Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expand optional tree #1523

Merged
merged 4 commits into from
Dec 31, 2024
Merged

Expand optional tree #1523

merged 4 commits into from
Dec 31, 2024

Conversation

prabhu
Copy link
Collaborator

@prabhu prabhu commented Dec 30, 2024

When a direct optional dependency had more optional child dependencies, cdxgen was simplifying the tree and grouping all of the optional ones together. With this PR, the optional trees are retained correctly.

Attached is the sbom for NodeGoat. check the tree for request and zaproxy.

bom-full.json

{
            "ref": "pkg:npm/request@2.36.0",
            "dependsOn": [
                "pkg:npm/aws-sign2@0.5.0",
                "pkg:npm/forever-agent@0.5.2",
                "pkg:npm/form-data@0.1.4",
                "pkg:npm/hawk@1.0.0",
                "pkg:npm/http-signature@0.10.1",
                "pkg:npm/json-stringify-safe@5.0.1",
                "pkg:npm/mime@1.2.11",
                "pkg:npm/node-uuid@1.4.8",
                "pkg:npm/oauth-sign@0.3.0",
                "pkg:npm/qs@0.6.6",
                "pkg:npm/tough-cookie@2.3.4",
                "pkg:npm/tunnel-agent@0.4.3"
            ]
        },
        {
            "ref": "pkg:npm/zaproxy@0.2.0",
            "dependsOn": [
                "pkg:npm/lodash@2.4.2",
                "pkg:npm/request@2.36.0"
            ]
        },

@prabhu
Expand optional tree
0d22d67 
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
@prabhu
Collect more properties
f5261cb 
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
@prabhu
Bump version
d25cf5a 
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
@prabhu
More juice-shop edge cases
3ebac9c 
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
@prabhu
Copy link
Collaborator Author

prabhu commented Dec 30, 2024

Example sbom in deep mode for NodeGoat.

bom.json

@prabhu prabhu merged commit b2b77f8 into master Dec 31, 2024
22 checks passed
@prabhu prabhu deleted the feature/npm-optional-tree-expand branch December 31, 2024 07:37
@Bnaya
Copy link

Bnaya commented Dec 31, 2024

Is available to use?

Thanks!

@prabhu
Copy link
Collaborator Author

prabhu commented Dec 31, 2024

Will release 11.0.9 and let you know.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
lang:node possibly breaking Ready for QA sponsored
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@prabhu @Bnaya