Skip to content

Commit

Permalink
init commit
Browse files Browse the repository at this point in the history 
Signed-off-by: Nicklas Körtge <[email protected]>
  • Loading branch information
@n1ckl0sk0rtge
n1ckl0sk0rtge committed Sep 17, 2024
0 parents commit 1608921
Show file tree
Hide file tree
Showing 36,555 changed files with 1,035,050 additions and 0 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
2 changes: 2 additions & 0 deletions .gitattributes
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
# Declare css libs as vendored code
frontend/src/styles/* linguist-vendored
Binary file added .github/img/cbomkit.gif
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
43 changes: 43 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
#Maven
target/
pom.xml.tag
pom.xml.releaseBackup
pom.xml.versionsBackup
release.properties
.flattened-pom.xml

# Eclipse
.project
.classpath
.settings/
bin/

# IntelliJ
.idea
*.ipr
*.iml
*.iws

# NetBeans
nb-configuration.xml

# Visual Studio Code
.vscode
.factorypath

# OSX
.DS_Store

# Vim
*.swp
*.swo

# patch
*.orig
*.rej

# Local environment
.env

# Plugin directory
/.quarkus/cli/plugins/
1 change: 1 addition & 0 deletions .mvn/wrapper/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
maven-wrapper.jar
98 changes: 98 additions & 0 deletions .mvn/wrapper/MavenWrapperDownloader.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/

import java.io.IOException;
import java.io.InputStream;
import java.net.Authenticator;
import java.net.PasswordAuthentication;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardCopyOption;

public final class MavenWrapperDownloader
{
private static final String WRAPPER_VERSION = "3.2.0";

private static final boolean VERBOSE = Boolean.parseBoolean( System.getenv( "MVNW_VERBOSE" ) );

public static void main( String[] args )
{
log( "Apache Maven Wrapper Downloader " + WRAPPER_VERSION );

if ( args.length != 2 )
{
System.err.println( " - ERROR wrapperUrl or wrapperJarPath parameter missing" );
System.exit( 1 );
}

try
{
log( " - Downloader started" );
final URL wrapperUrl = new URL( args[0] );
final String jarPath = args[1].replace( "..", "" ); // Sanitize path
final Path wrapperJarPath = Paths.get( jarPath ).toAbsolutePath().normalize();
downloadFileFromURL( wrapperUrl, wrapperJarPath );
log( "Done" );
}
catch ( IOException e )
{
System.err.println( "- Error downloading: " + e.getMessage() );
if ( VERBOSE )
{
e.printStackTrace();
}
System.exit( 1 );
}
}

private static void downloadFileFromURL( URL wrapperUrl, Path wrapperJarPath )
throws IOException
{
log( " - Downloading to: " + wrapperJarPath );
if ( System.getenv( "MVNW_USERNAME" ) != null && System.getenv( "MVNW_PASSWORD" ) != null )
{
final String username = System.getenv( "MVNW_USERNAME" );
final char[] password = System.getenv( "MVNW_PASSWORD" ).toCharArray();
Authenticator.setDefault( new Authenticator()
{
@Override
protected PasswordAuthentication getPasswordAuthentication()
{
return new PasswordAuthentication( username, password );
}
} );
}
try ( InputStream inStream = wrapperUrl.openStream() )
{
Files.copy( inStream, wrapperJarPath, StandardCopyOption.REPLACE_EXISTING );
}
log( " - Downloader complete" );
}

private static void log( String msg )
{
if ( VERBOSE )
{
System.out.println( msg );
}
}

}
18 changes: 18 additions & 0 deletions .mvn/wrapper/maven-wrapper.properties
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
wrapperVersion=3.3.1
distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.8/apache-maven-3.9.8-bin.zip
3 changes: 3 additions & 0 deletions CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# see https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners

* @n1ckl0sk0rtge @hugoqnc @san-zrl
100 changes: 100 additions & 0 deletions CODE_OF_CONDUCT.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
# Code of Conduct

## Our Pledge

The Community is dedicated to our values of treating every individual
with respect and dignity. In the interest of fostering an open and welcoming
environment, all participants, including attendees, speakers, sponsors,
volunteers, online contributors, and IBM employees are expected to show
courtesy for each other and our community by creating a harassment-free
experience for everyone, regardless of age, personal appearance, disability,
ethnicity, gender identity and expression, body size, level of experience,
nationality, race, religion, caste, or sexual identity and orientation.
Expected behavior applies to both online and offline engagement within the community.

## Our Standards

Examples of behavior that contributes to creating a positive environment
include:

- Using welcoming and inclusive language
- Being respectful of differing viewpoints, experiences, and cultures
- Gracefully accepting constructive criticism
- Focusing on what is best for the community
- Showing empathy towards other community members
- Being mindful of your surroundings and your fellow participants and listening
to others
- Valuing the contributions of all participants
- Engaging in collaboration before conflict
- Pointing out unintentionally racist, sexist, casteist, or biased comments and
jokes made by community members when they happen

Examples of unacceptable behavior by participants, even when presented as
"ironic" or "joking," include:

- The use of sexualized language or imagery and unwelcome physical contact,
sexual attention, or advances
- Trolling, insulting/derogatory comments, and personal or political attacks
- Public or private harassment, including offensive or degrading language
- Publishing others' private information, such as a physical or electronic
address, without explicit permission. This includes any sort of "outing" of
any aspect of someone's identity without their consent.
- "Doxxing," Publishing screenshots or quotes, especially from identity slack
channels, private chat, or public events, without all quoted users' explicit
consent.
- Engaging in spamming activities, such as repeatedly sending unsolicited messages,
LLMs (Large Language Models) output, advertisements, or promotional content to
community members without previous IBM authorization.
- Other conduct which could reasonably be considered inappropriate in a
professional setting

## Our Responsibilities

The entire community is responsible for upholding the terms of the Code
of Conduct in events and spaces and reporting violations if
they see them. The internal team at IBM is ultimately responsible for
clarifying the standards of acceptable behavior and enforcement, and is expected
to take appropriate and fair corrective action in response to any instances of
unacceptable behavior.

If a participant or contributor engages in negative or harmful behavior, IBM
will take any action they deem appropriate, including but not limited to
issuing warnings, expulsion from an event with no refund, deleting comments,
permanent banning from future events or online community, or calling local law
enforcement. IBM has the right and responsibility to remove, edit, or reject
comments, commits, code, wiki edits, issues, and other contributions that are
not aligned to this Code of Conduct, or to temporarily or permanently ban any
contributor or participant for other behaviors that they deem inappropriate,
threatening, offensive, or harmful.

## Scope

This Code of Conduct applies both within project spaces and in public
spaces when an individual is representing the project or its community.
Examples of representing a project or community include using an official
project e-mail address, posting via an official social media account,
or acting as an appointed representative at an online or offline event.
Representation of a project may be further defined and clarified
by project maintainers.

## Enforcement

Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported by contacting the project team at [email protected]. All
complaints will be reviewed and investigated and will result in a response that
is deemed necessary and appropriate to the circumstances. The project team is
obligated to maintain confidentiality with regard to the reporter of an incident.
Further details of specific enforcement policies may be posted separately.

Project maintainers who do not follow or enforce the Code of Conduct in good
faith may face temporary or permanent repercussions as determined by other
members of the project's leadership.

This Code of Conduct does not supersede existing IBM corporate policies, such as
the IBM Business Conduct Guidelines and IBM Business Partner Code of Conduct.
IBM employees must follow IBM's Business Conduct Guidelines. IBM's business
partners must follow the IBM Business Partner Code of Conduct. IBM employees
concerned with a fellow IBMer's behavior should follow IBM's own internal HR
reporting protocols, which include engaging the offending IBMer's manager and
involving IBM Concerns and Appeals. IBM employees concerned with an IBM
business partner's behavior should notify [email protected].
109 changes: 109 additions & 0 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,109 @@
# Contributing

CBOMkit is a toolset for handling Cryptographic Bill of Materials (CBOM).
This page describes how you can join the community in this goal.

## Before you start

If you are new to the community? We recommend you do the following before diving into the code:

* Read the [Code of Conduct](https://github.com/IBM/cbomkit/blob/main/CODE_OF_CONDUCT.md)
* Familiarize yourself with the community (via [GitHub](https://github.com/IBM/cbomkit/discussions) etc.)

## Choose an issue to work on
The Sonar Cryptography Plugin uses the following labels to help non-maintainers find issues best suited to their interest and experience level:

* [good first issue](https://github.com/IBM/cbomkit/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22) - these issues are typically the simplest available to work on, ideal for newcomers. They should already be fully scoped, with a clear approach outlined in the descriptions.
* [help wanted](https://github.com/IBM/cbomkit/issues?q=is%3Aopen+is%3Aissue+label%3A%22help+wanted%22) - these issues are generally more complex than good first issues. They typically cover work that core maintainers don't currently have capacity to implement and may require more investigation/discussion. These are a great option for experienced contributors looking for something a bit more challenging.

## Code Style

Check if all java files are well formated and license headers are in place.
```shell
mvn spotless:check
```
Applies format and license headers to files.
```shell
mvn spotless:apply
```
Spotless Maven Documentation: https://github.com/diffplug/spotless/blob/main/plugin-maven/README.md

Check for coding style
```shell
mvn checkstyle::check
```

## Build

> To build or run CBOMkit, you need access to the `sonar-cryptography-plugin` dependency,
> hosted on [GitHub](https://github.com/IBM/sonar-cryptography) as a GitHub Package.
> Using GitHub Packages requires you to authenticate with a GitHub account using a personal
> access token. You will find explanations [here](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-apache-maven-registry#authenticating-to-github-packages).
```shell
# builds a JAR file for the Api server
make build-backend
# creates a docker image for the Api server
make build-backend-image
# creates a docker image for the frontend/viewer
make build-frontend-image
```

## Development

### Setup the development environment

Depending on where you want to change things, you can spin up different development environments.
```shell
# creates a dev environment, including
# - postgres database
make dev
# creates a dev environment, including
# - postgres database
# - frontend
make dev-backend
# creates a dev environment, including
# - postgres database
# - api server (backend)
make dev-frontend
```

#### Start the Api server

```shell
# using the cli
quarkus dev
# using maven
./mvnw quarkus:dev
```

> Download and install the quarkus-cli from [here](https://quarkus.io/guides/cli-tooling).
#### Start the frontend

```shell
# change to the frontend directory
cd frontend/
# use vue cli to start the frontend in dev mode
vue-cli-service serve --port 8001
```

### PURLs

When the service is deployed, it first attempts to parse the `purls.json`
file from the resource directory as part of the initialization procedure.
This process extracts repository related purls for a particular software
package referenced in the file and stores it as an identifier in a database
table along with other related purls.

The folks at ScanOSS maintain a repository called [scanoss/purl2cpe](https://github.com/scanoss/purl2cpe).
This repository is the basis for the `purls.json` file,
as it already contains a large number of purls and their associated software packages.

When the `purls-generation/main.py` Python script is executed,
it traverses the resource folder containing a clone of the ScanOSS repository
from a given point in time and generates the `purls.json` file.

When a new file should be generated the variable `version` should be increased in
the `purls-generation/main.py` script. Only when the version changed, the CBOM Generator
will reread the purl.json file from the resource directory.
Loading

0 comments on commit 1608921

Please sign in to comment.