Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add info to SBOM results: which version of npm-ls was used in the process #1100

Closed
jkowalleck opened this issue Sep 1, 2023 · 0 comments · Fixed by #1101
Closed

add info to SBOM results: which version of npm-ls was used in the process #1100

jkowalleck opened this issue Sep 1, 2023 · 0 comments · Fixed by #1101
Assignees
@jkowalleck
Labels
enhancement New feature or request

Comments

@jkowalleck
Copy link
Member

jkowalleck commented Sep 1, 2023
edited
Loading

Is your feature request related to a problem? Please describe.

Internally, npm-ls is used to gather some information, the initial vectors.
see https://github.com/CycloneDX/cyclonedx-node-npm/blob/main/docs/how.md

Current SBOM result contains the tool that was used to gather all data.
But it does not include any information about the npm that was used to gather the initial vectors.
Therefore, it is not entirely clear, HOW a SBOM was created - in terms of reproducibility.

Describe the solution you'd like

add npm with the following version to bom.metadata.tools

  • name: "npm"
  • vendor: undefined
  • version: the version that was detected, unmodified
  • hashes: empty
  • external references: empty

Describe alternatives you've considered

none

Additional context

npm --version returns a version string
@jkowalleck jkowalleck added the enhancement New feature or request label Sep 1, 2023
@jkowalleck jkowalleck changed the title add info which version of npm was used to gather the raw data add info which version of npm-ls was used in the process Sep 1, 2023
@jkowalleck jkowalleck changed the title add info which version of npm-ls was used in the process add info to SBOM results: which version of npm-ls was used in the process Sep 1, 2023
@jkowalleck jkowalleck mentioned this issue Sep 1, 2023
Merged
3 tasks
@jkowalleck jkowalleck self-assigned this Sep 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jkowalleck jkowalleck

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

add tool npm CycloneDX/cyclonedx-node-npm
1 participant
@jkowalleck