr/lib/nuget \ && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ && rm -rf /var/lib/apt/lists/* +COPY ci/base-images/nuget /usr/lib/nuget +RUN mv /usr/lib/nuget/nuget.exe /usr/lib/nuget/NuGet.exe \ + && dotnet --list-sdks \ + && nuget help CMD ["/bin/bash"] diff --git a/ci/base-images/debian/Dockerfile.dotnet8 b/ci/base-images/debian/Dockerfile.dotnet8 index 7a3625cce..0e10b1d5c 100644 --- a/ci/base-images/debian/Dockerfile.dotnet8 +++ b/ci/base-images/debian/Dockerfile.dotnet8 @@ -13,7 +13,7 @@ ENV JAVA_VERSION=$JAVA_VERSION \ DOTNET_CLI_TELEMETRY_OPTOUT=1 \ JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF-8" \ NVM_DIR="/root/.nvm" -ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:${JAVA_HOME}/bin:${MAVEN_HOME}/bin:/usr/local/bin:/root/.local/bin: +ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:${JAVA_HOME}/bin:/usr/local/bin:/root/.local/bin: COPY ci/base-images/debian/install.sh /tmp/ diff --git a/ci/base-images/debian/Dockerfile.dotnet9 b/ci/base-images/debian/Dockerfile.dotnet9 index 7197b27b3..d135a5fdc 100644 --- a/ci/base-images/debian/Dockerfile.dotnet9 +++ b/ci/base-images/debian/Dockerfile.dotnet9 @@ -13,7 +13,7 @@ ENV JAVA_VERSION=$JAVA_VERSION \ DOTNET_CLI_TELEMETRY_OPTOUT=1 \ JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF-8" \ NVM_DIR="/root/.nvm" -ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:${JAVA_HOME}/bin:${MAVEN_HOME}/bin:/usr/local/bin:/root/.local/bin: +ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:${JAVA_HOME}/bin:/usr/local/bin:/root/.local/bin: COPY ci/base-images/debian/install.sh /tmp/ diff --git a/ci/base-images/sle/Dockerfile.dotnet6 b/ci/base-images/sle/Dockerfile.dotnet6 index aeb4e9611..40224190b 100644 --- a/ci/base-images/sle/Dockerfile.dotnet6 +++ b/ci/base-images/sle/Dockerfile.dotnet6 @@ -17,7 +17,6 @@ RUN zypper --non-interactive install -l --no-recommends git-core nodejs20 npm20 && zypper --non-interactive install --allow-unsigned-rpm -l --no-recommends mono-complete libexif12 libexif-devel \ && echo -e '#!/bin/sh\nexec /usr/bin/mono /usr/lib/mono/nuget/nuget.exe "$@"\n' > /usr/bin/nuget \ && chmod +x /usr/bin/nuget \ - && rm -rf /usr/lib/mono/nuget \ && dotnet --list-sdks \ && npm install -g corepack \ && zypper clean -a diff --git a/lib/cli/index.js b/lib/cli/index.js index 5c66cfbb5..da2cb313c 100644 --- a/lib/cli/index.js +++ b/lib/cli/index.js @@ -5465,6 +5465,26 @@ export async function createCsharpBom(path, options) { env: { ...process.env, DOTNET_ROLL_FORWARD: "Major" }, }); if (DEBUG_MODE && (result.status !== 0 || result.error)) { + if ( + result?.stderr?.includes( + "only packages.config files will be restored", + ) && + buildCmd === "nuget" + ) { + console.log( + `This project needs to be restored using msbuild. Example: 'msbuild -t:restore'. cdxgen is attempting to use ${buildCmd}, which might result in an incomplete SBOM!`, + ); + if (process.env?.CDXGEN_IN_CONTAINER !== "true") { + console.log( + "Ensure the restore step is performed prior to invoking cdxgen.", + ); + } else { + console.log( + "TIP: msbuild is not available for Linux. Try using a Windows build agent to generate an SBOM for this project.", + ); + } + options.failOnError && process.exit(1); + } if (result?.stderr?.includes("To install missing framework")) { console.log( "This project requires a specific version of dotnet sdk to be installed. The cdxgen container image bundles dotnet SDK 8.0, which might be incompatible.", @@ -5472,6 +5492,23 @@ export async function createCsharpBom(path, options) { console.log( "TIP: Try using the custom `ghcr.io/cyclonedx/cdxgen-dotnet6:v11` or `ghcr.io/cyclonedx/cdxgen-dotnet7:v11` container images.", ); + } else if (result?.stderr?.includes("is not found on source")) { + console.log( + `The project ${f} refers to private packages that are not available on nuget.org!`, + ); + console.log( + "Tip: Authenticate with any private registries such as Azure Artifacts feed before running cdxgen.", + ); + } else if (result?.stderr?.includes("but the current NuGet version")) { + if (process.env?.CDXGEN_IN_CONTAINER !== "true") { + console.log( + "TIP: Try downloading the correct version from here: https://learn.microsoft.com/en-us/nuget/install-nuget-client-tools", + ); + } else { + console.log( + "TIP: This project requires a specific version of nuget client to be installed. Try using a Windows build agent to generate an SBOM for this project.", + ); + } } else { console.error( `Restore has failed. Check if ${buildCmd} is installed and available in PATH.`, @@ -5485,7 +5522,9 @@ export async function createCsharpBom(path, options) { ); } } + console.log("---------"); console.log(result.stdout, result.stderr); + console.log("---------"); options.failOnError && process.exit(1); } } @@ -5637,12 +5676,9 @@ export async function createCsharpBom(path, options) { } } } - if ( - options.projectType?.includes("dotnet-framework") || - (!pkgList.length && csProjFiles.length && !nupkgFiles.length) - ) { + if (csProjFiles.length) { manifestFiles = manifestFiles.concat(csProjFiles); - // Parsing csproj is quite error prone. Some project files may not have versions specified + // Parsing csproj is quite error-prone. Some project files may not have versions specified // To work around this, we make use of the version from the existing list const pkgNameVersions = {}; for (const p of pkgList) { @@ -5680,12 +5716,6 @@ export async function createCsharpBom(path, options) { ); } } - if (pkgList.length && !options.projectType?.includes("dotnet-framework")) { - console.log( - `Found ${pkgList.length} components by parsing the ${csProjFiles.length} csproj files. The resulting SBOM will be incomplete.`, - ); - options.failOnError && process.exit(1); - } } if (pkgList.length) { pkgList = trimComponents(pkgList); diff --git a/lib/helpers/utils.js b/lib/helpers/utils.js index 8bab62834..1d7cb563c 100644 --- a/lib/helpers/utils.js +++ b/lib/helpers/utils.js @@ -4600,13 +4600,13 @@ export async function parsePyLockData(lockData, lockFile, pyProjectFile) { } if (apkg?.source?.virtual) { pkg.properties.push({ - name: "cdx:pypi:virtual_path", + name: "internal:virtual_path", value: workspacePyProjMap[apkg.name] || apkg.source.virtual, }); } if (apkg?.source?.editable) { pkg.properties.push({ - name: "cdx:pypi:virtual_path", + name: "internal:virtual_path", value: apkg.source.editable, }); } @@ -4614,7 +4614,7 @@ export async function parsePyLockData(lockData, lockFile, pyProjectFile) { // Is this component a module? if (workspaceComponentMap[pkg.name]) { pkg.properties.push({ - name: "cdx:pyproject:is_workspace", + name: "internal:is_workspace", value: "true", }); pkg.type = "application"; @@ -4654,12 +4654,12 @@ export async function parsePyLockData(lockData, lockFile, pyProjectFile) { if (pkgParentMap[pkg.name]) { for (const workspaceRef of pkgParentMap[pkg.name]) { pkg.properties.push({ - name: "cdx:pyproject:workspaceRef", + name: "internal:workspaceRef", value: workspaceRef, }); if (workspaceRefPyProjMap[workspaceRef]) { pkg.properties.push({ - name: "cdx:pyproject:workspaceSrcFile", + name: "internal:workspaceSrcFile", value: workspaceRefPyProjMap[workspaceRef], }); } diff --git a/types/lib/cli/index.d.ts.map b/types/lib/cli/index.d.ts.map index b8c2ba530..313190948 100644 --- a/types/lib/cli/index.d.ts.map +++ b/types/lib/cli/index.d.ts.map @@ -1 +1 @@ -{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/cli/index.js"],"names":[],"mappings":"AAoxBA;;;;;;;;GAQG;AACH,gFAFW,MAAM,SAchB;AAuXD;;;;;;;GAOG;AACH,mCALW,MAAM,qBAiEhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;EAKhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM;;;;EAkBhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAs7BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA0kBhB;AAED;;;;;;;;;;GAUG;AACH,+DAsEC;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA+dhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BA+YhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAqIhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAkEhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBA+KhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBAsHhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,qBAuBhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,8BAqDhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,8BA4ChB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,8BA6FhB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,qBAmUhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBAiJhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BA8LhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA2XhB;AAED;;;;;GAKG;AACH,2CAHW,MAAM;;;;;;;;;;;;;;;;;;;;GAoChB;AAED;;;;;;;;KA+DC;AAED;;;;;;GAMG;AACH,yDAqFC;AAED;;;;;;;;;GASG;AACH,2GA6BC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,EAAE,8BA2hBlB;AAED;;;;;GAKG;AACH,iCAHW,MAAM,8BAgUhB;AAED;;;;;GAKG;AACH,gCAHW,MAAM,qBAiPhB;AAED;;;;;;GAMG;AACH,wDAFY,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,GAAG,SAAS,CAAC,CAwHxE"} \ No newline at end of file +{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/cli/index.js"],"names":[],"mappings":"AAoxBA;;;;;;;;GAQG;AACH,gFAFW,MAAM,SAchB;AAuXD;;;;;;;GAOG;AACH,mCALW,MAAM,qBAiEhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;EAKhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM;;;;EAkBhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAs7BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA0kBhB;AAED;;;;;;;;;;GAUG;AACH,+DAsEC;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA+dhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BA+YhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAqIhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAkEhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBA+KhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBAsHhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,qBAuBhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,8BAqDhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,8BA4ChB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,8BA6FhB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,qBAmUhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBAiJhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BA8LhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BAyZhB;AAED;;;;;GAKG;AACH,2CAHW,MAAM;;;;;;;;;;;;;;;;;;;;GAoChB;AAED;;;;;;;;KA+DC;AAED;;;;;;GAMG;AACH,yDAqFC;AAED;;;;;;;;;GASG;AACH,2GA6BC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,EAAE,8BA2hBlB;AAED;;;;;GAKG;AACH,iCAHW,MAAM,8BAgUhB;AAED;;;;;GAKG;AACH,gCAHW,MAAM,qBAiPhB;AAED;;;;;;GAMG;AACH,wDAFY,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,GAAG,SAAS,CAAC,CAwHxE"} \ No newline at end of file From 97df17abea3481267cfb7170b8240e80879e09f1 Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Thu, 16 Jan 2025 16:38:52 +0000 Subject: [PATCH 3/5] Update nuget version in debian dotnet6 image. Improves troubleshooting messages for dotnet. Signed-off-by: Prabhu Subramanian --- .github/workflows/build-base-images.yml | 5 +- ci/base-images/README.md | 58 +++++++++++------------- ci/base-images/debian/Dockerfile.dotnet8 | 2 +- ci/base-images/debian/Dockerfile.dotnet9 | 2 +- ci/base-images/sle/Dockerfile.dotnet6 | 3 +- lib/cli/index.js | 21 ++++++--- types/lib/cli/index.d.ts.map | 2 +- 7 files changed, 49 insertions(+), 44 deletions(-) diff --git a/.github/workflows/build-base-images.yml b/.github/workflows/build-base-images.yml index 48c7b7418..e23490682 100644 --- a/.github/workflows/build-base-images.yml +++ b/.github/workflows/build-base-images.yml @@ -83,13 +83,14 @@ jobs: with: images: | ghcr.io/cyclonedx/bci-dotnet + ghcr.io/cyclonedx/bci-dotnet6 - name: Build and push Docker images uses: docker/build-push-action@v5 with: context: . file: ci/base-images/sle/Dockerfile.dotnet6 - platforms: linux/amd64,linux/arm64 + platforms: linux/amd64 push: true tags: ${{ steps.meta-bci-dotnet.outputs.tags }} labels: ${{ steps.meta-bci-dotnet.outputs.labels }} @@ -129,7 +130,7 @@ jobs: with: context: . file: ci/base-images/cdxgen/Dockerfile.dotnet6 - platforms: linux/amd64,linux/arm64 + platforms: linux/amd64 push: true tags: ghcr.io/cyclonedx/cdxgen-dotnet:v11,ghcr.io/cyclonedx/cdxgen-dotnet6:v11 labels: ${{ steps.meta-cdxgen-dotnet.outputs.labels }} diff --git a/ci/base-images/README.md b/ci/base-images/README.md index e5f3ef5ba..7bf97647a 100644 --- a/ci/base-images/README.md +++ b/ci/base-images/README.md @@ -6,30 +6,30 @@ Custom language specific base images contributed by AppThreat from this [repo](h Below table summarizes all available container image versions. These images include additional language-specific build tools and development libraries to enable automatic restore and build operations. -| Language | Version | Container Image Tags | Comments | -| -------- | ------------------------ | --------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- | -| Java | 23 | ghcr.io/cyclonedx/cdxgen:master | Default all-in-one container image with all the latest and greatest tools with Node 23 runtime. | -| Java | 23 | ghcr.io/cyclonedx/cdxgen-deno:master | Default all-in-one container image with all the latest and greatest tools with deno runtime. | -| Java | 11 | ghcr.io/cyclonedx/cdxgen-java11-slim:v11, ghcr.io/cyclonedx/cdxgen-java11:v11 | Java 11 version with and without Android 33 SDK. | -| Java | 17 | ghcr.io/cyclonedx/cdxgen-java17-slim:v11, ghcr.io/cyclonedx/cdxgen-java17:v11 | Java 17 version with and without Android 34 SDK. | -| Dotnet | .Net Framework 4.6 - 4.8 | ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11, ghcr.io/cyclonedx/cdxgen-dotnet6:v11 | .Net Framework | -| Dotnet | .Net Core 3.1 | ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11, ghcr.io/cyclonedx/cdxgen-dotnet6:v11 | .Net Core 3.1 | -| Dotnet | .Net 6 | ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11, ghcr.io/cyclonedx/cdxgen-dotnet6:v11 | .Net 6 | -| Dotnet | .Net 7 | ghcr.io/cyclonedx/cdxgen-dotnet7:v11 | .Net 7 | -| Dotnet | .Net 8 | ghcr.io/cyclonedx/cdxgen-debian-dotnet8:v11, ghcr.io/cyclonedx/cdxgen-dotnet8:v11 | .Net 8 | -| Dotnet | .Net 9 | ghcr.io/cyclonedx/cdxgen-debian-dotnet9:v11, ghcr.io/cyclonedx/cdxgen-dotnet9:v11 | .Net 9 | -| Python | 3.6 | ghcr.io/cyclonedx/cdxgen-python36:v11 | No dependency tree | -| Python | 3.9 | ghcr.io/cyclonedx/cdxgen-python39:v11 | | -| Python | 3.10 | ghcr.io/cyclonedx/cdxgen-python310:v11 | | -| Python | 3.11 | ghcr.io/cyclonedx/cdxgen-python311:v11 | | -| Python | 3.12 | ghcr.io/cyclonedx/cdxgen-python312:v11 | | -| Node.js | 20 | ghcr.io/cyclonedx/cdxgen-node20:v11 | Use `--platform=linux/amd64` in case of `npm install` errors. | -| Node.js | 23 | ghcr.io/cyclonedx/cdxgen:master | Supports automatic node installation. Example: Pass `-t node20` to install node 20. | -| Ruby | 3.3.6 | ghcr.io/cyclonedx/cdxgen-debian-ruby33:v11 | Supports automatic Ruby installation for 3.3.x. Example: Pass `-t ruby3.3.1` to install Ruby 3.3.1. | -| Ruby | 3.4.1 | ghcr.io/cyclonedx/cdxgen-debian-ruby34:v11 | Supports automatic Ruby installation for 3.4.x. Example: Pass `-t ruby3.4.0` to install Ruby 3.4.0. | -| Ruby | 2.5.0 | ghcr.io/cyclonedx/cdxgen-ruby25:v11 | Supports automatic Ruby installation for 2.5.x. Example: Pass `-t ruby2.5.1` to install Ruby 2.5.1. | -| Ruby | 2.6.10 | ghcr.io/cyclonedx/cdxgen-debian-ruby26:v11 | Supports automatic Ruby installation for 2.6.x. Example: Pass `-t ruby2.6.1` to install Ruby 2.6.1. | -| Ruby | 1.8.x | ghcr.io/cyclonedx/debian-ruby18:master | Base image for `bundle install` only. No cdxgen equivalent with Ruby 1.8.x. `--deep` mode and research profile unsupported. | +| Language | Version | Container Image Tags | Comments | +| -------- | ---------------------------- | --------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- | +| Java | 23 | ghcr.io/cyclonedx/cdxgen:master | Default all-in-one container image with all the latest and greatest tools with Node 23 runtime. | +| Java | 23 | ghcr.io/cyclonedx/cdxgen-deno:master | Default all-in-one container image with all the latest and greatest tools with deno runtime. | +| Java | 11 | ghcr.io/cyclonedx/cdxgen-java11-slim:v11, ghcr.io/cyclonedx/cdxgen-java11:v11 | Java 11 version with and without Android 33 SDK. | +| Java | 17 | ghcr.io/cyclonedx/cdxgen-java17-slim:v11, ghcr.io/cyclonedx/cdxgen-java17:v11 | Java 17 version with and without Android 34 SDK. | +| Dotnet | .Net Framework 4.6 - 4.8 | ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11 | .Net Framework | +| Dotnet | .Net Core 2.1, 3.1, .Net 5.0 | ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11 | Invoke with --platform=linux/amd64 for better compatibility. | +| Dotnet | .Net 6 | ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11 | .Net 6 | +| Dotnet | .Net 7 | ghcr.io/cyclonedx/cdxgen-dotnet7:v11 | .Net 7 | +| Dotnet | .Net 8 | ghcr.io/cyclonedx/cdxgen-debian-dotnet8:v11, ghcr.io/cyclonedx/cdxgen-dotnet8:v11 | .Net 8 | +| Dotnet | .Net 9 | ghcr.io/cyclonedx/cdxgen-debian-dotnet9:v11, ghcr.io/cyclonedx/cdxgen-dotnet9:v11 | .Net 9 | +| Python | 3.6 | ghcr.io/cyclonedx/cdxgen-python36:v11 | No dependency tree | +| Python | 3.9 | ghcr.io/cyclonedx/cdxgen-python39:v11 | | +| Python | 3.10 | ghcr.io/cyclonedx/cdxgen-python310:v11 | | +| Python | 3.11 | ghcr.io/cyclonedx/cdxgen-python311:v11 | | +| Python | 3.12 | ghcr.io/cyclonedx/cdxgen-python312:v11 | | +| Node.js | 20 | ghcr.io/cyclonedx/cdxgen-node20:v11 | Use `--platform=linux/amd64` in case of `npm install` errors. | +| Node.js | 23 | ghcr.io/cyclonedx/cdxgen:master | Supports automatic node installation. Example: Pass `-t node20` to install node 20. | +| Ruby | 3.3.6 | ghcr.io/cyclonedx/cdxgen-debian-ruby33:v11 | Supports automatic Ruby installation for 3.3.x. Example: Pass `-t ruby3.3.1` to install Ruby 3.3.1. | +| Ruby | 3.4.1 | ghcr.io/cyclonedx/cdxgen-debian-ruby34:v11 | Supports automatic Ruby installation for 3.4.x. Example: Pass `-t ruby3.4.0` to install Ruby 3.4.0. | +| Ruby | 2.5.0 | ghcr.io/cyclonedx/cdxgen-ruby25:v11 | Supports automatic Ruby installation for 2.5.x. Example: Pass `-t ruby2.5.1` to install Ruby 2.5.1. | +| Ruby | 2.6.10 | ghcr.io/cyclonedx/cdxgen-debian-ruby26:v11 | Supports automatic Ruby installation for 2.6.x. Example: Pass `-t ruby2.6.1` to install Ruby 2.6.1. | +| Ruby | 1.8.x | ghcr.io/cyclonedx/debian-ruby18:master | Base image for `bundle install` only. No cdxgen equivalent with Ruby 1.8.x. `--deep` mode and research profile unsupported. | Replace `:v11` with a release version tag or sha256 hash for fine-grained control over the image tag. @@ -76,19 +76,13 @@ Example invocation: A bundled version of [nuget](./nuget/) and mono is used to support .Net framework apps. ```shell -docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-dotnet6:v11 -r /app -o /app/bom.json -t dotnet-framework -``` - -Dotnet 3.1 or Dotnet 6.0 - -```shell -docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-dotnet6:v11 -r /app -o /app/bom.json -t dotnet +docker run --rm --platform=linux/amd64 -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11 -r /app -o /app/bom.json -t dotnet ``` Dotnet 3.1 or Dotnet 6.0 (debian) ```shell -docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11 -r /app -o /app/bom.json -t dotnet +docker run --rm --platform=linux/amd64 -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11 -r /app -o /app/bom.json -t dotnet ``` Dotnet 7.0 diff --git a/ci/base-images/debian/Dockerfile.dotnet8 b/ci/base-images/debian/Dockerfile.dotnet8 index 0e10b1d5c..4f7c57ae6 100644 --- a/ci/base-images/debian/Dockerfile.dotnet8 +++ b/ci/base-images/debian/Dockerfile.dotnet8 @@ -18,7 +18,7 @@ ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:${JAVA_HOME}/bin: COPY ci/base-images/debian/install.sh /tmp/ RUN apt-get update && apt-get install -qq -y --no-install-recommends curl bash bzip2 git-core zip unzip make gawk \ - && apt-get install -qq -y build-essential python3 python3-pip python3-dev locales \ + && apt-get install -qq -y build-essential mono-devel mono-xbuild nuget python3 python3-pip python3-dev locales \ && chmod +x /tmp/install.sh \ && ./tmp/install.sh && rm /tmp/install.sh \ && node -v \ diff --git a/ci/base-images/debian/Dockerfile.dotnet9 b/ci/base-images/debian/Dockerfile.dotnet9 index d135a5fdc..9e8ead47d 100644 --- a/ci/base-images/debian/Dockerfile.dotnet9 +++ b/ci/base-images/debian/Dockerfile.dotnet9 @@ -18,7 +18,7 @@ ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:${JAVA_HOME}/bin: COPY ci/base-images/debian/install.sh /tmp/ RUN apt-get update && apt-get install -qq -y --no-install-recommends curl bash bzip2 git-core zip unzip make gawk \ - && apt-get install -qq -y build-essential python3 python3-pip python3-dev locales \ + && apt-get install -qq -y build-essential mono-devel mono-xbuild nuget python3 python3-pip python3-dev locales \ && chmod +x /tmp/install.sh \ && ./tmp/install.sh && rm /tmp/install.sh \ && node -v \ diff --git a/ci/base-images/sle/Dockerfile.dotnet6 b/ci/base-images/sle/Dockerfile.dotnet6 index 40224190b..0ac6d4073 100644 --- a/ci/base-images/sle/Dockerfile.dotnet6 +++ b/ci/base-images/sle/Dockerfile.dotnet6 @@ -8,7 +8,7 @@ ENV DOTNET_GENERATE_ASPNET_CERTIFICATE=false \ DOTNET_CLI_TELEMETRY_OPTOUT=1 ENV PATH=${PATH}:/usr/local/bin: -RUN zypper --non-interactive install -l --no-recommends git-core nodejs20 npm20 \ +RUN zypper refresh && zypper --non-interactive update && zypper --non-interactive install -l --no-recommends git-core nodejs20 npm20 \ python311 python311-pip wget zip unzip make gawk java-21-openjdk-devel \ && rpm -Uvh https://packages.microsoft.com/config/sles/15/packages-microsoft-prod.rpm \ && zypper --non-interactive install -l --no-recommends dotnet-sdk-3.1 \ @@ -17,6 +17,7 @@ RUN zypper --non-interactive install -l --no-recommends git-core nodejs20 npm20 && zypper --non-interactive install --allow-unsigned-rpm -l --no-recommends mono-complete libexif12 libexif-devel \ && echo -e '#!/bin/sh\nexec /usr/bin/mono /usr/lib/mono/nuget/nuget.exe "$@"\n' > /usr/bin/nuget \ && chmod +x /usr/bin/nuget \ + && rm -rf /usr/lib/mono/nuget \ && dotnet --list-sdks \ && npm install -g corepack \ && zypper clean -a diff --git a/lib/cli/index.js b/lib/cli/index.js index da2cb313c..ea28974c1 100644 --- a/lib/cli/index.js +++ b/lib/cli/index.js @@ -5440,10 +5440,10 @@ export async function createCsharpBom(path, options) { ) { const filesToRestore = slnFiles.concat(csProjFiles); for (const f of filesToRestore) { - const buildCmd = options.projectType?.includes("dotnet-framework") + let buildCmd = options.projectType?.includes("dotnet-framework") ? "nuget" : "dotnet"; - const buildArgs = options.projectType?.includes("dotnet-framework") + let buildArgs = options.projectType?.includes("dotnet-framework") ? [ "restore", "-NonInteractive", @@ -5453,6 +5453,10 @@ export async function createCsharpBom(path, options) { "quiet", ] : ["restore", "--force", "--ignore-failed-sources", f]; + if (isWin && options.projectType?.includes("dotnet-framework")) { + buildCmd = "msbuild"; + buildArgs = ["-t:restore", "-p:RestorePackagesConfig=true"]; + } if (DEBUG_MODE) { const basePath = dirname(f); console.log( @@ -5472,7 +5476,7 @@ export async function createCsharpBom(path, options) { buildCmd === "nuget" ) { console.log( - `This project needs to be restored using msbuild. Example: 'msbuild -t:restore'. cdxgen is attempting to use ${buildCmd}, which might result in an incomplete SBOM!`, + `This project needs to be restored using msbuild. Example: 'msbuild -t:restore -p:RestorePackagesConfig=true'. cdxgen is attempting to use ${buildCmd}, which might result in an incomplete SBOM!`, ); if (process.env?.CDXGEN_IN_CONTAINER !== "true") { console.log( @@ -5492,12 +5496,15 @@ export async function createCsharpBom(path, options) { console.log( "TIP: Try using the custom `ghcr.io/cyclonedx/cdxgen-dotnet6:v11` or `ghcr.io/cyclonedx/cdxgen-dotnet7:v11` container images.", ); - } else if (result?.stderr?.includes("is not found on source")) { + } else if ( + result?.stderr?.includes("is not found on source") || + result?.stderr?.includes("Unable to find version") + ) { console.log( `The project ${f} refers to private packages that are not available on nuget.org!`, ); console.log( - "Tip: Authenticate with any private registries such as Azure Artifacts feed before running cdxgen.", + "Tip: Authenticate with any private registries such as Azure Artifacts feed before running cdxgen. Alternatively, commit the contents of the 'packages' folder to the repository.", ); } else if (result?.stderr?.includes("but the current NuGet version")) { if (process.env?.CDXGEN_IN_CONTAINER !== "true") { @@ -5523,7 +5530,9 @@ export async function createCsharpBom(path, options) { } } console.log("---------"); - console.log(result.stdout, result.stderr); + if (result.stderr) { + console.log(result.stderr); + } console.log("---------"); options.failOnError && process.exit(1); } diff --git a/types/lib/cli/index.d.ts.map b/types/lib/cli/index.d.ts.map index 313190948..e89ee9c52 100644 --- a/types/lib/cli/index.d.ts.map +++ b/types/lib/cli/index.d.ts.map @@ -1 +1 @@ -{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/cli/index.js"],"names":[],"mappings":"AAoxBA;;;;;;;;GAQG;AACH,gFAFW,MAAM,SAchB;AAuXD;;;;;;;GAOG;AACH,mCALW,MAAM,qBAiEhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;EAKhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM;;;;EAkBhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAs7BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA0kBhB;AAED;;;;;;;;;;GAUG;AACH,+DAsEC;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA+dhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BA+YhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAqIhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAkEhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBA+KhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBAsHhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,qBAuBhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,8BAqDhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,8BA4ChB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,8BA6FhB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,qBAmUhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBAiJhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BA8LhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BAyZhB;AAED;;;;;GAKG;AACH,2CAHW,MAAM;;;;;;;;;;;;;;;;;;;;GAoChB;AAED;;;;;;;;KA+DC;AAED;;;;;;GAMG;AACH,yDAqFC;AAED;;;;;;;;;GASG;AACH,2GA6BC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,EAAE,8BA2hBlB;AAED;;;;;GAKG;AACH,iCAHW,MAAM,8BAgUhB;AAED;;;;;GAKG;AACH,gCAHW,MAAM,qBAiPhB;AAED;;;;;;GAMG;AACH,wDAFY,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,GAAG,SAAS,CAAC,CAwHxE"} \ No newline at end of file +{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/cli/index.js"],"names":[],"mappings":"AAoxBA;;;;;;;;GAQG;AACH,gFAFW,MAAM,SAchB;AAuXD;;;;;;;GAOG;AACH,mCALW,MAAM,qBAiEhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;EAKhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM;;;;EAkBhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAs7BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA0kBhB;AAED;;;;;;;;;;GAUG;AACH,+DAsEC;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA+dhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BA+YhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAqIhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAkEhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBA+KhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBAsHhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,qBAuBhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,8BAqDhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,8BA4ChB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,8BA6FhB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,qBAmUhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBAiJhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BA8LhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BAkahB;AAED;;;;;GAKG;AACH,2CAHW,MAAM;;;;;;;;;;;;;;;;;;;;GAoChB;AAED;;;;;;;;KA+DC;AAED;;;;;;GAMG;AACH,yDAqFC;AAED;;;;;;;;;GASG;AACH,2GA6BC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,EAAE,8BA2hBlB;AAED;;;;;GAKG;AACH,iCAHW,MAAM,8BAgUhB;AAED;;;;;GAKG;AACH,gCAHW,MAAM,qBAiPhB;AAED;;;;;;GAMG;AACH,wDAFY,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,GAAG,SAAS,CAAC,CAwHxE"} \ No newline at end of file From a7893b151088d9ad16a2ea972f4a2262fd85c7d1 Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Thu, 16 Jan 2025 16:54:34 +0000 Subject: [PATCH 4/5] Update nuget version in debian dotnet6 image. Improves troubleshooting messages for dotnet. Signed-off-by: Prabhu Subramanian --- .github/workflows/build-base-images.yml | 6 +++--- ci/base-images/debian/Dockerfile.dotnet8 | 9 ++++++--- ci/base-images/debian/Dockerfile.dotnet9 | 8 +++++--- 3 files changed, 14 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build-base-images.yml b/.github/workflows/build-base-images.yml index e23490682..114e16fbc 100644 --- a/.github/workflows/build-base-images.yml +++ b/.github/workflows/build-base-images.yml @@ -57,7 +57,7 @@ jobs: labels: ${{ steps.meta-bci-lang.outputs.labels }} sle-dotnet-image: - if: github.repository == 'CycloneDX/cdxgen' + if: false runs-on: ubuntu-latest permissions: contents: read @@ -96,7 +96,7 @@ jobs: labels: ${{ steps.meta-bci-dotnet.outputs.labels }} cdxgen-dotnet-image: - if: github.repository == 'CycloneDX/cdxgen' + if: false runs-on: ubuntu-latest needs: sle-dotnet-image permissions: @@ -141,7 +141,7 @@ jobs: with: context: . file: ci/base-images/cdxgen/Dockerfile.dotnet6 - platforms: linux/amd64,linux/arm64 + platforms: linux/amd64 push: true tags: ${{ steps.meta-cdxgen-dotnet.outputs.tags }} labels: ${{ steps.meta-cdxgen-dotnet.outputs.labels }} diff --git a/ci/base-images/debian/Dockerfile.dotnet8 b/ci/base-images/debian/Dockerfile.dotnet8 index 4f7c57ae6..2999ad7db 100644 --- a/ci/base-images/debian/Dockerfile.dotnet8 +++ b/ci/base-images/debian/Dockerfile.dotnet8 @@ -11,7 +11,6 @@ ENV JAVA_VERSION=$JAVA_VERSION \ NUGET_XMLDOC_MODE=skip \ DOTNET_RUNNING_IN_CONTAINER=true \ DOTNET_CLI_TELEMETRY_OPTOUT=1 \ - JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF-8" \ NVM_DIR="/root/.nvm" ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:${JAVA_HOME}/bin:/usr/local/bin:/root/.local/bin: @@ -23,8 +22,12 @@ RUN apt-get update && apt-get install -qq -y --no-install-recommends curl bash b && ./tmp/install.sh && rm /tmp/install.sh \ && node -v \ && npm -v \ - && dotnet --list-sdks \ + && rm -rf /usr/lib/nuget \ && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ && rm -rf /var/lib/apt/lists/* - +COPY ci/base-images/nuget /usr/lib/nuget +RUN mv /usr/lib/nuget/nuget.exe /usr/lib/nuget/NuGet.exe \ + && dotnet --list-sdks \ + && nuget help CMD ["/bin/bash"] + diff --git a/ci/base-images/debian/Dockerfile.dotnet9 b/ci/base-images/debian/Dockerfile.dotnet9 index 9e8ead47d..523b06fda 100644 --- a/ci/base-images/debian/Dockerfile.dotnet9 +++ b/ci/base-images/debian/Dockerfile.dotnet9 @@ -11,7 +11,6 @@ ENV JAVA_VERSION=$JAVA_VERSION \ NUGET_XMLDOC_MODE=skip \ DOTNET_RUNNING_IN_CONTAINER=true \ DOTNET_CLI_TELEMETRY_OPTOUT=1 \ - JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF-8" \ NVM_DIR="/root/.nvm" ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:${JAVA_HOME}/bin:/usr/local/bin:/root/.local/bin: @@ -23,8 +22,11 @@ RUN apt-get update && apt-get install -qq -y --no-install-recommends curl bash b && ./tmp/install.sh && rm /tmp/install.sh \ && node -v \ && npm -v \ - && dotnet --list-sdks \ + && rm -rf /usr/lib/nuget \ && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ && rm -rf /var/lib/apt/lists/* - +COPY ci/base-images/nuget /usr/lib/nuget +RUN mv /usr/lib/nuget/nuget.exe /usr/lib/nuget/NuGet.exe \ + && dotnet --list-sdks \ + && nuget help CMD ["/bin/bash"] From 264f7d75ec899d2935ef736b8d77876a9ddb7caa Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Thu, 16 Jan 2025 17:09:35 +0000 Subject: [PATCH 5/5] Improve messages. Signed-off-by: Prabhu Subramanian --- lib/cli/index.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/cli/index.js b/lib/cli/index.js index ea28974c1..37585fc17 100644 --- a/lib/cli/index.js +++ b/lib/cli/index.js @@ -5494,7 +5494,7 @@ export async function createCsharpBom(path, options) { "This project requires a specific version of dotnet sdk to be installed. The cdxgen container image bundles dotnet SDK 8.0, which might be incompatible.", ); console.log( - "TIP: Try using the custom `ghcr.io/cyclonedx/cdxgen-dotnet6:v11` or `ghcr.io/cyclonedx/cdxgen-dotnet7:v11` container images.", + "TIP: Try using the custom `ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11` or `ghcr.io/cyclonedx/cdxgen-debian-dotnet8:v11` container images.", ); } else if ( result?.stderr?.includes("is not found on source") || @@ -5504,7 +5504,7 @@ export async function createCsharpBom(path, options) { `The project ${f} refers to private packages that are not available on nuget.org!`, ); console.log( - "Tip: Authenticate with any private registries such as Azure Artifacts feed before running cdxgen. Alternatively, commit the contents of the 'packages' folder to the repository.", + "TIP: Authenticate with any private registries such as Azure Artifacts feed before running cdxgen. Alternatively, commit the contents of the 'packages' folder to the repository.", ); } else if (result?.stderr?.includes("but the current NuGet version")) { if (process.env?.CDXGEN_IN_CONTAINER !== "true") { @@ -5525,7 +5525,7 @@ export async function createCsharpBom(path, options) { ); if (process.env?.CDXGEN_IN_CONTAINER !== "true") { console.log( - "Alternatively, try using the custom `ghcr.io/cyclonedx/cdxgen-dotnet6:v11` container image, which bundles nuget (mono) and a range of dotnet SDKs.", + "Alternatively, try using the custom `ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11` container image, which bundles nuget (mono) and a range of dotnet SDKs.", ); } }