diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a1456d3..a9f40c8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,16 +12,16 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Use Node.js - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: 20.x registry-url: https://registry.npmjs.org/ - - uses: actions/setup-go@v3 + - uses: actions/setup-go@v5 with: go-version: '^1.19.8' - - uses: actions/cache@v3 + - uses: actions/cache@v4 with: path: | ~/.cache/go-build @@ -31,10 +31,10 @@ jobs: ${{ runner.os }}-go- - name: Release run: | - wget https://github.com/upx/upx/releases/download/v4.2.1/upx-4.2.1-amd64_linux.tar.xz - tar -xvf upx-4.2.1-amd64_linux.tar.xz - chmod +x upx-4.2.1-amd64_linux/upx - sudo cp upx-4.2.1-amd64_linux/upx /usr/local/bin/ + wget https://github.com/upx/upx/releases/download/v4.2.2/upx-4.2.2-amd64_linux.tar.xz + tar -xvf upx-4.2.2-amd64_linux.tar.xz + chmod +x upx-4.2.2-amd64_linux/upx + sudo cp upx-4.2.2-amd64_linux/upx /usr/local/bin/ npm config set //npm.pkg.github.com/:_authToken=$GITHUB_TOKEN npm config set //registry.npmjs.org/:_authToken=$NPMJS_AUTH_TOKEN bash build.sh @@ -50,7 +50,21 @@ jobs: npm publish --access=public --@cyclonedx:registry='https://registry.npmjs.org' popd - pushd packages/arm64 + pushd packages/linux-arm64 + echo "cyclonedx:registry=https://npm.pkg.github.com" > ~/.npmrc + npm publish --access=public --@cyclonedx:registry='https://npm.pkg.github.com' + echo "cyclonedx:registry=https://registry.npmjs.org" > ~/.npmrc + npm publish --access=public --@cyclonedx:registry='https://registry.npmjs.org' + popd + + pushd packages/windows-arm64 + echo "cyclonedx:registry=https://npm.pkg.github.com" > ~/.npmrc + npm publish --access=public --@cyclonedx:registry='https://npm.pkg.github.com' + echo "cyclonedx:registry=https://registry.npmjs.org" > ~/.npmrc + npm publish --access=public --@cyclonedx:registry='https://registry.npmjs.org' + popd + + pushd packages/darwin-arm64 echo "cyclonedx:registry=https://npm.pkg.github.com" > ~/.npmrc npm publish --access=public --@cyclonedx:registry='https://npm.pkg.github.com' echo "cyclonedx:registry=https://registry.npmjs.org" > ~/.npmrc diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 5d115f7..899bbc6 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,19 +10,19 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Use Node.js - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: 20.x registry-url: https://registry.npmjs.org/ - - uses: actions/setup-go@v3 + - uses: actions/setup-go@v5 with: go-version: '^1.19.8' - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: - python-version: '3.10' - - uses: actions/cache@v3 + python-version: '3.11' + - uses: actions/cache@v4 with: path: | ~/.cache/go-build @@ -32,10 +32,10 @@ jobs: ${{ runner.os }}-go- - name: Build run: | - wget https://github.com/upx/upx/releases/download/v4.2.1/upx-4.2.1-amd64_linux.tar.xz - tar -xvf upx-4.2.1-amd64_linux.tar.xz - chmod +x upx-4.2.1-amd64_linux/upx - sudo cp upx-4.2.1-amd64_linux/upx /usr/local/bin/ + wget https://github.com/upx/upx/releases/download/v4.2.2/upx-4.2.2-amd64_linux.tar.xz + tar -xvf upx-4.2.2-amd64_linux.tar.xz + chmod +x upx-4.2.2-amd64_linux/upx + sudo cp upx-4.2.2-amd64_linux/upx /usr/local/bin/ bash build.sh pip3 install blint blint -i plugins -o /tmp/reports @@ -43,10 +43,43 @@ jobs: pushd packages/windows-amd64 npm publish --dry-run popd - pushd packages/arm64 + pushd packages/linux-arm64 + npm publish --dry-run + popd + pushd packages/windows-arm64 + npm publish --dry-run + popd + pushd packages/darwin-arm64 npm publish --dry-run popd pushd packages/ppc64 npm publish --dry-run popd - continue-on-error: true + winpkg: + runs-on: windows-latest + permissions: + contents: read + steps: + - uses: actions/checkout@v4 + - name: Use Node.js + uses: actions/setup-node@v4 + with: + node-version: 20.x + registry-url: https://registry.npmjs.org/ + - uses: actions/setup-go@v5 + with: + go-version: '^1.19.8' + - uses: actions/setup-python@v5 + with: + python-version: '3.11' + - uses: actions/cache@v4 + with: + path: | + ~/.cache/go-build + ~/go/pkg/mod + key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go- + - name: Build + run: | + .\build.ps1 diff --git a/build.ps1 b/build.ps1 index 2a597df..76c8491 100644 --- a/build.ps1 +++ b/build.ps1 @@ -3,13 +3,14 @@ New-Item -ItemType Directory -Path plugins\cargo-auditable -Force New-Item -ItemType Directory -Path plugins\osquery -Force New-Item -ItemType Directory -Path plugins\dosai -Force -Invoke-WebRequest -Uri https://github.com/upx/upx/releases/download/v4.2.1/upx-4.2.1-win64.zip -UseBasicParsing -OutFile upx-4.2.1-win64.zip -Expand-Archive -Path upx-4.2.1-win64.zip -DestinationPath . -Force +Invoke-WebRequest -Uri https://github.com/upx/upx/releases/download/v4.2.2/upx-4.2.2-win64.zip -UseBasicParsing -OutFile upx-4.2.2-win64.zip +Expand-Archive -Path upx-4.2.2-win64.zip -DestinationPath . -Force -Invoke-WebRequest -Uri https://github.com/osquery/osquery/releases/download/5.10.2/osquery-5.10.2.windows_x86_64.zip -UseBasicParsing -OutFile osquery-5.10.2.windows_x86_64.zip -Expand-Archive -Path osquery-5.10.2.windows_x86_64.zip -DestinationPath . -Force -copy "osquery-5.10.2.windows_x86_64\Program Files\osquery\osqueryi.exe" plugins\osquery\osqueryi-windows-amd64.exe -upx-4.2.1-win64\upx.exe -9 --lzma plugins\osquery\osqueryi-windows-amd64.exe +Invoke-WebRequest -Uri https://github.com/osquery/osquery/releases/download/5.11.0/osquery-5.11.0.windows_x86_64.zip -UseBasicParsing -OutFile osquery-5.11.0.windows_x86_64.zip +Expand-Archive -Path osquery-5.11.0.windows_x86_64.zip -DestinationPath . -Force +copy "osquery-5.11.0.windows_x86_64\Program Files\osquery\osqueryi.exe" plugins\osquery\osqueryi-windows-amd64.exe +upx-4.2.2-win64\upx.exe -9 --lzma plugins\osquery\osqueryi-windows-amd64.exe +plugins\osquery\osqueryi-windows-amd64.exe --help Invoke-WebRequest -Uri https://github.com/owasp-dep-scan/dosai/releases/latest/download/Dosai.exe -UseBasicParsing -OutFile plugins/dosai/dosai-windows-amd64.exe @@ -19,7 +20,7 @@ set GOARCH=amd64 New-Item -ItemType Directory -Path plugins\goversion -Force cd thirdparty\goversion go build -ldflags "-H=windowsgui -s -w" -o build\goversion-windows-amd64.exe -..\..\upx-4.2.1-win64\upx.exe -9 --lzma build\goversion-windows-amd64.exe +..\..\upx-4.2.2-win64\upx.exe -9 --lzma build\goversion-windows-amd64.exe copy build\* ..\..\plugins\goversion\ Remove-Item build -Recurse -Force cd ..\.. @@ -27,7 +28,7 @@ cd ..\.. New-Item -ItemType Directory -Path plugins\cargo-auditable -Force cd thirdparty\cargo-auditable go build -ldflags "-H=windowsgui -s -w" -o build\cargo-auditable-windows-amd64.exe -..\..\upx-4.2.1-win64\upx.exe -9 --lzma build\cargo-auditable-windows-amd64.exe +..\..\upx-4.2.2-win64\upx.exe -9 --lzma build\cargo-auditable-windows-amd64.exe copy build\* ..\..\plugins\cargo-auditable\ Remove-Item build -Recurse -Force cd ..\.. @@ -35,12 +36,12 @@ cd ..\.. New-Item -ItemType Directory -Path plugins\trivy -Force cd thirdparty\trivy go build -ldflags "-H=windowsgui -s -w" -o build\trivy-windows-amd64.exe -..\..\upx-4.2.1-win64\upx.exe -9 --lzma build\trivy-windows-amd64.exe +..\..\upx-4.2.2-win64\upx.exe -9 --lzma build\trivy-windows-amd64.exe copy build\* ..\..\plugins\trivy\ Remove-Item build -Recurse -Force cd ..\.. -Remove-Item osquery-5.10.2.windows_x86_64 -Recurse -Force -Remove-Item osquery-5.10.2.windows_x86_64.zip -Recurse -Force -Remove-Item upx-4.2.1-win64 -Recurse -Force -Remove-Item upx-4.2.1-win64.zip -Recurse -Force +Remove-Item osquery-5.11.0.windows_x86_64 -Recurse -Force +Remove-Item osquery-5.11.0.windows_x86_64.zip -Recurse -Force +Remove-Item upx-4.2.2-win64 -Recurse -Force +Remove-Item upx-4.2.2-win64.zip -Recurse -Force diff --git a/build.sh b/build.sh index 2cba683..155a83c 100755 --- a/build.sh +++ b/build.sh @@ -7,13 +7,13 @@ rm -rf plugins/osquery rm -rf plugins/dosai mkdir -p plugins/osquery plugins/dosai -wget https://github.com/osquery/osquery/releases/download/5.10.2/osquery-5.10.2_1.linux_x86_64.tar.gz -tar -xvf osquery-5.10.2_1.linux_x86_64.tar.gz +wget https://github.com/osquery/osquery/releases/download/5.11.0/osquery-5.11.0_1.linux_x86_64.tar.gz +tar -xvf osquery-5.11.0_1.linux_x86_64.tar.gz cp opt/osquery/bin/osqueryd plugins/osquery/osqueryi-linux-amd64 upx -9 --lzma plugins/osquery/osqueryi-linux-amd64 sha256sum plugins/osquery/osqueryi-linux-amd64 > plugins/osquery/osqueryi-linux-amd64.sha256 rm -rf etc usr var opt -rm osquery-5.10.2_1.linux_x86_64.tar.gz +rm osquery-5.11.0_1.linux_x86_64.tar.gz curl -L https://github.com/owasp-dep-scan/dosai/releases/latest/download/Dosai -o plugins/dosai/dosai-linux-amd64 chmod +x plugins/dosai/dosai-linux-amd64 @@ -31,12 +31,15 @@ do done ./plugins/osquery/osqueryi-linux-amd64 --help +upx -9 --lzma ./plugins/goversion/goversion-linux-amd64 ./plugins/goversion/goversion-linux-amd64 +upx -9 --lzma ./plugins/trivy/trivy-cdxgen-linux-amd64 ./plugins/trivy/trivy-cdxgen-linux-amd64 -v +upx -9 --lzma ./plugins/cargo-auditable/cargo-auditable-cdxgen-linux-amd64 ./plugins/cargo-auditable/cargo-auditable-cdxgen-linux-amd64 ./plugins/dosai/dosai-linux-amd64 --help -for flavours in windows-amd64 arm64 ppc64 +for flavours in windows-amd64 linux-arm64 windows-arm64 darwin-arm64 ppc64 do chmod +x packages/$flavours/build-$flavours.sh pushd packages/$flavours diff --git a/package-lock.json b/package-lock.json index cc18eb4..0a39160 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@cyclonedx/cdxgen-plugins-bin", - "version": "1.5.4", + "version": "1.5.5", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@cyclonedx/cdxgen-plugins-bin", - "version": "1.5.4", + "version": "1.5.5", "cpu": [ "x64" ], diff --git a/package.json b/package.json index e8da644..96d480f 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@cyclonedx/cdxgen-plugins-bin", - "version": "1.5.4", + "version": "1.5.5", "description": "Binary plugins to supercharge @cyclonedx/cdxgen npm package", "main": "index.js", "repository": { diff --git a/packages/arm64/build-arm64.sh b/packages/arm64/build-arm64.sh deleted file mode 100755 index 8d386bd..0000000 --- a/packages/arm64/build-arm64.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/env bash - -rm -rf plugins/goversion -rm -rf plugins/trivy -rm -rf plugins/cargo-auditable -rm -rf plugins/osquery -rm -rf plugins/dosai -mkdir -p plugins/osquery plugins/dosai - -wget https://github.com/osquery/osquery/releases/download/5.10.2/osquery-5.10.2.windows_arm64.zip -unzip osquery-5.10.2.windows_arm64.zip -cp "osquery-5.10.2.windows_arm64/Program Files/osquery/osqueryi.exe" plugins/osquery/osqueryi-windows-arm64.exe -sha256sum plugins/osquery/osqueryi-windows-arm64.exe > plugins/osquery/osqueryi-windows-arm64.exe.sha256 -rm -rf osquery-5.10.2.windows_arm64 -rm osquery-5.10.2.windows_arm64.zip - -wget https://github.com/osquery/osquery/releases/download/5.10.2/osquery-5.10.2_1.linux_aarch64.tar.gz -tar -xvf osquery-5.10.2_1.linux_aarch64.tar.gz -cp opt/osquery/bin/osqueryd plugins/osquery/osqueryi-linux-arm64 -upx -9 --lzma plugins/osquery/osqueryi-linux-arm64 -sha256sum plugins/osquery/osqueryi-linux-arm64 > plugins/osquery/osqueryi-linux-arm64.sha256 -rm -rf etc usr var opt -rm osquery-5.10.2_1.linux_aarch64.tar.gz - -curl -L https://github.com/owasp-dep-scan/dosai/releases/latest/download/Dosai -o plugins/dosai/dosai-linux-arm64 -chmod +x plugins/dosai/dosai-linux-arm64 -sha256sum plugins/dosai/dosai-linux-arm64 > plugins/dosai/dosai-linux-arm64.sha256 - -curl -L https://github.com/owasp-dep-scan/dosai/releases/latest/download/Dosai-windows-arm64.exe -o plugins/dosai/dosai-windows-arm64.exe -sha256sum plugins/dosai/dosai-windows-arm64.exe > plugins/dosai/dosai-windows-arm64.exe.sha256 - -for plug in goversion trivy cargo-auditable -do - mkdir -p plugins/$plug - mv ../../plugins/$plug/*arm64* plugins/$plug/ -done diff --git a/packages/darwin-arm64/build-darwin-arm64.sh b/packages/darwin-arm64/build-darwin-arm64.sh new file mode 100755 index 0000000..e489eb6 --- /dev/null +++ b/packages/darwin-arm64/build-darwin-arm64.sh @@ -0,0 +1,18 @@ +#!/usr/bin/env bash + +rm -rf plugins/goversion +rm -rf plugins/trivy +rm -rf plugins/cargo-auditable +rm -rf plugins/osquery +rm -rf plugins/dosai +mkdir -p plugins/osquery plugins/dosai + +curl -L https://github.com/owasp-dep-scan/dosai/releases/latest/download/Dosai -o plugins/dosai/dosai-darwin-arm64 +chmod +x plugins/dosai/dosai-darwin-arm64 +sha256sum plugins/dosai/dosai-darwin-arm64 > plugins/dosai/dosai-darwin-arm64.sha256 + +for plug in goversion trivy cargo-auditable +do + mkdir -p plugins/$plug + mv ../../plugins/$plug/*darwin-arm64* plugins/$plug/ +done diff --git a/packages/arm64/index.js b/packages/darwin-arm64/index.js similarity index 100% rename from packages/arm64/index.js rename to packages/darwin-arm64/index.js diff --git a/packages/darwin-arm64/package.json b/packages/darwin-arm64/package.json new file mode 100644 index 0000000..bab1141 --- /dev/null +++ b/packages/darwin-arm64/package.json @@ -0,0 +1,34 @@ +{ + "name": "@cyclonedx/cdxgen-plugins-bin-darwin-arm64", + "version": "1.5.5", + "description": "Arm64 binary plugins to supercharge @cyclonedx/cdxgen npm package", + "main": "index.js", + "repository": { + "type": "git", + "url": "git+https://github.com/cyclonedx/cdxgen-plugins-bin.git" + }, + "keywords": [ + "cdxgen", + "sbom", + "bom", + "plugins", + "dependency", + "appsec" + ], + "author": "Prabhu Subramanian ", + "license": "Apache-2.0", + "bugs": { + "url": "https://github.com/cyclonedx/cdxgen-plugins-bin/issues" + }, + "homepage": "https://github.com/cyclonedx/cdxgen-plugins-bin#readme", + "files": [ + "*.js", + "plugins/" + ], + "os": [ + "darwin" + ], + "cpu": [ + "arm64" + ] +} diff --git a/packages/arm64/plugins/.gitignore b/packages/darwin-arm64/plugins/.gitignore similarity index 100% rename from packages/arm64/plugins/.gitignore rename to packages/darwin-arm64/plugins/.gitignore diff --git a/packages/arm64/plugins/.gitkeep b/packages/darwin-arm64/plugins/.gitkeep similarity index 100% rename from packages/arm64/plugins/.gitkeep rename to packages/darwin-arm64/plugins/.gitkeep diff --git a/packages/arm64/plugins/.npmignore b/packages/darwin-arm64/plugins/.npmignore similarity index 100% rename from packages/arm64/plugins/.npmignore rename to packages/darwin-arm64/plugins/.npmignore diff --git a/packages/linux-arm64/build-linux-arm64.sh b/packages/linux-arm64/build-linux-arm64.sh new file mode 100755 index 0000000..6097417 --- /dev/null +++ b/packages/linux-arm64/build-linux-arm64.sh @@ -0,0 +1,27 @@ +#!/usr/bin/env bash + +rm -rf plugins/goversion +rm -rf plugins/trivy +rm -rf plugins/cargo-auditable +rm -rf plugins/osquery +rm -rf plugins/dosai +mkdir -p plugins/osquery plugins/dosai + +wget https://github.com/osquery/osquery/releases/download/5.11.0/osquery-5.11.0_1.linux_aarch64.tar.gz +tar -xvf osquery-5.11.0_1.linux_aarch64.tar.gz +cp opt/osquery/bin/osqueryd plugins/osquery/osqueryi-linux-arm64 +upx -9 --lzma plugins/osquery/osqueryi-linux-arm64 +sha256sum plugins/osquery/osqueryi-linux-arm64 > plugins/osquery/osqueryi-linux-arm64.sha256 +rm -rf etc usr var opt +rm osquery-5.11.0_1.linux_aarch64.tar.gz + +curl -L https://github.com/owasp-dep-scan/dosai/releases/latest/download/Dosai-linux-arm64 -o plugins/dosai/dosai-linux-arm64 +chmod +x plugins/dosai/dosai-linux-arm64 +sha256sum plugins/dosai/dosai-linux-arm64 > plugins/dosai/dosai-linux-arm64.sha256 + +for plug in goversion trivy cargo-auditable +do + mkdir -p plugins/$plug + mv ../../plugins/$plug/*linux-arm64* plugins/$plug/ + upx -9 --lzma plugins/$plug/*linux-arm64* || true +done diff --git a/packages/linux-arm64/index.js b/packages/linux-arm64/index.js new file mode 100644 index 0000000..8e8a0f2 --- /dev/null +++ b/packages/linux-arm64/index.js @@ -0,0 +1,8 @@ +// Debug mode flag +const DEBUG_MODE = + process.env.CDXGEN_DEBUG_MODE === "debug" || + process.env.NODE_ENV === "development"; + +if (DEBUG_MODE) { + console.log("cdxgen plugins check"); +} diff --git a/packages/arm64/package.json b/packages/linux-arm64/package.json similarity index 93% rename from packages/arm64/package.json rename to packages/linux-arm64/package.json index f6ab392..2443f33 100644 --- a/packages/arm64/package.json +++ b/packages/linux-arm64/package.json @@ -1,6 +1,6 @@ { "name": "@cyclonedx/cdxgen-plugins-bin-arm64", - "version": "1.5.4", + "version": "1.5.5", "description": "Arm64 binary plugins to supercharge @cyclonedx/cdxgen npm package", "main": "index.js", "repository": { @@ -25,6 +25,9 @@ "*.js", "plugins/" ], + "os": [ + "linux" + ], "cpu": [ "arm64" ] diff --git a/packages/linux-arm64/plugins/.gitignore b/packages/linux-arm64/plugins/.gitignore new file mode 100644 index 0000000..5b1314b --- /dev/null +++ b/packages/linux-arm64/plugins/.gitignore @@ -0,0 +1,5 @@ +goversion/ +trivy/ +cargo-auditable/ +osquery/ +dosai/ \ No newline at end of file diff --git a/packages/linux-arm64/plugins/.gitkeep b/packages/linux-arm64/plugins/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/packages/linux-arm64/plugins/.npmignore b/packages/linux-arm64/plugins/.npmignore new file mode 100644 index 0000000..e69de29 diff --git a/packages/ppc64/build-ppc64.sh b/packages/ppc64/build-ppc64.sh index 82d268e..32f5c69 100755 --- a/packages/ppc64/build-ppc64.sh +++ b/packages/ppc64/build-ppc64.sh @@ -8,4 +8,5 @@ for plug in goversion trivy cargo-auditable do mkdir -p plugins/$plug mv ../../plugins/$plug/*ppc64* plugins/$plug/ + upx -9 --lzma plugins/$plug/*ppc64* || true done diff --git a/packages/ppc64/package.json b/packages/ppc64/package.json index a4ba13e..364fa96 100644 --- a/packages/ppc64/package.json +++ b/packages/ppc64/package.json @@ -1,6 +1,6 @@ { "name": "@cyclonedx/cdxgen-plugins-bin-ppc64", - "version": "1.5.4", + "version": "1.5.5", "description": "ppc64 binary plugins to supercharge @cyclonedx/cdxgen npm package", "main": "index.js", "repository": { diff --git a/packages/windows-amd64/build-windows-amd64.sh b/packages/windows-amd64/build-windows-amd64.sh index 9b59922..c1ea08a 100755 --- a/packages/windows-amd64/build-windows-amd64.sh +++ b/packages/windows-amd64/build-windows-amd64.sh @@ -7,13 +7,13 @@ rm -rf plugins/osquery rm -rf plugins/dosai mkdir -p plugins/osquery plugins/dosai -wget https://github.com/osquery/osquery/releases/download/5.10.2/osquery-5.10.2.windows_x86_64.zip -unzip osquery-5.10.2.windows_x86_64.zip -cp "osquery-5.10.2.windows_x86_64/Program Files/osquery/osqueryi.exe" plugins/osquery/osqueryi-windows-amd64.exe +wget https://github.com/osquery/osquery/releases/download/5.11.0/osquery-5.11.0.windows_x86_64.zip +unzip osquery-5.11.0.windows_x86_64.zip +cp "osquery-5.11.0.windows_x86_64/Program Files/osquery/osqueryi.exe" plugins/osquery/osqueryi-windows-amd64.exe upx -9 --lzma plugins/osquery/osqueryi-windows-amd64.exe sha256sum plugins/osquery/osqueryi-windows-amd64.exe > plugins/osquery/osqueryi-windows-amd64.exe.sha256 -rm -rf osquery-5.10.2.windows_x86_64 -rm osquery-5.10.2.windows_x86_64.zip +rm -rf osquery-5.11.0.windows_x86_64 +rm osquery-5.11.0.windows_x86_64.zip curl -L https://github.com/owasp-dep-scan/dosai/releases/latest/download/Dosai.exe -o plugins/dosai/dosai-windows-amd64.exe sha256sum plugins/dosai/dosai-windows-amd64.exe > plugins/dosai/dosai-windows-amd64.exe.sha256 @@ -21,5 +21,5 @@ sha256sum plugins/dosai/dosai-windows-amd64.exe > plugins/dosai/dosai-windows-am for plug in goversion trivy cargo-auditable do mkdir -p plugins/$plug - mv ../../plugins/$plug/*.exe* plugins/$plug/ + mv ../../plugins/$plug/*windows-amd64* plugins/$plug/ done diff --git a/packages/windows-amd64/package.json b/packages/windows-amd64/package.json index 31f5d8b..edb7df3 100644 --- a/packages/windows-amd64/package.json +++ b/packages/windows-amd64/package.json @@ -1,6 +1,6 @@ { "name": "@cyclonedx/cdxgen-plugins-bin-windows-amd64", - "version": "1.5.4", + "version": "1.5.5", "description": "Windows amd64 binary plugins to supercharge @cyclonedx/cdxgen npm package", "main": "index.js", "repository": { diff --git a/packages/windows-arm64/build-windows-arm64.sh b/packages/windows-arm64/build-windows-arm64.sh new file mode 100755 index 0000000..a1e9835 --- /dev/null +++ b/packages/windows-arm64/build-windows-arm64.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash + +rm -rf plugins/goversion +rm -rf plugins/trivy +rm -rf plugins/cargo-auditable +rm -rf plugins/osquery +rm -rf plugins/dosai +mkdir -p plugins/osquery plugins/dosai + +wget https://github.com/osquery/osquery/releases/download/5.11.0/osquery-5.11.0.windows_arm64.zip +unzip osquery-5.11.0.windows_arm64.zip +cp "osquery-5.11.0.windows_arm64/Program Files/osquery/osqueryi.exe" plugins/osquery/osqueryi-windows-arm64.exe +sha256sum plugins/osquery/osqueryi-windows-arm64.exe > plugins/osquery/osqueryi-windows-arm64.exe.sha256 +rm -rf osquery-5.11.0.windows_arm64 +rm osquery-5.11.0.windows_arm64.zip + +curl -L https://github.com/owasp-dep-scan/dosai/releases/latest/download/Dosai-windows-arm64.exe -o plugins/dosai/dosai-windows-arm64.exe +sha256sum plugins/dosai/dosai-windows-arm64.exe > plugins/dosai/dosai-windows-arm64.exe.sha256 + +for plug in goversion trivy cargo-auditable +do + mkdir -p plugins/$plug + mv ../../plugins/$plug/*windows-arm64* plugins/$plug/ +done diff --git a/packages/windows-arm64/index.js b/packages/windows-arm64/index.js new file mode 100644 index 0000000..8e8a0f2 --- /dev/null +++ b/packages/windows-arm64/index.js @@ -0,0 +1,8 @@ +// Debug mode flag +const DEBUG_MODE = + process.env.CDXGEN_DEBUG_MODE === "debug" || + process.env.NODE_ENV === "development"; + +if (DEBUG_MODE) { + console.log("cdxgen plugins check"); +} diff --git a/packages/windows-arm64/package.json b/packages/windows-arm64/package.json new file mode 100644 index 0000000..d607114 --- /dev/null +++ b/packages/windows-arm64/package.json @@ -0,0 +1,34 @@ +{ + "name": "@cyclonedx/cdxgen-plugins-bin-windows-arm64", + "version": "1.5.5", + "description": "Arm64 binary plugins to supercharge @cyclonedx/cdxgen npm package", + "main": "index.js", + "repository": { + "type": "git", + "url": "git+https://github.com/cyclonedx/cdxgen-plugins-bin.git" + }, + "keywords": [ + "cdxgen", + "sbom", + "bom", + "plugins", + "dependency", + "appsec" + ], + "author": "Prabhu Subramanian ", + "license": "Apache-2.0", + "bugs": { + "url": "https://github.com/cyclonedx/cdxgen-plugins-bin/issues" + }, + "homepage": "https://github.com/cyclonedx/cdxgen-plugins-bin#readme", + "files": [ + "*.js", + "plugins/" + ], + "os": [ + "win32" + ], + "cpu": [ + "arm64" + ] +} diff --git a/packages/windows-arm64/plugins/.gitignore b/packages/windows-arm64/plugins/.gitignore new file mode 100644 index 0000000..5b1314b --- /dev/null +++ b/packages/windows-arm64/plugins/.gitignore @@ -0,0 +1,5 @@ +goversion/ +trivy/ +cargo-auditable/ +osquery/ +dosai/ \ No newline at end of file diff --git a/packages/windows-arm64/plugins/.gitkeep b/packages/windows-arm64/plugins/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/packages/windows-arm64/plugins/.npmignore b/packages/windows-arm64/plugins/.npmignore new file mode 100644 index 0000000..e69de29 diff --git a/thirdparty/cargo-auditable/Makefile b/thirdparty/cargo-auditable/Makefile index 60d81ed..55b10f4 100644 --- a/thirdparty/cargo-auditable/Makefile +++ b/thirdparty/cargo-auditable/Makefile @@ -2,12 +2,12 @@ PATH := $(PATH):/usr/local/go/bin:$HOME/go/bin: appname := cargo-auditable-cdxgen sources := main.go -build = CGO_ENABLED=0 GOOS=$(1) GOARCH=$(2) go build -ldflags "-s -w -extldflags=-Wl,-z,now,-z,relro" -o build/$(appname)-$(1)-$(2)$(3) && upx -9 --lzma build/$(appname)-$(1)-$(2)$(3) || true +build = CGO_ENABLED=0 GOOS=$(1) GOARCH=$(2) go build -ldflags "-s -w -extldflags=-Wl,-z,now,-z,relro" -o build/$(appname)-$(1)-$(2)$(3) sha = cd build && sha256sum $(appname)-$(1)-$(2)$(3) > $(appname)-$(1)-$(2)$(3).sha256 .PHONY: all windows darwin linux clean -all: windows linux +all: windows linux darwin clean: rm -rf build/ @@ -35,7 +35,7 @@ build/linux_ppc64le: $(sources) $(call sha,linux,ppc64le,) ##### DARWIN (MAC) BUILDS ##### -darwin: build/darwin_amd64 build/darwin_arm64 +darwin: build/darwin_arm64 build/darwin_amd64: $(sources) $(call build,darwin,amd64,) diff --git a/thirdparty/goversion/Makefile b/thirdparty/goversion/Makefile index eda74e1..3bf596a 100644 --- a/thirdparty/goversion/Makefile +++ b/thirdparty/goversion/Makefile @@ -2,12 +2,12 @@ PATH := $(PATH):/usr/local/go/bin:$HOME/go/bin: appname := goversion sources := version.go exe.go xcoff.go io.go file.go -build = CGO_ENABLED=0 GOOS=$(1) GOARCH=$(2) go build -ldflags "-s -w -extldflags=-Wl,-z,now,-z,relro" -o build/$(appname)-$(1)-$(2)$(3) && upx -9 --lzma build/$(appname)-$(1)-$(2)$(3) || true +build = CGO_ENABLED=0 GOOS=$(1) GOARCH=$(2) go build -ldflags "-s -w -extldflags=-Wl,-z,now,-z,relro" -o build/$(appname)-$(1)-$(2)$(3) sha = cd build && sha256sum $(appname)-$(1)-$(2)$(3) > $(appname)-$(1)-$(2)$(3).sha256 .PHONY: all windows darwin linux clean -all: windows linux +all: windows linux darwin clean: rm -rf build/ @@ -35,7 +35,7 @@ build/linux_ppc64le: $(sources) $(call sha,linux,ppc64le,) ##### DARWIN (MAC) BUILDS ##### -darwin: build/darwin_amd64 build/darwin_arm64 +darwin: build/darwin_arm64 build/darwin_amd64: $(sources) $(call build,darwin,amd64,) diff --git a/thirdparty/trivy/Makefile b/thirdparty/trivy/Makefile index c54bcb6..4b7074d 100644 --- a/thirdparty/trivy/Makefile +++ b/thirdparty/trivy/Makefile @@ -2,12 +2,12 @@ PATH := $(PATH):/usr/local/go/bin:$HOME/go/bin: appname := trivy-cdxgen sources := main.go -build = CGO_ENABLED=0 GOOS=$(1) GOARCH=$(2) go build -ldflags "-s -w -extldflags=-Wl,-z,now,-z,relro" -o build/$(appname)-$(1)-$(2)$(3) && upx -9 --lzma build/$(appname)-$(1)-$(2)$(3) || true +build = CGO_ENABLED=0 GOOS=$(1) GOARCH=$(2) go build -ldflags "-s -w -extldflags=-Wl,-z,now,-z,relro" -o build/$(appname)-$(1)-$(2)$(3) sha = cd build && sha256sum $(appname)-$(1)-$(2)$(3) > $(appname)-$(1)-$(2)$(3).sha256 .PHONY: all windows darwin linux clean -all: windows linux +all: windows linux darwin clean: rm -rf build/ @@ -35,7 +35,7 @@ build/linux_ppc64le: $(sources) $(call sha,linux,ppc64le,) ##### DARWIN (MAC) BUILDS ##### -darwin: build/darwin_amd64 build/darwin_arm64 +darwin: build/darwin_arm64 build/darwin_amd64: $(sources) $(call build,darwin,amd64,) @@ -46,7 +46,7 @@ build/darwin_arm64: $(sources) $(call sha,darwin,arm64,) ##### WINDOWS BUILDS ##### -windows: build/windows_amd64 +windows: build/windows_amd64 build/windows_arm64 build/windows_386: $(sources) $(call build,windows,386,.exe)