From 5328a66ddff9ebec404f652a58fdd9d922d8ea1d Mon Sep 17 00:00:00 2001 From: prabhu Date: Sat, 8 Jun 2024 20:57:53 +0100 Subject: [PATCH] Adds donation message to CI invocations (#1154) * Adds donation message to CI invocations Signed-off-by: Prabhu Subramanian * Fix tests Signed-off-by: Prabhu Subramanian --------- Signed-off-by: Prabhu Subramanian --- .github/workflows/dockertests.yml | 2 ++ .github/workflows/repotests.yml | 2 ++ bin/cdxgen.js | 9 +++++++++ display.js | 22 ++++++++++++++++++++++ types/display.d.ts | 1 + types/display.d.ts.map | 2 +- 6 files changed, 37 insertions(+), 1 deletion(-) diff --git a/.github/workflows/dockertests.yml b/.github/workflows/dockertests.yml index b5dca96a2..139add9a0 100644 --- a/.github/workflows/dockertests.yml +++ b/.github/workflows/dockertests.yml @@ -72,6 +72,7 @@ jobs: docker rmi zookeeper@sha256:5bf00616677db5ef57d8a2da7c5dadf67f1a6be54b0c33a79be3332c9c80aeb6 docker pull shiftleft/scan-slim:latest docker save -o /tmp/scanslim.tar shiftleft/scan-slim:latest + docker rmi shiftleft/scan-slim:latest bin/cdxgen.js /tmp/scanslim.tar -o bomresults/bom-scanarch.json --validate bin/cdxgen.js -t docker-compose test/data -o bomresults/bom-dc.json --validate bin/cdxgen.js -t operator repotests/grafana-operator -o bomresults/bom-op.json --validate @@ -120,6 +121,7 @@ jobs: echo "Test docker container image using a `.tar` file" docker pull elasticsearch@sha256:3686a5757ed46c9dbcf00f6f71fce48ffc5413b193a80d1c46a21e7aad4c53ad docker save -o /tmp/elastic.tar elasticsearch@sha256:3686a5757ed46c9dbcf00f6f71fce48ffc5413b193a80d1c46a21e7aad4c53ad + docker rmi elasticsearch@sha256:3686a5757ed46c9dbcf00f6f71fce48ffc5413b193a80d1c46a21e7aad4c53ad bin/cdxgen.js /tmp/elastic.tar -t docker -o bomresults/bom-elastic.tar.json --validate ls -ltr bomresults diff --git a/.github/workflows/repotests.yml b/.github/workflows/repotests.yml index 35e8a2263..ef921f7ba 100644 --- a/.github/workflows/repotests.yml +++ b/.github/workflows/repotests.yml @@ -423,12 +423,14 @@ jobs: shell: bash - name: denotests run: | + rm -rf node_modules deno info bin/cdxgen.js deno info bin/evinse.js deno run --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,homedir --allow-write --allow-net bin/cdxgen.js -p -t java repotests/java-sec-code -o bomresults/bom-java-sec-code-deno.json --deep deno run --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,homedir --allow-write --allow-net bin/cdxgen.js -p -t python repotests/django-DefectDojo -o bomresults/django-DefectDojo-deno.json --deep env: FETCH_LICENSE: true + shell: bash - uses: actions/upload-artifact@v4 if: github.ref == 'refs/heads/master' && matrix.os == 'ubuntu-latest' with: diff --git a/bin/cdxgen.js b/bin/cdxgen.js index 0a4f86095..8b50d2f0d 100755 --- a/bin/cdxgen.js +++ b/bin/cdxgen.js @@ -16,6 +16,7 @@ import { printOccurrences, printReachables, printServices, + printSponsorBanner, printTable, } from "../display.js"; import { createBom, submitBom } from "../index.js"; @@ -258,6 +259,12 @@ const args = yargs(hideBin(process.argv)) "ssaf-DRAFT-2023-11", ], }) + .option("no-banner", { + type: "boolean", + default: false, + description: + "Do not show the donation banner. Set this attribute if you are an active sponsor for OWASP CycloneDX.", + }) .completion("completion", "Generate bash/zsh completion") .array("filter") .array("only") @@ -446,6 +453,8 @@ const checkPermissions = (filePath) => { * Method to start the bom creation process */ (async () => { + // Display the sponsor banner + printSponsorBanner(options); // Start SBOM server if (options.server) { const serverModule = await import("../server.js"); diff --git a/display.js b/display.js index c3e2c8347..16cd22ad6 100644 --- a/display.js +++ b/display.js @@ -368,3 +368,25 @@ export function printVulnerabilities(vulnerabilities) { } console.log(`${vulnerabilities.length} vulnerabilities found.`); } + +export function printSponsorBanner(options) { + if ( + process?.env?.CI && + !options.noBanner && + !process.env?.GITHUB_REPOSITORY?.toLowerCase().startsWith("cyclonedx") + ) { + const config = { + header: { + alignment: "center", + content: "\u00A4 Donate to the OWASP Foundation", + }, + }; + let message = + "OWASP foundation relies on donations to fund our projects.\nDonation link: https://owasp.org/donate/?reponame=www-project-cyclonedx&title=OWASP+CycloneDX"; + if (options.serverUrl && options.apiKey) { + message = `${message}\nDependency Track: https://owasp.org/donate/?reponame=www-project-dependency-track&title=OWASP+Dependency-Track`; + } + const data = [[message]]; + console.log(table(data, config)); + } +} diff --git a/types/display.d.ts b/types/display.d.ts index 463d2da3a..3a841fc63 100644 --- a/types/display.d.ts +++ b/types/display.d.ts @@ -1,4 +1,5 @@ export function printVulnerabilities(vulnerabilities: any): void; +export function printSponsorBanner(options: any): void; export function printTable(bomJson: any, filterTypes?: any): void; export function printOSTable(bomJson: any): void; export function printServices(bomJson: any): void; diff --git a/types/display.d.ts.map b/types/display.d.ts.map index d5235c4c5..ec7fa9aa0 100644 --- a/types/display.d.ts.map +++ b/types/display.d.ts.map @@ -1 +1 @@ -{"version":3,"file":"display.d.ts","sourceRoot":"","sources":["../display.js"],"names":[],"mappings":"AAuVA,iEA0BC;AAnWM,kEA+DN;AAQM,iDAkBN;AACM,kDAsBN;AAeM,qDA4BN;AACM,mDA8CN;AACM,uEAiCN;AA4DM,2DA+BN"} \ No newline at end of file +{"version":3,"file":"display.d.ts","sourceRoot":"","sources":["../display.js"],"names":[],"mappings":"AAuVA,iEA0BC;AAED,uDAoBC;AAzXM,kEA+DN;AAQM,iDAkBN;AACM,kDAsBN;AAeM,qDA4BN;AACM,mDA8CN;AACM,uEAiCN;AA4DM,2DA+BN"} \ No newline at end of file