Merge pull request #5 from blackducksoftware/dev-worklaptop

matthewb66 · web-flow · commit 31858990f5c2 · 2024-08-27T15:57:40.000+01:00
v1.0.6
diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-# Synopsys Scan Yocto Script - bd_scan_yocto_via_sbom.py v1.0.5
+# Synopsys Scan Yocto Script - bd_scan_yocto_via_sbom.py v1.0.6
 
 # PROVISION OF THIS SCRIPT
 This script is provided under the MIT license (see LICENSE file).
@@ -135,6 +135,8 @@ There are several additional options to modify the behaviour of this utility inc
                            Additional Synopsys Detect options
      --api_timeout         Specify API timeout in seconds (default 60) - will be used in
                            Synopsys Detect as --detect.timeout
+     --sbom_create_custom_components
+                           Create custom components when uploading SBOM (default False)
      --debug               Debug logging mode
      --logfile LOGFILE     Logging output file
 
diff --git a/pyproject.toml b/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "bd_scan_yocto_via_sbom"
-version = "1.0.5"
+version = "1.0.6"
 authors = [
   { name="Matthew Brady", email="mbrad@synopsys.com" },
 ]
diff --git a/yocto_import_sbom/BBClass.py b/yocto_import_sbom/BBClass.py
@@ -135,7 +135,7 @@ def process_bitbake_env(self, conf):
     @staticmethod
     def run_cmd(command):
         try:
-            ret = subprocess.run(command, capture_output=True, text=True, timeout=20)
+            ret = subprocess.run(command, capture_output=True, text=True, timeout=60)
             if ret.returncode != 0:
                 logging.error(f"Run command '{command}' failed with error {ret.returncode} - {ret.stderr}")
                 return False, ''
@@ -240,13 +240,15 @@ def check_files(conf):
                     conf.license_manifest = manifest
 
         imgdir = os.path.join(conf.deploy_dir, "images", machine)
-        cvefile = ""
-
-        if os.path.isdir(imgdir):
-            for file in sorted(os.listdir(imgdir)):
-                if file == conf.target + "-" + machine + ".cve":
-                    cvefile = os.path.join(imgdir, file)
-                    break
+        if conf.cve_check_file != "":
+            cvefile = conf.cve_check_file
+        else:
+            cvefile = ""
+            if os.path.isdir(imgdir):
+                for file in sorted(os.listdir(imgdir)):
+                    if file == conf.target + "-" + machine + ".cve":
+                        cvefile = os.path.join(imgdir, file)
+                        break
 
         if not os.path.isfile(cvefile):
             logging.warning(f"CVE check file {cvefile} could not be located - skipping CVE processing")
diff --git a/yocto_import_sbom/BOMClass.py b/yocto_import_sbom/BOMClass.py
@@ -174,7 +174,8 @@ def upload_sbom(conf, bom, sbom):
             files = {'file': (sbom.file, open(sbom.file, 'rb'), 'application/spdx')}
             multipart_form_data = {
                 'projectName': conf.bd_project,
-                'versionName': conf.bd_version
+                'versionName': conf.bd_version,
+                'autocreate': conf.sbom_custom_components
             }
             # headers['Content-Type'] = 'multipart/form-data; boundary=6o2knFse3p53ty9dmcQvWAIx1zInP11uCfbm'
             response = requests.post(url, headers=headers, files=files, data=multipart_form_data,
diff --git a/yocto_import_sbom/ConfigClass.py b/yocto_import_sbom/ConfigClass.py
@@ -76,6 +76,9 @@ def __init__(self):
         parser.add_argument("--detect_opts", help="OPTIONAL Additional Synopsys Detect options", default="")
         parser.add_argument("--api_timeout", help="OPTIONAL API and Detect timeout in seconds (default 60)",
                             default="60")
+        parser.add_argument("--sbom_create_custom_components",
+                            help="Create custom components for unmatched components on SBOM upload",
+                            action='store_true')
 
         parser.add_argument("--debug", help="Debug logging mode", action='store_true')
         parser.add_argument("--logfile", help="Logging output file", default="")
@@ -110,6 +113,7 @@ def __init__(self):
         self.detect_jar = ''
         self.detect_opts = args.detect_opts
         self.api_timeout = args.api_timeout
+        self.sbom_custom_components = args.sbom_create_custom_components
 
         terminate = False
         if args.debug:
@@ -214,7 +218,9 @@ def __init__(self):
             terminate = True
         self.max_oe_version_distance = distarr
 
-        self.oe_data_folder = args.oe_data_folder
+        if not os.path.isdir(self.oe_data_folder):
+            logging.error(f"OE_data_folder {self.oe_data_folder} does not exist")
+            terminate = True
 
         if args.package_dir:
             if not os.path.exists(args.package_dir):

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"`
`4`	`4`
`5`	`5`	`[project]`
`6`	`6`	`name = "bd_scan_yocto_via_sbom"`
`7`		`-version = "1.0.5"`
	`7`	`+version = "1.0.6"`
`8`	`8`	`authors = [`
`9`	`9`	`{ name="Matthew Brady", email="[email protected]" },`
`10`	`10`	`]`