Class: GemGuard::SbomGenerator

Inherits:

Object

Object
GemGuard::SbomGenerator

show all

Defined in:: lib/gem_guard/sbom_generator.rb

Constant Summary collapse

SPDX_VERSION =

"SPDX-2.3"

CYCLONE_DX_VERSION =

"1.5"

Instance Method Summary collapse

#generate_cyclone_dx(dependencies, project_name = "ruby-project") ⇒ Object
#generate_spdx(dependencies, project_name = "ruby-project") ⇒ Object
#initialize ⇒ SbomGenerator constructor

A new instance of SbomGenerator.

Constructor Details

#initialize ⇒ `SbomGenerator`

Returns a new instance of SbomGenerator.

# File 'lib/gem_guard/sbom_generator.rb', line 10

def initialize
  @document_id = "SPDXRef-DOCUMENT"
  @creation_time = Time.now.utc.iso8601
end

Instance Method Details

#generate_cyclone_dx(dependencies, project_name = "ruby-project") ⇒ `Object`

# File 'lib/gem_guard/sbom_generator.rb', line 32

def generate_cyclone_dx(dependencies, project_name = "ruby-project")
  {
    "bomFormat" => "CycloneDX",
    "specVersion" => CYCLONE_DX_VERSION,
    "serialNumber" => "urn:uuid:#{generate_uuid}",
    "version" => 1,
    "metadata" => {
      "timestamp" => @creation_time,
      "tools" => [
        {
          "vendor" => "GemGuard",
          "name" => "gem_guard",
          "version" => GemGuard::VERSION
        }
      ],
      "component" => {
        "type" => "application",
        "name" => project_name,
        "version" => "1.0.0"
      }
    },
    "components" => build_cyclone_dx_components(dependencies)
  }
end

#generate_spdx(dependencies, project_name = "ruby-project") ⇒ `Object`

# File 'lib/gem_guard/sbom_generator.rb', line 15

def generate_spdx(dependencies, project_name = "ruby-project")
  {
    "spdxVersion" => SPDX_VERSION,
    "dataLicense" => "CC0-1.0",
    "SPDXID" => @document_id,
    "name" => "#{project_name}-sbom",
    "documentNamespace" => "https://gem-guard.dev/#{project_name}/#{@creation_time}",
    "creationInfo" => {
      "created" => @creation_time,
      "creators" => ["Tool: gem_guard-#{GemGuard::VERSION}"],
      "licenseListVersion" => "3.21"
    },
    "packages" => build_spdx_packages(dependencies, project_name),
    "relationships" => build_spdx_relationships(dependencies)
  }
end

Class: GemGuard::SbomGenerator

Constant Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize ⇒ SbomGenerator

Instance Method Details

#generate_cyclone_dx(dependencies, project_name = "ruby-project") ⇒ Object

#generate_spdx(dependencies, project_name = "ruby-project") ⇒ Object

#initialize ⇒ `SbomGenerator`

#generate_cyclone_dx(dependencies, project_name = "ruby-project") ⇒ `Object`

#generate_spdx(dependencies, project_name = "ruby-project") ⇒ `Object`