Adds donation message to CI invocations (CycloneDX#1154)

* Adds donation message to CI invocations Signed-off-by: Prabhu Subramanian <[email protected]> * Fix tests Signed-off-by: Prabhu Subramanian <[email protected]> --------- Signed-off-by: Prabhu Subramanian <[email protected]>
timmyteo · Jun 8, 2024 · 5328a66 · 5328a66
1 parent d3d0cfe
commit 5328a66
Show file tree

Hide file tree

Showing 6 changed files with 37 additions and 1 deletion.
diff --git a/.github/workflows/dockertests.yml b/.github/workflows/dockertests.yml
@@ -72,6 +72,7 @@ jobs:
           docker rmi zookeeper@sha256:5bf00616677db5ef57d8a2da7c5dadf67f1a6be54b0c33a79be3332c9c80aeb6
           docker pull shiftleft/scan-slim:latest
           docker save -o /tmp/scanslim.tar shiftleft/scan-slim:latest
+          docker rmi shiftleft/scan-slim:latest
           bin/cdxgen.js /tmp/scanslim.tar -o bomresults/bom-scanarch.json --validate
           bin/cdxgen.js -t docker-compose test/data -o bomresults/bom-dc.json --validate
           bin/cdxgen.js -t operator repotests/grafana-operator -o bomresults/bom-op.json --validate
@@ -120,6 +121,7 @@ jobs:
           echo "Test docker container image using a `.tar` file"
           docker pull elasticsearch@sha256:3686a5757ed46c9dbcf00f6f71fce48ffc5413b193a80d1c46a21e7aad4c53ad
           docker save -o /tmp/elastic.tar elasticsearch@sha256:3686a5757ed46c9dbcf00f6f71fce48ffc5413b193a80d1c46a21e7aad4c53ad
+          docker rmi elasticsearch@sha256:3686a5757ed46c9dbcf00f6f71fce48ffc5413b193a80d1c46a21e7aad4c53ad
           bin/cdxgen.js /tmp/elastic.tar -t docker -o bomresults/bom-elastic.tar.json --validate
           ls -ltr bomresults
 

diff --git a/.github/workflows/repotests.yml b/.github/workflows/repotests.yml
@@ -423,12 +423,14 @@ jobs:
         shell: bash
       - name: denotests
         run: |
+          rm -rf node_modules
           deno info bin/cdxgen.js
           deno info bin/evinse.js
           deno run --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,homedir --allow-write --allow-net bin/cdxgen.js -p -t java repotests/java-sec-code -o bomresults/bom-java-sec-code-deno.json --deep
           deno run --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,homedir --allow-write --allow-net bin/cdxgen.js -p -t python repotests/django-DefectDojo -o bomresults/django-DefectDojo-deno.json --deep
         env:
           FETCH_LICENSE: true
+        shell: bash
       - uses: actions/upload-artifact@v4
         if: github.ref == 'refs/heads/master' && matrix.os == 'ubuntu-latest'
         with:

diff --git a/bin/cdxgen.js b/bin/cdxgen.js
@@ -16,6 +16,7 @@ import {
   printOccurrences,
   printReachables,
   printServices,
+  printSponsorBanner,
   printTable,
 } from "../display.js";
 import { createBom, submitBom } from "../index.js";
@@ -258,6 +259,12 @@ const args = yargs(hideBin(process.argv))
       "ssaf-DRAFT-2023-11",
     ],
   })
+  .option("no-banner", {
+    type: "boolean",
+    default: false,
+    description:
+      "Do not show the donation banner. Set this attribute if you are an active sponsor for OWASP CycloneDX.",
+  })
   .completion("completion", "Generate bash/zsh completion")
   .array("filter")
   .array("only")
@@ -446,6 +453,8 @@ const checkPermissions = (filePath) => {
  * Method to start the bom creation process
  */
 (async () => {
+  // Display the sponsor banner
+  printSponsorBanner(options);
   // Start SBOM server
   if (options.server) {
     const serverModule = await import("../server.js");

diff --git a/display.js b/display.js
@@ -368,3 +368,25 @@ export function printVulnerabilities(vulnerabilities) {
   }
   console.log(`${vulnerabilities.length} vulnerabilities found.`);
 }
+
+export function printSponsorBanner(options) {
+  if (
+    process?.env?.CI &&
+    !options.noBanner &&
+    !process.env?.GITHUB_REPOSITORY?.toLowerCase().startsWith("cyclonedx")
+  ) {
+    const config = {
+      header: {
+        alignment: "center",
+        content: "\u00A4 Donate to the OWASP Foundation",
+      },
+    };
+    let message =
+      "OWASP foundation relies on donations to fund our projects.\nDonation link: https://owasp.org/donate/?reponame=www-project-cyclonedx&title=OWASP+CycloneDX";
+    if (options.serverUrl && options.apiKey) {
+      message = `${message}\nDependency Track: https://owasp.org/donate/?reponame=www-project-dependency-track&title=OWASP+Dependency-Track`;
+    }
+    const data = [[message]];
+    console.log(table(data, config));
+  }
+}
diff --git a/types/display.d.ts b/types/display.d.ts
@@ -1,4 +1,5 @@
 export function printVulnerabilities(vulnerabilities: any): void;
+export function printSponsorBanner(options: any): void;
 export function printTable(bomJson: any, filterTypes?: any): void;
 export function printOSTable(bomJson: any): void;
 export function printServices(bomJson: any): void;

diff --git a/types/display.d.ts.map b/types/display.d.ts.map