Skip to content

Commit 1d2ae8d

Browse files
tsmxtsmx
committed
SBOM generation moved to script section
1 parent a5124c8 commit 1d2ae8d

File tree

3 files changed

+306
-23
lines changed

3 files changed

+306
-23
lines changed

.github/workflows/sbom-creation.yml

Lines changed: 0 additions & 22 deletions
This file was deleted.

package.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,8 @@
99
},
1010
"scripts": {
1111
"test": "jest",
12-
"test-coverage": "jest --coverage"
12+
"test-coverage": "jest --coverage",
13+
"sbom": "npx @cyclonedx/cyclonedx-npm --omit dev -o ./sbom/secure-config-sbom.json"
1314
},
1415
"repository": {
1516
"type": "git",

sbom/secure-config-sbom.json

Lines changed: 304 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,304 @@
1+
{
2+
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
3+
"bomFormat": "CycloneDX",
4+
"specVersion": "1.6",
5+
"version": 1,
6+
"serialNumber": "urn:uuid:f1e1a6ee-d8ed-4015-9c9d-c270886045b9",
7+
"metadata": {
8+
"timestamp": "2025-06-09T19:47:21.073Z",
9+
"tools": {
10+
"components": [
11+
{
12+
"type": "application",
13+
"name": "npm",
14+
"version": "10.9.2"
15+
},
16+
{
17+
"type": "application",
18+
"name": "cyclonedx-npm",
19+
"group": "@cyclonedx",
20+
"version": "3.0.0",
21+
"author": "Jan Kowalleck",
22+
"description": "Create CycloneDX Software Bill of Materials (SBOM) from NPM projects.",
23+
"licenses": [
24+
{
25+
"license": {
26+
"id": "Apache-2.0"
27+
}
28+
}
29+
],
30+
"externalReferences": [
31+
{
32+
"url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
33+
"type": "vcs",
34+
"comment": "as detected from PackageJson property \"repository.url\""
35+
},
36+
{
37+
"url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
38+
"type": "website",
39+
"comment": "as detected from PackageJson property \"homepage\""
40+
},
41+
{
42+
"url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
43+
"type": "issue-tracker",
44+
"comment": "as detected from PackageJson property \"bugs.url\""
45+
}
46+
]
47+
},
48+
{
49+
"type": "library",
50+
"name": "cyclonedx-library",
51+
"group": "@cyclonedx",
52+
"version": "8.3.0",
53+
"author": "Jan Kowalleck",
54+
"description": "Core functionality of CycloneDX for JavaScript (Node.js or WebBrowser).",
55+
"licenses": [
56+
{
57+
"license": {
58+
"id": "Apache-2.0"
59+
}
60+
}
61+
],
62+
"externalReferences": [
63+
{
64+
"url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
65+
"type": "vcs",
66+
"comment": "as detected from PackageJson property \"repository.url\""
67+
},
68+
{
69+
"url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
70+
"type": "website",
71+
"comment": "as detected from PackageJson property \"homepage\""
72+
},
73+
{
74+
"url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
75+
"type": "issue-tracker",
76+
"comment": "as detected from PackageJson property \"bugs.url\""
77+
}
78+
]
79+
}
80+
]
81+
},
82+
"component": {
83+
"type": "application",
84+
"name": "secure-config",
85+
"group": "@tsmx",
86+
"version": "2.3.0",
87+
"bom-ref": "@tsmx/secure-config@2.3.0",
88+
"author": "tsmx",
89+
"description": "Easy and secure configuration management. JSON based encrypted secrets, optional HMAC validation.",
90+
"licenses": [
91+
{
92+
"license": {
93+
"id": "MIT",
94+
"acknowledgement": "declared"
95+
}
96+
}
97+
],
98+
"purl": "pkg:npm/%40tsmx/secure-config@2.3.0?vcs_url=git%2Bhttps%3A%2F%2Fgithub.com%2Ftsmx%2Fsecure-config.git",
99+
"externalReferences": [
100+
{
101+
"url": "git+https://github.com/tsmx/secure-config.git",
102+
"type": "vcs",
103+
"comment": "as detected from PackageJson property \"repository.url\""
104+
},
105+
{
106+
"url": "https://tsmx.net/secure-config/",
107+
"type": "website",
108+
"comment": "as detected from PackageJson property \"homepage\""
109+
},
110+
{
111+
"url": "https://github.com/tsmx/secure-config/issues",
112+
"type": "issue-tracker",
113+
"comment": "as detected from PackageJson property \"bugs.url\""
114+
}
115+
],
116+
"properties": [
117+
{
118+
"name": "cdx:npm:package:path",
119+
"value": ""
120+
}
121+
]
122+
}
123+
},
124+
"components": [
125+
{
126+
"type": "library",
127+
"name": "json-traverse",
128+
"group": "@tsmx",
129+
"version": "1.0.8",
130+
"bom-ref": "@tsmx/json-traverse@1.0.8",
131+
"author": "tsmx",
132+
"description": "Traverse and manipulate JSON objects.",
133+
"licenses": [
134+
{
135+
"license": {
136+
"id": "MIT",
137+
"acknowledgement": "declared"
138+
}
139+
}
140+
],
141+
"purl": "pkg:npm/%40tsmx/json-traverse@1.0.8",
142+
"externalReferences": [
143+
{
144+
"url": "git+https://github.com/tsmx/json-traverse.git",
145+
"type": "vcs",
146+
"comment": "as detected from PackageJson property \"repository.url\""
147+
},
148+
{
149+
"url": "https://github.com/tsmx/json-traverse#readme",
150+
"type": "website",
151+
"comment": "as detected from PackageJson property \"homepage\""
152+
},
153+
{
154+
"url": "https://github.com/tsmx/json-traverse/issues",
155+
"type": "issue-tracker",
156+
"comment": "as detected from PackageJson property \"bugs.url\""
157+
},
158+
{
159+
"url": "https://registry.npmjs.org/@tsmx/json-traverse/-/json-traverse-1.0.8.tgz",
160+
"type": "distribution",
161+
"hashes": [
162+
{
163+
"alg": "SHA-512",
164+
"content": "addb6af81cd27d15eb02dcf7c4e7c139ae9d73dcb0b310c18d16e84ebaff5d759e61e57bf84477ac2aab122560ba904fbb901482f6d897139c1ffce7d648da8a"
165+
}
166+
],
167+
"comment": "as detected from npm-ls property \"resolved\" and property \"integrity\""
168+
}
169+
],
170+
"properties": [
171+
{
172+
"name": "cdx:npm:package:path",
173+
"value": "node_modules/@tsmx/json-traverse"
174+
}
175+
]
176+
},
177+
{
178+
"type": "library",
179+
"name": "object-hmac",
180+
"group": "@tsmx",
181+
"version": "1.1.5",
182+
"bom-ref": "@tsmx/object-hmac@1.1.5",
183+
"author": "tsmx",
184+
"description": "Create and verify HMAC's for JSON objects",
185+
"licenses": [
186+
{
187+
"license": {
188+
"id": "MIT",
189+
"acknowledgement": "declared"
190+
}
191+
}
192+
],
193+
"purl": "pkg:npm/%40tsmx/object-hmac@1.1.5",
194+
"externalReferences": [
195+
{
196+
"url": "git+https://github.com/tsmx/object-hmac.git",
197+
"type": "vcs",
198+
"comment": "as detected from PackageJson property \"repository.url\""
199+
},
200+
{
201+
"url": "https://github.com/tsmx/object-hmac#readme",
202+
"type": "website",
203+
"comment": "as detected from PackageJson property \"homepage\""
204+
},
205+
{
206+
"url": "https://github.com/tsmx/object-hmac/issues",
207+
"type": "issue-tracker",
208+
"comment": "as detected from PackageJson property \"bugs.url\""
209+
},
210+
{
211+
"url": "https://registry.npmjs.org/@tsmx/object-hmac/-/object-hmac-1.1.5.tgz",
212+
"type": "distribution",
213+
"hashes": [
214+
{
215+
"alg": "SHA-512",
216+
"content": "ed8fe65dfb66177df5662e2a4cc56f5c612dcb4212302a621e8599c6af083356ad2ea221b71af6d1019c9ae5526da1856767b0a7f4cfb06ed99d70846c028075"
217+
}
218+
],
219+
"comment": "as detected from npm-ls property \"resolved\" and property \"integrity\""
220+
}
221+
],
222+
"properties": [
223+
{
224+
"name": "cdx:npm:package:path",
225+
"value": "node_modules/@tsmx/object-hmac"
226+
}
227+
]
228+
},
229+
{
230+
"type": "library",
231+
"name": "string-crypto",
232+
"group": "@tsmx",
233+
"version": "1.0.6",
234+
"bom-ref": "@tsmx/string-crypto@1.0.6",
235+
"author": "tsmx",
236+
"description": "Encrypt and decrypt strings.",
237+
"licenses": [
238+
{
239+
"license": {
240+
"id": "MIT",
241+
"acknowledgement": "declared"
242+
}
243+
}
244+
],
245+
"purl": "pkg:npm/%40tsmx/string-crypto@1.0.6",
246+
"externalReferences": [
247+
{
248+
"url": "git+https://github.com/tsmx/string-crypto.git",
249+
"type": "vcs",
250+
"comment": "as detected from PackageJson property \"repository.url\""
251+
},
252+
{
253+
"url": "https://github.com/tsmx/string-crypto#readme",
254+
"type": "website",
255+
"comment": "as detected from PackageJson property \"homepage\""
256+
},
257+
{
258+
"url": "https://github.com/tsmx/string-crypto/issues",
259+
"type": "issue-tracker",
260+
"comment": "as detected from PackageJson property \"bugs.url\""
261+
},
262+
{
263+
"url": "https://registry.npmjs.org/@tsmx/string-crypto/-/string-crypto-1.0.6.tgz",
264+
"type": "distribution",
265+
"hashes": [
266+
{
267+
"alg": "SHA-512",
268+
"content": "2ba37d87e647bb1dc5f64d14610f03dab8d0cd8d5021439e1876a8a2be03cd5ab1eae9ca17420e657bc75bb7746946c7264d6f284c26deb2c9069fd5027f5167"
269+
}
270+
],
271+
"comment": "as detected from npm-ls property \"resolved\" and property \"integrity\""
272+
}
273+
],
274+
"properties": [
275+
{
276+
"name": "cdx:npm:package:path",
277+
"value": "node_modules/@tsmx/string-crypto"
278+
}
279+
]
280+
}
281+
],
282+
"dependencies": [
283+
{
284+
"ref": "@tsmx/secure-config@2.3.0",
285+
"dependsOn": [
286+
"@tsmx/json-traverse@1.0.8",
287+
"@tsmx/object-hmac@1.1.5",
288+
"@tsmx/string-crypto@1.0.6"
289+
]
290+
},
291+
{
292+
"ref": "@tsmx/json-traverse@1.0.8"
293+
},
294+
{
295+
"ref": "@tsmx/object-hmac@1.1.5",
296+
"dependsOn": [
297+
"@tsmx/json-traverse@1.0.8"
298+
]
299+
},
300+
{
301+
"ref": "@tsmx/string-crypto@1.0.6"
302+
}
303+
]
304+
}

0 commit comments

Comments
 (0)