add-vulnerabilities-to-bom
v0.0.3
Published
Adds known vulnerabilities to BOM
Downloads
4
Maintainers
Readme
Add vulnerabilities to BOM
Adds known vulnerabilities to BOM
This is still beta software, do NOT rely on it for critical security.
Install
Install globally if you want to use the CLI.
yarn global add add-vulnerabilities-to-bom
# or
npm i -g add-vulnerabilities-to-bom
Install locally if you want to use it as a library.
yarn add add-vulnerabilities-to-bom
# or
npm i --save add-vulnerabilities-to-bom
Usage
Expects a BOM generated by @cyclonedx/bom, e.g.
$ cyclonedx-bom -o bom.json --include-dev
CLI
$ add-vulnerabilities-to-bom --help
Options:
--version Show version number [boolean]
-f, --file path to bom.json [string] [default: "bom.json"]
--help Show help [boolean]
$ add-vulnerabilities-to-bom -f my-bom.json > bom-with-vulns.json
As a library
import { addVulnerabilitiesToBom, BomFile } from 'add-vulnerabilities-to-bom'
const bom: BomFile = require('./bom.json')
addVulnerabilitiesToBom(bom)
.then(console.log)
.catch(console.error)
Developing
- Clone the repo
- Run
yarn install
- Run
yarn test-watch
to run the tests while deving - Run
git add . && git commit -m some-message
to commit changes - Run
yarn release
to create a new version using standard-version
Lint checks and tests are run automatically on commit and built by the pipeline on push.
License
add-vulnerabilities-to-bom is licensed under the terms of the MIT license.