项目作者: philips-software

项目描述 :
Convert Tool Output to Reference Output
高级语言: Rust
项目地址: git://github.com/philips-software/ct2r.git
创建时间: 2019-10-25T13:44:25Z
项目社区:https://github.com/philips-software/ct2r

开源协议:MIT License

下载


Build Status
Slack

ct2r - Convert Tool Output to Reference Output

Note: :warning: If you’re interested in Software Bill of Materials, you might also look into Bompare

Purpose

We’re using several tools to get more insight into the Bill Of Material of applications. All tools and languages have different ways to report these lists with dependencies, licenses and vulnerabilities. In order to compare tools with each other, we need a way to convert the output to a reference output. See reference output section about what is our reference output.
This repository converts outputs from various tools.

Supported tools

  • 1 Manual generated JSON from package managers (f.e. gradle)
  • 2 Blackduck
  • 3 Jfrog Xray
  • 4 Whitesource
  • 5 FOSSA
  • 6 Snyk

Prerequisite

Install Rust and Cargo

  1. curl https://sh.rustup.rs -sSf | sh

Usage

Release version

Build a release version of the scripts.

  1. cargo build --release

Run a script with a test file.

An example with the JFrog Xray license export results json file.

  1. ./target/release/ct2r xray Build_js-react-app-443222_License_Export.json output.json

An example with the gradle license export results json file.

  1. ./target/release/ct2r gradle raw-dependencies.json output.json

Generate json from packagemanager gradle

  1. buildscript {
  2. repositories {
  3. maven {
  4. url 'https://plugins.gradle.org/m2/'
  5. }
  6. }
  7. dependencies {
  8. classpath 'com.github.jk1:gradle-license-report:1.11'
  9. }
  10. }
  11. apply plugin: 'com.github.jk1.dependency-license-report'
  12. import com.github.jk1.license.render.*
  13. licenseReport {
  14. renderers = [new JsonReportRenderer()]
  15. }

Run:

  1. ./gradlew generateLicenseReport

Debug version

  1. cargo run <tool> <input.json> <output.json>

Tool can be: xray or gradle.

Run tests

  1. cargo test

Docker version

Run tool from docker image:

  1. docker run --rm -v (pwd):/data philipssoftware/ct2r gradle /data/index.json /data/output.json

Reference Output

The output is saved in a file: output.json
It’s format is aligned with the reference output found in tools like: npm dependencies extractor

  1. [
  2. { name’: dependencyName_A’, version’: 0.0.1’},
  3. { name’: dependencyName_B’, version’: 2.0.0’},
  4. { name’: dependencyName_B’, version’: 2.0.1’}
  5. ]

Author

Jeroen Knoops

Future Features

  • Complement the output of one tool with the other.