Merge pull request #525 from psiinon/sbom

Add SBOM help page

Author: thc202

addOns/help/CHANGELOG.md

@@ -4,6 +4,9 @@ All notable changes to this add-on will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## Unreleased
+### Added
+- SBOM help page.
+
 ### Changed
 - Updated for 2.14.0.
 

addOns/help/src/main/javahelp/contents/cmdline.html

@@ -49,6 +49,7 @@ <H2>Options</H2>
 <tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td>-addonlist</td><td>List all of the installed add-ons</td></tr>
 <tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td>-script &lt;script&gt;</td><td>Run the specified script (file system path) if command line/daemon, or just load it if GUI</td></tr>
 <tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td>-suppinfo</td><td>Outputs details relevant for support and troubleshooting (to the console/standard out). Such as: ZAP version, java version, installed add-ons and version, locale info, operating system, etc.</td></tr>
+<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td>-sbomzip &lt;path&gt;</td><td>Creates a zip file containing all of the available <a href="start/features/sbom.html">SBOMs</a></td></tr>
 
 </table>
 <br>

addOns/help/src/main/javahelp/contents/start/features/features.html

@@ -27,6 +27,7 @@ <H1>Features</H1>
 <tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td><a href="modes.html">Modes</a></td><td></td></tr>
 <tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td><a href="notes.html">Notes</a></td><td></td></tr>
 <tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td><a href="pscan.html">Passive Scan</a></td><td></td></tr>
+<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td><a href="sbom.html">Software Bill of Materials</a></td><td></td></tr>
 <tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td><a href="scanpolicy.html">Scan Policy</a></td><td></td></tr>
 <tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td><a href="scope.html">Scope</a></td><td></td></tr>
 <tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td><a href="scripts.html">Scripts</a></td><td></td></tr>

addOns/help/src/main/javahelp/contents/start/features/sbom.html

@@ -0,0 +1,42 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<HTML>
+<HEAD>
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
+<TITLE>
+Software Bill of Materials
+</TITLE>
+</HEAD>
+<BODY>
+<H1>Software Bill of Materials</H1>
+<p>
+ZAP includes a runtime Software Bill of Materials (SBOM) generated by <a href="https://cyclonedx.org/">CycloneDX</a> 
+for both the ZAP core and all of the add-ons maintained by the ZAP team. 
+Each SBOM will appear as a file called "bom.json" included at the root of the ZAP JARs.
+<p>
+Note that SBOMs may not be available if you run ZAP from the source code, and some 3rd party add-ons may also not define them.
+
+<H2>SBOM zip</H2>
+A zip file containing all of the available SBOM files can be generated via the following options.
+The ZAP core SBOM file will be called "zap-core-bom.json" and the add-on SBOM files will be called "&lt;addon-id&gt;-bom.json".
+
+<H3>Desktop</H3>
+The <a href="../../ui/tlmenu/help.html">Help menu</a> "Support Info..." dialog "Save SBOM zip..." button.
+
+<H3>Command Line</H3>
+
+The "-sbomzip" <a href="../../cmdline.html">Command Line</a> option.
+
+<H3>API</H3>
+
+The core "createSbomZip" <a href="api.html">API</a> action.
+
+<H2>See also</H2>
+<table>
+<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td>
+<a href="../../ui/overview.html">UI Overview</a></td><td>for an overview of the user interface</td></tr>
+<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td>
+<a href="features.html">Features</a></td><td>provided by ZAP</td></tr>
+</table>
+
+</BODY>
+</HTML>

addOns/help/src/main/javahelp/contents/ui/tlmenu/help.html

@@ -17,8 +17,11 @@ <H3>Support Info...</H3>
 Displays a dialog that contains information which is useful when troubleshooting or seeking support. Such as:<br>
 Version, installed add-ons and versions, operating system, java version, locale info, and ZAP Home Directory path.
 This information can be copied and pasted. <br>
-The dialog includes an "Open" button, which assuming the OS supports the necessary functionality, will open the ZAP Home Directory 
-(for logs or configuration files) when clicked.
+The dialog includes an "Open ZAP Home" button, which assuming the OS supports the necessary functionality, will open the ZAP Home Directory 
+(for logs or configuration files) when clicked. <br>
+The dialog includes a "Save SBOM zip..." button, which will prompt you for the name of a zip file 
+which it will generate containing all of the available 
+<a href="../../start/features/sbom.html">SBOM</a> files.
 
 <H3>Check for Updates...</H3>
 This checks to see if you are running the latest version of ZAP.

addOns/help/src/main/javahelp/toc.xml

@@ -34,6 +34,7 @@
          <tocitem text="Modes" target="start.features.modes"/>
          <tocitem text="Notes" target="start.features.notes"/>
          <tocitem text="Passive Scan" target="start.features.pscan"/>
+         <tocitem text="Software Bill of Materials" target="start.features.sbom"/>
          <tocitem text="Scan Policies" target="start.features.scanpolicy"/>
          <tocitem text="Scope" target="start.features.scope"/>
          <tocitem text="Scripts" target="start.features.scripts"/>

commonFiles/src/main/resources/map.jhm

@@ -30,6 +30,7 @@
         <mapID target="start.features.modes" url="contents/start/features/modes.html" />
         <mapID target="start.features.notes" url="contents/start/features/notes.html" />
         <mapID target="start.features.pscan" url="contents/start/features/pscan.html" />
+        <mapID target="start.features.sbom" url="contents/start/features/sbom.html" />
         <mapID target="start.features.scanpolicy" url="contents/start/features/scanpolicy.html" />
         <mapID target="start.features.scope" url="contents/start/features/scope.html" />
         <mapID target="start.features.scripts" url="contents/start/features/scripts.html" />