prep demo

Signed-off-by: Jan Kowalleck <[email protected]>
CycloneDX · Nov 12, 2022 · da9372f · da9372f
1 parent 96282f0
commit da9372f
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -83,9 +83,10 @@ Options:
                             (can be set multiple times)
                             (choices: "dev", "optional", "peer", default: "dev" if the NODE_ENV environment variable is set to "production", otherwise empty)
   --flatten-components      Whether to flatten the components.
-                            Enabling this feature means the actual nesting of node packages is not represented in the SBOM result.
+                            Enabling this feature means the actual nesting of node packages is not represented in the SBOM result, which causes a massive information loss.
                             (default: false)
   --deduplicate-components  Whether to artificially de-duplicate the node packages.
+                            Enabling this feature means the actual multiple/parallel installed instances of a packages are displayed as one component, which causes a massive information loss.
                             Enabling this feature implies option "--flatten-components=true"
                             (default: false)
   --short-PURLs             Omit all qualifiers from PackageURLs.

diff --git a/demo/gen-boms.sh b/demo/gen-boms.sh
@@ -39,6 +39,16 @@ do
       --output-format "$format" \
       --output-file "$result_dir/flat/bom.$spec.$format" \
       "$package"
+
+      echo ">>> $result_dir $spec $format deduplicated"
+      mkdir -p "$result_dir/deduplicated"
+      node -- "$BIN_CDX_N" \
+      --deduplicate-components \
+      --spec-version "$spec" \
+      --output-reproducible \
+      --output-format "$format" \
+      --output-file "$result_dir/deduplicated/bom.$spec.$format" \
+      "$package"
     done
   done
 done
diff --git a/src/cli.ts b/src/cli.ts
@@ -87,12 +87,13 @@ function makeCommand (process: NodeJS.Process): Command {
     new Option(
       '--flatten-components',
       'Whether to flatten the components.\n' +
-      'Enabling this feature means the actual nesting of node packages is not represented in the SBOM result.'
+      'Enabling this feature means the actual nesting of node packages is not represented in the SBOM result, which causes a massive information loss.'
     ).default(false)
   ).addOption(
     new Option(
       '--deduplicate-components',
       'Whether to artificially de-duplicate the node packages.\n' +
+      'Enabling this feature means the actual multiple/parallel installed instances of a packages are displayed as one component, which causes a massive information loss.\n' +
       'Enabling this feature implies option "--flatten-components=true"'
     ).default(false)
   ).addOption(