cyclonedx-cli
cyclonedx-cli copied to clipboard
CycloneDX
Add "merge --input-file-list NAME ..." as a way to exceed CLI limits
...or to handle filenames in paths which have spaces.
Not tested yet, and C# is not my native language, so please bear with me :) UPDATE: Now tested, as detailed in comments below.
So far, posting to make sure CI passes on all platforms with this trivial change. Not sure how to test this properly (with an additional file to list SBOM files) - suggestions or maintainer commits are welcome :)
Sonatype Lift is retiring
Sonatype Lift will be retiring on Sep 12, 2023, with its analysis stopping on Aug 12, 2023. We understand that this news may come as a disappointment, and Sonatype is committed to helping you transition off it seamlessly. If you’d like to retain your data, please export your issues from the web console. We are extremely grateful and thank you for your support over the years.
📖 Read about the impacts and timeline
![sonatype-lift[bot] avatar](https://avatars.githubusercontent.com/in/9843?v=4 "Published by a pub.dev verified publisher"){kind=small}
Now actually tested locally, at least. Outputs posted below (made a bit noisier to see what's happening with parameter handling).
- With a CRLF-separated list file:
:; cyclonedx.exe merge --input-files top*json --input-files-list top*txt \
--output-file myProject_deploystd~da72200.json
Got 1 individual input file name(s): ['topSBOM.myProject_deploystd~da72200.CollectedComponents.json']
Got 1 file(s) with actual input file names: ['topSBOM.myProject_deploystd~da72200.CollectedComponents.list.txt']
Adding to input file list from topSBOM.myProject_deploystd~da72200.CollectedComponents.list.txt
Got 301 entries from topSBOM.myProject_deploystd~da72200.CollectedComponents.list.txt
Processing input file topSBOM.myProject_deploystd~da72200.CollectedComponents.json
Contains 18 components
Processing input file common-service-discovery-14.0.0-cyclonedx.json
Contains 12 components
Processing input file db-12.0.0-cyclonedx.json
Contains 119 components
...
- Similar for a NUL-separated file (as would be provided by
find ... -print0):
:; tr -d '\r' < top*txt | tr '\n' '\0' > top*txt0
:; cyclonedx.exe merge --input-files top*json --input-files-nul-list top*txt0 \
--output-file myProject_deploystd~da72200.json
Got 1 individual input file name(s): ['topSBOM.myProject_deploystd~da72200.CollectedComponents.json']
Got 1 file(s) with NUL-separated actual input file names: ['topSBOM.myProject_deploystd~da72200.CollectedComponents.list.txt0']
Adding to input file list from topSBOM.myProject_deploystd~da72200.CollectedComponents.list.txt0
Got 301 entries from topSBOM.myProject_deploystd~da72200.CollectedComponents.list.txt0
Processing input file topSBOM.myProject_deploystd~da72200.CollectedComponents.json
Contains 18 components
Processing input file common-service-discovery-14.0.0-cyclonedx.json
Contains 12 components
Processing input file db-12.0.0-cyclonedx.json
Contains 119 components
...
- UPDATE: option renamed to
--input-files-nul-listto avoid conflicts in C# Options parser
Updated report style:
:; cyclonedx.exe merge --input-files top*json --input-files-list top*txt \
--output-file myProject_deploystd~da72200.json
Got 1 individual input file name(s): ['topSBOM.myProject_deploystd~da72200.CollectedComponents.json']
Processing 1 file(s) with list of actual input file names: ['topSBOM.myProject_deploystd~da72200.CollectedComponents.list.txt']
Adding to input file list from topSBOM.myProject_deploystd~da72200.CollectedComponents.list.txt
Got 295 new entries from topSBOM.myProject_deploystd~da72200.CollectedComponents.list.txt
Determined 296 input files to merge
Processing input file topSBOM.myProject_deploystd~da72200.CollectedComponents.json
Contains 18 components
...
Writing output file...
Total 26726 components