diff --git a/src/analysis.js b/src/analysis.js index 87673be..576ee2a 100644 --- a/src/analysis.js +++ b/src/analysis.js @@ -102,10 +102,10 @@ function setRhdaHeader(headerName,headers,opts) { * @returns {{}} */ function getTokenHeaders(opts = {}) { - let supportedTokens = ['snyk'] + let supportedTokens = ['snyk','oss-index'] let headers = {} supportedTokens.forEach(vendor => { - let token = getCustom(`EXHORT_${vendor.toUpperCase()}_TOKEN`, null, opts); + let token = getCustom(`EXHORT_${vendor.replace("-","_").toUpperCase()}_TOKEN`, null, opts); if (token) { headers[`ex-${vendor}-token`] = token } diff --git a/src/index.js b/src/index.js index cfaf8a7..c2cb4e1 100644 --- a/src/index.js +++ b/src/index.js @@ -8,7 +8,7 @@ import PackageJson from '../package.json' assert {type: 'json'}; export default { AnalysisReport, componentAnalysis, stackAnalysis, validateToken } -export const exhortDevDefaultUrl = 'http://alpha-exhort.apps.sssc-cl01.appeng.rhecoeng.com'; +export const exhortDevDefaultUrl = 'https://exhort.stage.devshift.net'; export const exhortDefaultUrl = "https://rhda.rhcloud.com"; diff --git a/src/providers/java_maven.js b/src/providers/java_maven.js index 3850f03..046f8ef 100644 --- a/src/providers/java_maven.js +++ b/src/providers/java_maven.js @@ -313,13 +313,15 @@ function getDependencies(manifest) { if (dep['#comment'] && dep['#comment'].includes('exhortignore')) { // #comment is an array or a string ignore = true } - ignored.push({ - groupId: dep['groupId'], - artifactId: dep['artifactId'], - version: dep['version'] ? dep['version'].toString() : '*', - scope: '*', - ignore: ignore - }) + if(dep['scope'] !== 'test') { + ignored.push({ + groupId: dep['groupId'], + artifactId: dep['artifactId'], + version: dep['version'] ? dep['version'].toString() : '*', + scope: '*', + ignore: ignore + }) + } }) // return list of dependencies return ignored diff --git a/test/providers/tst_manifests/maven/pom_deps_with_no_ignore_common_paths/component_analysis_expected_sbom.json b/test/providers/tst_manifests/maven/pom_deps_with_no_ignore_common_paths/component_analysis_expected_sbom.json index b2708ca..5fbcdd3 100644 --- a/test/providers/tst_manifests/maven/pom_deps_with_no_ignore_common_paths/component_analysis_expected_sbom.json +++ b/test/providers/tst_manifests/maven/pom_deps_with_no_ignore_common_paths/component_analysis_expected_sbom.json @@ -1,124 +1,111 @@ { - "bomFormat": "CycloneDX", - "specVersion": "1.4", - "version": 1, - "metadata": { - "timestamp": "2023-08-07T00:00:00.000Z", - "component": { - "group": "pom-with-deps-no-ignore", - "name": "pom-with-dependency-not-ignored-common-paths", - "version": "0.0.1", - "purl": "pkg:maven/pom-with-deps-no-ignore/pom-with-dependency-not-ignored-common-paths@0.0.1", - "type": "application", - "bom-ref": "pkg:maven/pom-with-deps-no-ignore/pom-with-dependency-not-ignored-common-paths@0.0.1" - } - }, - "components": [ - { - "group": "pom-with-deps-no-ignore", - "name": "pom-with-dependency-not-ignored-common-paths", - "version": "0.0.1", - "purl": "pkg:maven/pom-with-deps-no-ignore/pom-with-dependency-not-ignored-common-paths@0.0.1", - "type": "application", - "bom-ref": "pkg:maven/pom-with-deps-no-ignore/pom-with-dependency-not-ignored-common-paths@0.0.1" - }, - { - "group": "org.springframework.boot", - "name": "spring-boot-starter", - "version": "2.3.5.RELEASE", - "purl": "pkg:maven/org.springframework.boot/spring-boot-starter@2.3.5.RELEASE", - "type": "library", - "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.3.5.RELEASE" - }, - { - "group": "org.springframework.boot", - "name": "spring-boot-starter-test", - "version": "2.3.5.RELEASE", - "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-test@2.3.5.RELEASE", - "type": "library", - "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-test@2.3.5.RELEASE" - }, - { - "group": "org.springframework.boot", - "name": "spring-boot-starter-web", - "version": "2.3.5.RELEASE", - "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.5.RELEASE", - "type": "library", - "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.5.RELEASE" - }, - { - "group": "io.quarkus", - "name": "quarkus-resteasy", - "version": "2.7.7.Final", - "purl": "pkg:maven/io.quarkus/quarkus-resteasy@2.7.7.Final", - "type": "library", - "bom-ref": "pkg:maven/io.quarkus/quarkus-resteasy@2.7.7.Final" - }, - { - "group": "org.keycloak", - "name": "keycloak-saml-core", - "version": "1.8.1.Final", - "purl": "pkg:maven/org.keycloak/keycloak-saml-core@1.8.1.Final", - "type": "library", - "bom-ref": "pkg:maven/org.keycloak/keycloak-saml-core@1.8.1.Final" - }, - { - "group": "io.quarkus", - "name": "quarkus-vertx-http", - "version": "2.13.5.Final", - "purl": "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final", - "type": "library", - "bom-ref": "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final" - }, - { - "group": "io.quarkus", - "name": "quarkus-jdbc-postgresql", - "version": "2.13.6.Final", - "purl": "pkg:maven/io.quarkus/quarkus-jdbc-postgresql@2.13.6.Final", - "type": "library", - "bom-ref": "pkg:maven/io.quarkus/quarkus-jdbc-postgresql@2.13.6.Final" - } - ], - "dependencies": [ - { - "ref": "pkg:maven/pom-with-deps-no-ignore/pom-with-dependency-not-ignored-common-paths@0.0.1", - "dependsOn": [ - "pkg:maven/org.springframework.boot/spring-boot-starter@2.3.5.RELEASE", - "pkg:maven/org.springframework.boot/spring-boot-starter-test@2.3.5.RELEASE", - "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.5.RELEASE", - "pkg:maven/io.quarkus/quarkus-resteasy@2.7.7.Final", - "pkg:maven/org.keycloak/keycloak-saml-core@1.8.1.Final", - "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final", - "pkg:maven/io.quarkus/quarkus-jdbc-postgresql@2.13.6.Final" - ] - }, - { - "ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.3.5.RELEASE", - "dependsOn": [] - }, - { - "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-test@2.3.5.RELEASE", - "dependsOn": [] - }, - { - "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.5.RELEASE", - "dependsOn": [] - }, - { - "ref": "pkg:maven/io.quarkus/quarkus-resteasy@2.7.7.Final", - "dependsOn": [] - }, - { - "ref": "pkg:maven/org.keycloak/keycloak-saml-core@1.8.1.Final", - "dependsOn": [] - }, - { - "ref": "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final", - "dependsOn": [] - }, - { - "ref": "pkg:maven/io.quarkus/quarkus-jdbc-postgresql@2.13.6.Final", - "dependsOn": [] - } - ] + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "version": 1, + "metadata": { + "timestamp": "2023-08-07T00:00:00.000Z", + "component": { + "group": "pom-with-deps-no-ignore", + "name": "pom-with-dependency-not-ignored-common-paths", + "version": "0.0.1", + "purl": "pkg:maven/pom-with-deps-no-ignore/pom-with-dependency-not-ignored-common-paths@0.0.1", + "type": "application", + "bom-ref": "pkg:maven/pom-with-deps-no-ignore/pom-with-dependency-not-ignored-common-paths@0.0.1" + } + }, + "components": [ + { + "group": "pom-with-deps-no-ignore", + "name": "pom-with-dependency-not-ignored-common-paths", + "version": "0.0.1", + "purl": "pkg:maven/pom-with-deps-no-ignore/pom-with-dependency-not-ignored-common-paths@0.0.1", + "type": "application", + "bom-ref": "pkg:maven/pom-with-deps-no-ignore/pom-with-dependency-not-ignored-common-paths@0.0.1" + }, + { + "group": "org.springframework.boot", + "name": "spring-boot-starter", + "version": "2.3.5.RELEASE", + "purl": "pkg:maven/org.springframework.boot/spring-boot-starter@2.3.5.RELEASE", + "type": "library", + "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.3.5.RELEASE" + }, + { + "group": "org.springframework.boot", + "name": "spring-boot-starter-web", + "version": "2.3.5.RELEASE", + "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.5.RELEASE", + "type": "library", + "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.5.RELEASE" + }, + { + "group": "io.quarkus", + "name": "quarkus-resteasy", + "version": "2.7.7.Final", + "purl": "pkg:maven/io.quarkus/quarkus-resteasy@2.7.7.Final", + "type": "library", + "bom-ref": "pkg:maven/io.quarkus/quarkus-resteasy@2.7.7.Final" + }, + { + "group": "org.keycloak", + "name": "keycloak-saml-core", + "version": "1.8.1.Final", + "purl": "pkg:maven/org.keycloak/keycloak-saml-core@1.8.1.Final", + "type": "library", + "bom-ref": "pkg:maven/org.keycloak/keycloak-saml-core@1.8.1.Final" + }, + { + "group": "io.quarkus", + "name": "quarkus-vertx-http", + "version": "2.13.5.Final", + "purl": "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final", + "type": "library", + "bom-ref": "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final" + }, + { + "group": "io.quarkus", + "name": "quarkus-jdbc-postgresql", + "version": "2.13.6.Final", + "purl": "pkg:maven/io.quarkus/quarkus-jdbc-postgresql@2.13.6.Final", + "type": "library", + "bom-ref": "pkg:maven/io.quarkus/quarkus-jdbc-postgresql@2.13.6.Final" + } + ], + "dependencies": [ + { + "ref": "pkg:maven/pom-with-deps-no-ignore/pom-with-dependency-not-ignored-common-paths@0.0.1", + "dependsOn": [ + "pkg:maven/org.springframework.boot/spring-boot-starter@2.3.5.RELEASE", + "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.5.RELEASE", + "pkg:maven/io.quarkus/quarkus-resteasy@2.7.7.Final", + "pkg:maven/org.keycloak/keycloak-saml-core@1.8.1.Final", + "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final", + "pkg:maven/io.quarkus/quarkus-jdbc-postgresql@2.13.6.Final" + ] + }, + { + "ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.3.5.RELEASE", + "dependsOn": [] + }, + { + "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.5.RELEASE", + "dependsOn": [] + }, + { + "ref": "pkg:maven/io.quarkus/quarkus-resteasy@2.7.7.Final", + "dependsOn": [] + }, + { + "ref": "pkg:maven/org.keycloak/keycloak-saml-core@1.8.1.Final", + "dependsOn": [] + }, + { + "ref": "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final", + "dependsOn": [] + }, + { + "ref": "pkg:maven/io.quarkus/quarkus-jdbc-postgresql@2.13.6.Final", + "dependsOn": [] + } + ] } diff --git a/test/providers/tst_manifests/maven/poms_deps_with_2_ignore_long/component_analysis_expected_sbom.json b/test/providers/tst_manifests/maven/poms_deps_with_2_ignore_long/component_analysis_expected_sbom.json index 218a7c7..12776a1 100644 --- a/test/providers/tst_manifests/maven/poms_deps_with_2_ignore_long/component_analysis_expected_sbom.json +++ b/test/providers/tst_manifests/maven/poms_deps_with_2_ignore_long/component_analysis_expected_sbom.json @@ -30,14 +30,6 @@ "type": "library", "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.3.5.RELEASE" }, - { - "group": "org.springframework.boot", - "name": "spring-boot-starter-test", - "version": "2.3.5.RELEASE", - "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-test@2.3.5.RELEASE", - "type": "library", - "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-test@2.3.5.RELEASE" - }, { "group": "org.springframework.boot", "name": "spring-boot-starter-web", @@ -68,7 +60,6 @@ "ref": "pkg:maven/com.example/demo@0.0.1-SNAPSHOT", "dependsOn": [ "pkg:maven/org.springframework.boot/spring-boot-starter@2.3.5.RELEASE", - "pkg:maven/org.springframework.boot/spring-boot-starter-test@2.3.5.RELEASE", "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.5.RELEASE", "pkg:maven/io.quarkus/quarkus-resteasy@2.7.7.Final", "pkg:maven/io.quarkus/quarkus-jdbc-postgresql@2.13.6.Final" @@ -78,10 +69,6 @@ "ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.3.5.RELEASE", "dependsOn": [] }, - { - "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-test@2.3.5.RELEASE", - "dependsOn": [] - }, { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.5.RELEASE", "dependsOn": [] diff --git a/test/providers/tst_manifests/maven/poms_deps_with_ignore_long/component_analysis_expected_sbom.json b/test/providers/tst_manifests/maven/poms_deps_with_ignore_long/component_analysis_expected_sbom.json index fad59d8..7d390e8 100644 --- a/test/providers/tst_manifests/maven/poms_deps_with_ignore_long/component_analysis_expected_sbom.json +++ b/test/providers/tst_manifests/maven/poms_deps_with_ignore_long/component_analysis_expected_sbom.json @@ -61,22 +61,6 @@ "purl": "pkg:maven/org.springframework.kafka/spring-kafka@2.8.5", "type": "library", "bom-ref": "pkg:maven/org.springframework.kafka/spring-kafka@2.8.5" - }, - { - "group": "org.springframework.boot", - "name": "spring-boot-starter-test", - "version": "2.6.7", - "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-test@2.6.7", - "type": "library", - "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-test@2.6.7" - }, - { - "group": "org.springframework.kafka", - "name": "spring-kafka-test", - "version": "2.8.5", - "purl": "pkg:maven/org.springframework.kafka/spring-kafka-test@2.8.5", - "type": "library", - "bom-ref": "pkg:maven/org.springframework.kafka/spring-kafka-test@2.8.5" } ], "dependencies": [ @@ -87,9 +71,7 @@ "pkg:maven/io.micrometer/micrometer-registry-prometheus@1.8.5", "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.6.7", "pkg:maven/org.apache.kafka/kafka-streams@3.0.1", - "pkg:maven/org.springframework.kafka/spring-kafka@2.8.5", - "pkg:maven/org.springframework.boot/spring-boot-starter-test@2.6.7", - "pkg:maven/org.springframework.kafka/spring-kafka-test@2.8.5" + "pkg:maven/org.springframework.kafka/spring-kafka@2.8.5" ] }, { @@ -111,14 +93,6 @@ { "ref": "pkg:maven/org.springframework.kafka/spring-kafka@2.8.5", "dependsOn": [] - }, - { - "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-test@2.6.7", - "dependsOn": [] - }, - { - "ref": "pkg:maven/org.springframework.kafka/spring-kafka-test@2.8.5", - "dependsOn": [] } ] } diff --git a/test/providers/tst_manifests/maven/poms_deps_with_no_ignore_long/component_analysis_expected_sbom.json b/test/providers/tst_manifests/maven/poms_deps_with_no_ignore_long/component_analysis_expected_sbom.json index 1410918..a60e6fc 100644 --- a/test/providers/tst_manifests/maven/poms_deps_with_no_ignore_long/component_analysis_expected_sbom.json +++ b/test/providers/tst_manifests/maven/poms_deps_with_no_ignore_long/component_analysis_expected_sbom.json @@ -69,22 +69,6 @@ "purl": "pkg:maven/org.projectlombok/lombok@1.18.24", "type": "library", "bom-ref": "pkg:maven/org.projectlombok/lombok@1.18.24" - }, - { - "group": "org.springframework.boot", - "name": "spring-boot-starter-test", - "version": "2.6.7", - "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-test@2.6.7", - "type": "library", - "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-test@2.6.7" - }, - { - "group": "org.springframework.kafka", - "name": "spring-kafka-test", - "version": "2.8.5", - "purl": "pkg:maven/org.springframework.kafka/spring-kafka-test@2.8.5", - "type": "library", - "bom-ref": "pkg:maven/org.springframework.kafka/spring-kafka-test@2.8.5" } ], "dependencies": [ @@ -96,9 +80,7 @@ "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.6.7", "pkg:maven/org.apache.kafka/kafka-streams@3.0.1", "pkg:maven/org.springframework.kafka/spring-kafka@2.8.5", - "pkg:maven/org.projectlombok/lombok@1.18.24", - "pkg:maven/org.springframework.boot/spring-boot-starter-test@2.6.7", - "pkg:maven/org.springframework.kafka/spring-kafka-test@2.8.5" + "pkg:maven/org.projectlombok/lombok@1.18.24" ] }, { @@ -124,14 +106,6 @@ { "ref": "pkg:maven/org.projectlombok/lombok@1.18.24", "dependsOn": [] - }, - { - "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-test@2.6.7", - "dependsOn": [] - }, - { - "ref": "pkg:maven/org.springframework.kafka/spring-kafka-test@2.8.5", - "dependsOn": [] } ] }