App-CPAN-SBOM
view release on metacpan or search on metacpan
lib/App/CPAN/SBOM.pm view on Meta::CPAN
url => "https://nvd.nist.gov/vuln/detail/$cve"
),
affects => [SBOM::CycloneDX::Vulnerability::Affect->new(ref => $bom_ref)],
ratings => [SBOM::CycloneDX::Vulnerability::Rating->new(severity => $severity)]
);
$bom->vulnerabilities->add($vulnerability);
}
}
}
sub submit_bom {
my (%params) = @_;
my $bom = $params{bom};
my $options = $params{options} || {};
$options->{'server-url'} //= $ENV{DTRACK_URL};
$options->{'api-key'} //= $ENV{DTRACK_API_KEY};
$options->{'project-id'} //= $ENV{DTRACK_PROJECT_ID};
$options->{'project-name'} //= $ENV{DTRACK_PROJECT_NAME};
$options->{'project-version'} //= $ENV{DTRACK_PROJECT_VERSION};
$options->{'parent-project-id'} //= $ENV{DTRACK_PARENT_PROJECT_ID};
$options->{'skip-tls-check'} //= $ENV{DTRACK_SKIP_TLS_CHECK};
my $server_url = $options->{'server-url'};
my $project_directory = File::Spec->rel2abs($options->{'project-directory'});
my $project_name = $options->{'project-name'} || basename($project_directory);
my $project_version = $options->{'project-version'} || 'main';
my $bom_string = $bom->to_string;
$server_url =~ s/\/$//;
$server_url .= '/api/v1/bom';
my $bom_payload = {autoCreate => 'true', bom => encode_base64($bom_string, '')};
if (defined $options->{'project-id'}) {
$bom_payload->{project} = $options->{'project-id'};
}
unless (defined $options->{'project-id'}) {
if ($project_name) {
$bom_payload->{projectName} = $project_name;
}
if ($project_version) {
$bom_payload->{projectVersion} = $project_version;
}
}
if (defined $options->{'parent-project-id'}) {
$bom_payload->{parentUUID} = $options->{'parent-project-id'};
}
my $verify_ssl = (defined $options->{'skip-tls-check'}) ? 0 : 1;
my $ua = HTTP::Tiny->new(
verify_SSL => $verify_ssl,
default_headers => {'Content-Type' => 'application/json', 'X-Api-Key' => $options->{'api-key'}}
);
say STDERR "Upload BOM in OSWASP Dependency Track ($server_url)";
my $response = $ua->put($server_url, {content => encode_json($bom_payload)});
DEBUG and say STDERR "-- Response <-- " . Dumper($response);
unless ($response->{success}) {
return cli_error(sprintf(
'Failed to upload BOM file to OWASP Dependency Track: (%s) %s - %s',
$response->{status}, $response->{reason}, $response->{content}
));
}
}
1;
__END__
=encoding utf-8
=head1 NAME
App::CPAN::SBOM - CPAN SBOM (Software Bill of Materials) generator
=head1 SYNOPSIS
use App::CPAN::SBOM qw(run);
run(\@ARGV);
=head1 DESCRIPTION
L<App::CPAN::SBOM> is a "Command Line Interface" helper module for C<cpan-sbom(1)> command.
=head2 METHODS
=over
=item App::CPAN::SBOM->run(@args)
=back
Execute the command
=head1 SUPPORT
=head2 Bugs / Feature Requests
Please report any bugs or feature requests through the issue tracker
at L<https://github.com/giterlizzi/perl-App-CPAN-SBOM/issues>.
You will be notified automatically of any progress on your issue.
=head2 Source Code
This is open source software. The code repository is available for
public review and contribution under the terms of the license.
( run in 0.658 second using v1.01-cache-2.11-cpan-600a1bdf6e4 )