Updates, corrections and 7 additional tools#62
Updates, corrections and 7 additional tools#62anthonyharrison wants to merge 2 commits intoCycloneDX:mainfrom
Conversation
|
please split the pullrequest into multiple parts, one PR for each tool. |
|
Why? All the tools are mine. All the new tools are at the end of the json file. The updates are primarily to the description, the lifecycle and correctly showing which version of cyclone DX is supported. |
because reviewing all these mixed changes might take a while. |
jkowalleck
left a comment
jkowalleck
left a comment
There was a problem hiding this comment.
a first review gave me the impression that huge parts of the PR are mere copy/paste.
Some details dont make sense, based on the tools' homepage/repo/description
tools.json
Outdated
| "publisher": "Anthony Harrison", | ||
| "description": "CLI utility that produces CycloneDX or SPDX SBOMs for installed javascript modules indentified in the package-lock.json, identifying dependencies and their licenses.", | ||
| "repository_url": "https://github.com/anthonyharrison/sbom4python", | ||
| "website_url": "https://pypi.org/project/sbom4python/", |
There was a problem hiding this comment.
you sure about the website and repo?
I mean, this is a JS tool - and you're linking the python tool - is this correct, or maybe a copy-paste issue?
There was a problem hiding this comment.
Oops. Should be sbom4js
tools.json
Outdated
| "functions": [ | ||
| "AUTHOR", | ||
| "TRANSFORM", | ||
| "PACKAGE_MANAGER_INTEGRATION" |
There was a problem hiding this comment.
which package manager? the readme did not tell about any.
There was a problem hiding this comment.
Windows doesn't have a package manager in the same way as Linux but the application can work with the installed data or installation files (e.g. MSI files). Will remove to avoid any confusion.
tools.json
Outdated
| ], | ||
| "functions": [ | ||
| "AUTHOR", | ||
| "TRANSFORM", |
There was a problem hiding this comment.
My misunderstanding of what Transform indicates. It is transforming dependency information into an SBOM
tools.json
Outdated
| "PACKAGE_MANAGER_INTEGRATION" | ||
| ], | ||
| "transform": [ | ||
| "BOM_STANDARD" |
There was a problem hiding this comment.
how? the tool does not have an intake for any BOM data - how can it transform them, then?
There was a problem hiding this comment.
My misunderstanding of what Transform indicates. It is transforming dependency information into an SBOM
tools.json
Outdated
| ], | ||
| "platform": [ | ||
| "LINUX", | ||
| "MAC", |
There was a problem hiding this comment.
the tool is for windows - whow does it support a mac?
There was a problem hiding this comment.
The tool can work on a Mac if you have a windows installation disk.
tools.json
Outdated
| "ANALYSIS" | ||
| ], | ||
| "transform": [ | ||
| "BOM_STANDARD", |
There was a problem hiding this comment.
a validation tool that does transofmration???
Signed-off-by: anthonyharrison <anthony.p.harrison@gmail.com>
Signed-off-by: anthonyharrison <anthony.p.harrison@gmail.com>
|
Will submit separate PRs for each new tool. |
Yes lots of cut n'paste as it isn't straighforward to create a tools entry by hand. If there was a tool/form to create a tool entry that might make it easier and it could also provide some basic validation to ensure there is consistency of the data. |
|
|
we've changed how the |
2 participants
Updates and corrections to tool definitions