App-CPAN-SBOM

 view release on metacpan or  search on metacpan

lib/App/CPAN/SBOM.pm  view on Meta::CPAN

                    url  => "https://nvd.nist.gov/vuln/detail/$cve"
                ),
                affects => [SBOM::CycloneDX::Vulnerability::Affect->new(ref      => $bom_ref)],
                ratings => [SBOM::CycloneDX::Vulnerability::Rating->new(severity => $severity)]
            );

            $bom->vulnerabilities->add($vulnerability);
        }
    }

}

sub submit_bom {

    my (%params) = @_;

    my $bom     = $params{bom};
    my $options = $params{options} || {};

    $options->{'server-url'}        //= $ENV{DTRACK_URL};
    $options->{'api-key'}           //= $ENV{DTRACK_API_KEY};
    $options->{'project-id'}        //= $ENV{DTRACK_PROJECT_ID};
    $options->{'project-name'}      //= $ENV{DTRACK_PROJECT_NAME};
    $options->{'project-version'}   //= $ENV{DTRACK_PROJECT_VERSION};
    $options->{'parent-project-id'} //= $ENV{DTRACK_PARENT_PROJECT_ID};
    $options->{'skip-tls-check'}    //= $ENV{DTRACK_SKIP_TLS_CHECK};

    my $server_url = $options->{'server-url'};

    my $project_directory = File::Spec->rel2abs($options->{'project-directory'});
    my $project_name      = $options->{'project-name'}    || basename($project_directory);
    my $project_version   = $options->{'project-version'} || 'main';

    my $bom_string = $bom->to_string;

    $server_url =~ s/\/$//;
    $server_url .= '/api/v1/bom';

    my $bom_payload = {autoCreate => 'true', bom => encode_base64($bom_string, '')};

    if (defined $options->{'project-id'}) {
        $bom_payload->{project} = $options->{'project-id'};
    }

    unless (defined $options->{'project-id'}) {

        if ($project_name) {
            $bom_payload->{projectName} = $project_name;
        }

        if ($project_version) {
            $bom_payload->{projectVersion} = $project_version;
        }

    }

    if (defined $options->{'parent-project-id'}) {
        $bom_payload->{parentUUID} = $options->{'parent-project-id'};
    }

    my $verify_ssl = (defined $options->{'skip-tls-check'}) ? 0 : 1;

    my $ua = HTTP::Tiny->new(
        verify_SSL      => $verify_ssl,
        default_headers => {'Content-Type' => 'application/json', 'X-Api-Key' => $options->{'api-key'}}
    );

    say STDERR "Upload BOM in OSWASP Dependency Track ($server_url)";

    my $response = $ua->put($server_url, {content => encode_json($bom_payload)});

    DEBUG and say STDERR "-- Response <-- " . Dumper($response);

    unless ($response->{success}) {
        return cli_error(sprintf(
            'Failed to upload BOM file to OWASP Dependency Track: (%s) %s - %s',
            $response->{status}, $response->{reason}, $response->{content}
        ));
    }

}

1;

__END__

=encoding utf-8

=head1 NAME

App::CPAN::SBOM - CPAN SBOM (Software Bill of Materials) generator

=head1 SYNOPSIS

    use App::CPAN::SBOM qw(run);

    run(\@ARGV);

=head1 DESCRIPTION

L<App::CPAN::SBOM> is a "Command Line Interface" helper module for C<cpan-sbom(1)> command.

=head2 METHODS

=over

=item App::CPAN::SBOM->run(@args)

=back

Execute the command

=head1 SUPPORT

=head2 Bugs / Feature Requests

Please report any bugs or feature requests through the issue tracker
at L<https://github.com/giterlizzi/perl-App-CPAN-SBOM/issues>.
You will be notified automatically of any progress on your issue.

=head2 Source Code

This is open source software.  The code repository is available for
public review and contribution under the terms of the license.



( run in 0.658 second using v1.01-cache-2.11-cpan-600a1bdf6e4 )