App-CPAN-SBOM
view release on metacpan or search on metacpan
--project-name NAME Project name (default: project directory name)
--project-version VERSION Project version
--project-author STRING Project author(s)
--project-license SPDX-LICENSE Project SPDX license
--project-description TEXT Project description
--maxdepth=NUM Max depth (default: 1)
--vulnerabilities Include Module/Distribution vulnerabilities
--no-vulnerabilities
--validate Validate the generated SBOM using JSON Schema (default: true)
--no-validate
--list-spdx-licenses List SPDX licenses
--debug Enable debug messages
--help Brief help message
--man Full documentation
-v, --version Print version
OWASP Dependency Track options:
bin/cpan-sbom view on Meta::CPAN
--project-name NAME Project name (default: project directory name)
--project-version VERSION Project version
--project-author STRING Project author(s)
--project-license SPDX-LICENSE Project SPDX license
--project-description TEXT Project description
--maxdepth=NUM Max depth (default: 1)
--vulnerabilities Include Module/Distribution vulnerabilities
--no-vulnerabilities
--validate Validate the generated SBOM using JSON Schema (default: true)
--no-validate
--list-spdx-licenses List SPDX licenses
--cyclonedx-spec-version VERSION CycloneDX Specification version to use (default: 1.5)
--debug Enable debug messages
--help Brief help message
--man Full documentation
-v, --version Print version
lib/App/CPAN/SBOM.pm view on Meta::CPAN
debug|d
output|o=s
meta=s
distribution=s
maxdepth=i
vulnerabilities!
validate!
project-meta=s
project-type=s
project-author=s@
project-description=s
project-directory=s
project-license=s
project-name=s
project-version=s
lib/App/CPAN/SBOM.pm view on Meta::CPAN
if ($options{'list-spdx-licenses'}) {
say $_ for (sort @{SBOM::CycloneDX::Enum->SPDX_LICENSES});
return 0;
}
unless ($options{distribution} || $options{'project-meta'} || $options{'project-directory'}) {
pod2usage(-exitstatus => 0, -verbose => 0);
}
$options{maxdepth} //= 1;
$options{validate} //= 1;
if (defined $options{debug}) {
$ENV{SBOM_DEBUG} = 1;
}
my $bom = SBOM::CycloneDX->new;
my $spec_version = '1.6';
if (defined $options{'cyclonedx-spec-version'}) {
lib/App/CPAN/SBOM.pm view on Meta::CPAN
$bom->metadata->tools->push(cyclonedx_tool());
my $output_file = $options{output} // 'bom.json';
say STDERR "Save SBOM to $output_file";
open my $fh, '>', $output_file or Carp::croak "Failed to open file: $!";
say $fh $bom->to_string;
close $fh;
if ($options{validate}) {
my @errors = $bom->validate;
say STDERR $_ foreach (@errors);
}
if (defined $options{'server-url'} && defined $options{'api-key'}) {
submit_bom(bom => $bom, options => \%options);
}
}
sub show_version {
lib/App/CPAN/SBOM.pm view on Meta::CPAN
my $metadata = $dist_data->metadata;
my @authors = make_authors($metadata->{author});
my $purl = URI::PackageURL->new(
type => 'cpan',
name => $dist_data->distribution,
version => $dist_data->version,
qualifiers => {author => $dist_data->author},
validate => 0
);
my @external_references = make_external_references($dist_data->metadata->{resources});
my $license_name = join ' AND ', @{$metadata->{license}};
my $license_id = cpan_meta_to_spdx_license($license_name) || 'NONE';
my $license_info = ($license_id ne 'NONE') ? {id => $license_id} : {name => $license_name};
my $bom_license = SBOM::CycloneDX::License->new($license_info);
lib/App/CPAN/SBOM.pm view on Meta::CPAN
my $license_id = cpan_meta_to_spdx_license($license_name) || 'NONE';
my $license = ($license_id ne 'NONE') ? {id => $license_id} : {name => $license_name};
my $bom_license = SBOM::CycloneDX::License->new($license);
my $purl = URI::PackageURL->new(
type => 'cpan',
name => $distribution,
version => $version,
qualifiers => {author => $author},
validate => 0
);
my @ext_refs = make_external_references($dist_data->metadata->{resources});
my $hashes = SBOM::CycloneDX::List->new;
if (my $checksum = $dist_data->checksum_sha256) {
$hashes->add(SBOM::CycloneDX::Hash->new(alg => 'SHA-256', content => $checksum));
}
( run in 1.618 second using v1.01-cache-2.11-cpan-0bb4e1dffa6 )