Mbt upgrade SBOM file content (#1103)

young-yang03 · Young Yang · web-flow · commit 8fc64933d7d5 · 2024-07-02T10:29:53.000+08:00
* modified:   .circleci/config.yml
	modified:   Dockerfile_mbtci_template
	modified:   Makefile
	modified:   internal/artifacts/sbom.go
	modified:   internal/commands/commands.go

* modified:   internal/artifacts/sbom.go
	modified:   internal/commands/commands.go

* modified:   internal/artifacts/sbom.go

* modified:   Dockerfile_mbtci_template
	modified:   internal/artifacts/sbom.go

* modified:   internal/artifacts/project.go
	modified:   internal/artifacts/project_test.go
	modified:   internal/artifacts/sbom.go

* modified:   internal/artifacts/sbom.go

* modified:   Makefile

---------

Co-authored-by: Young Yang &lt;young.yang03@sap.com&gt;
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -136,14 +136,14 @@ jobs:
             go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest
             cyclonedx-gomod version
       - run:
-          name: install cyclonedx-bom
-          command: |
-            CYCLONEDX_BOM_PACKAGE=cyclonedx-bom
-            CYCLONEDX_BOM_VERSION=0.0.9
-            CYCLONEDX_BOM_BINARY=cyclonedx-bom
-            npm install ${CYCLONEDX_BOM_PACKAGE}@${CYCLONEDX_BOM_VERSION} --no-save
-            echo "${CYCLONEDX_BOM_BINARY} -h"
-            npx ${CYCLONEDX_BOM_BINARY} -h
+          name: install cyclonedx-npm
+          command: |
+            CYCLONEDX_NPM_PACKAGE=@cyclonedx/cyclonedx-npm
+            CYCLONEDX_NPM_VERSION=1.11.0
+            CYCLONEDX_NPM_BINARY=cyclonedx-npm
+            npm install ${CYCLONEDX_NPM_PACKAGE}@${CYCLONEDX_NPM_VERSION} --no-save
+            echo "${CYCLONEDX_NPM_BINARY} -h"
+            npx ${CYCLONEDX_NPM_BINARY} -h
       - run:
           name: build mbt binary
           command: |
diff --git a/Dockerfile_mbtci_template b/Dockerfile_mbtci_template
@@ -14,9 +14,9 @@ ARG CYCLONEDX_CLI_VERSION=0.24.2
 ARG CYCLONEDX_CLI_BINARY=cyclonedx
 ARG CYCLONEDX_GOMOD_VERSION=1.4.0
 ARG CYCLONEDX_GOMOD_BINARY=cyclonedx-gomod
-ARG CYCLONEDX_BOM_PACKAGE=cyclonedx-bom
-ARG CYCLONEDX_BOM_VERSION=0.0.9
-ARG CYCLONEDX_BOM_BINARY=cyclonedx-bom
+ARG CYCLONEDX_NPM_PACKAGE=@cyclonedx/cyclonedx-npm
+ARG CYCLONEDX_NPM_VERSION=1.11.0
+ARG CYCLONEDX_NPM_BINARY=cyclonedx-npm
 
 # Environment variables
 ENV PYTHON /usr/bin/python3
@@ -293,12 +293,6 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
   && echo "cyclonedx-gomod smoke tests!" \
   && cyclonedx-gomod version
 
-# Install cyclone-bom
-RUN set -ex \
-  && npm install --prefix /usr/local/ -g ${CYCLONEDX_BOM_PACKAGE}@${CYCLONEDX_BOM_VERSION} \
-  && echo "cyclonedx-bom smoke tests!" \
-  && npx ${CYCLONEDX_BOM_BINARY} -h
-
 # Install curl and ca-certificates
 RUN set -ex \
   && apt-get update \
diff --git a/Makefile b/Makefile
@@ -23,11 +23,10 @@ CYCLONEDX_CLI_VERSION = 0.24.2
 CYCLONEDX_GOMOD_BINARY = cyclonedx-gomod
 CYCLONEDX_GOMOD_VERSION = latest
 
-# cyclonedx-bom
-CYCLONEDX_BOM_PACKAGE = cyclonedx-bom
-CYCLONEDX_BOM_VERSION = 0.0.9
-CYCLONEDX_BOM_BINARY = cyclonedx-bom
-
+# cyclonedx_npm
+CYCLONEDX_NPM_PACKAGE = @cyclonedx/cyclonedx-npm
+CYCLONEDX_NPM_VERSION = 1.11.0
+CYCLONEDX_NPM_BINARY = cyclonedx-npm
 
 ifeq ($(OS),Windows_NT)
 CYCLONEDX_OS=win
@@ -70,10 +69,10 @@ lint:
 
 # execute general tests
 tests:
-	 go test -v -count=1 -timeout 30m ./...
+	 go test -v -count=1 -timeout 60m ./...
 # check code coverage
 cover:
-	go test -v -coverprofile cover.out ./... -count=1 -timeout 30m
+	go test -v -coverprofile cover.out ./... -count=1 -timeout 60m
 	go tool cover -html=cover.out -o cover.html
 	open cover.html
 
@@ -111,18 +110,20 @@ else
 	cp $(CURDIR)/release/$(BINARY_NAME) $~/usr/local/bin/
 endif
 
-# use for local development - > install cyclonedx-gomod, cyclonedx-cli and cyclonedx-bom
+# use for local development - > install cyclonedx-gomod, cyclonedx-cli and cyclonedx-npm
 install-cyclonedx:
 # install cyclonedx-gomod
 	go install github.com/CycloneDX/cyclonedx-gomod/cmd/${CYCLONEDX_GOMOD_BINARY}@${CYCLONEDX_GOMOD_VERSION}
 	echo "${CYCLONEDX_GOMOD_BINARY} version"
 	${CYCLONEDX_GOMOD_BINARY} version
+
 # install cyclonedx-cli	
 	curl -fsSLO --compressed "https://github.com/CycloneDX/cyclonedx-cli/releases/download/v${CYCLONEDX_CLI_VERSION}/${CYCLONEDX_CLI_BINARY}-${CYCLONEDX_OS}-${CYCLONEDX_ARCH}${CYCLONEDX_BINARY_SUFFIX}"
 	mv ${CYCLONEDX_CLI_BINARY}-${CYCLONEDX_OS}-${CYCLONEDX_ARCH}${CYCLONEDX_BINARY_SUFFIX} $(GOPATH)/bin/${CYCLONEDX_CLI_BINARY}${CYCLONEDX_BINARY_SUFFIX}
 	echo "${CYCLONEDX_CLI_BINARY} version:"
 	${CYCLONEDX_CLI_BINARY} --version
-# install cyclonedx-bom
-	npm install -g ${CYCLONEDX_BOM_PACKAGE}@${CYCLONEDX_BOM_VERSION}
-	echo "${CYCLONEDX_BOM_BINARY} -h"
-	npx ${CYCLONEDX_BOM_BINARY} -h
+
+# install cyclonedx-npm
+	npm install -g ${CYCLONEDX_NPM_PACKAGE}@${CYCLONEDX_NPM_VERSION}
+	echo "${CYCLONEDX_NPM_BINARY} -h"
+	npx ${CYCLONEDX_NPM_BINARY} -h
diff --git a/internal/artifacts/project.go b/internal/artifacts/project.go
@@ -9,7 +9,7 @@ import (
 
 	"github.com/pkg/errors"
 
-	dir "github.com/SAP/cloud-mta-build-tool/internal/archive"
+	"github.com/SAP/cloud-mta-build-tool/internal/archive"
 	"github.com/SAP/cloud-mta-build-tool/internal/commands"
 	"github.com/SAP/cloud-mta-build-tool/internal/exec"
 	"github.com/SAP/cloud-mta-build-tool/internal/logs"
diff --git a/internal/artifacts/project_test.go b/internal/artifacts/project_test.go
@@ -11,7 +11,7 @@ import (
 	. "github.com/onsi/ginkgo/extensions/table"
 	. "github.com/onsi/gomega"
 
-	dir "github.com/SAP/cloud-mta-build-tool/internal/archive"
+	"github.com/SAP/cloud-mta-build-tool/internal/archive"
 	"github.com/SAP/cloud-mta-build-tool/internal/commands"
 	"github.com/SAP/cloud-mta-build-tool/internal/exec"
 	"github.com/SAP/cloud-mta/mta"
diff --git a/internal/artifacts/sbom.go b/internal/artifacts/sbom.go
diff --git a/internal/commands/commands.go b/internal/commands/commands.go
