Skip to content

Updates, corrections and 7 additional tools #62

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Updates, corrections and 7 additional tools #62

wants to merge 2 commits into from

Conversation

@anthonyharrison
Copy link

@anthonyharrison anthonyharrison commented Jul 15, 2025

Updates and corrections to tool definitions

@anthonyharrison anthonyharrison requested a review from a team as a code owner July 15, 2025 11:10
@jkowalleck
Copy link
Member

jkowalleck commented Jul 15, 2025
edited
Loading

please split the pullrequest into multiple parts, one PR for each tool.
this would make the review easier.

@anthonyharrison
Copy link
Author

anthonyharrison commented Jul 15, 2025

Why? All the tools are mine. All the new tools are at the end of the json file. The updates are primarily to the description, the lifecycle and correctly showing which version of cyclone DX is supported.

@jkowalleck
Copy link
Member

jkowalleck commented Jul 15, 2025
edited
Loading

Why?

because reviewing all these mixed changes might take a while.
This is basically a mix of scopes. As a maintainer yourself, you probably understand what an "easy" pull request is, and what a "complex" change set means for a reviewer.

jkowalleck
jkowalleck reviewed Jul 15, 2025
View reviewed changes
Copy link
Member

@jkowalleck jkowalleck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a first review gave me the impression that huge parts of the PR are mere copy/paste.
Some details dont make sense, based on the tools' homepage/repo/description

tools.json Outdated
"publisher": "Anthony Harrison",
"description": "CLI utility that produces CycloneDX or SPDX SBOMs for installed javascript modules indentified in the package-lock.json, identifying dependencies and their licenses.",
"repository_url": "https://github.com/anthonyharrison/sbom4python",
"website_url": "https://pypi.org/project/sbom4python/",
Copy link
Member

@jkowalleck jkowalleck Jul 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you sure about the website and repo?
I mean, this is a JS tool - and you're linking the python tool - is this correct, or maybe a copy-paste issue?

Copy link
Author

@anthonyharrison anthonyharrison Jul 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oops. Should be sbom4js

tools.json Outdated
"functions": [
"AUTHOR",
"TRANSFORM",
"PACKAGE_MANAGER_INTEGRATION"
Copy link
Member

@jkowalleck jkowalleck Jul 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

which package manager? the readme did not tell about any.

Copy link
Author

@anthonyharrison anthonyharrison Jul 16, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Windows doesn't have a package manager in the same way as Linux but the application can work with the installed data or installation files (e.g. MSI files). Will remove to avoid any confusion.

tools.json Outdated
],
"functions": [
"AUTHOR",
"TRANSFORM",
Copy link
Member

@jkowalleck jkowalleck Jul 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

transform? how?

Copy link
Author

@anthonyharrison anthonyharrison Jul 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My misunderstanding of what Transform indicates. It is transforming dependency information into an SBOM

tools.json Outdated
"PACKAGE_MANAGER_INTEGRATION"
],
"transform": [
"BOM_STANDARD"
Copy link
Member

@jkowalleck jkowalleck Jul 15, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how? the tool does not have an intake for any BOM data - how can it transform them, then?

Copy link
Author

@anthonyharrison anthonyharrison Jul 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My misunderstanding of what Transform indicates. It is transforming dependency information into an SBOM

tools.json Outdated
],
"platform": [
"LINUX",
"MAC",
Copy link
Member

@jkowalleck jkowalleck Jul 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the tool is for windows - whow does it support a mac?

Copy link
Author

@anthonyharrison anthonyharrison Jul 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The tool can work on a Mac if you have a windows installation disk.

tools.json Outdated
"ANALYSIS"
],
"transform": [
"BOM_STANDARD",
Copy link
Member

@jkowalleck jkowalleck Jul 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a validation tool that does transofmration???

@jkowalleck jkowalleck marked this pull request as draft July 15, 2025 12:58
@anthonyharrison
Copy link
Author

anthonyharrison commented Jul 16, 2025

Will submit separate PRs for each new tool.

@anthonyharrison
Copy link
Author

anthonyharrison commented Jul 16, 2025

a first review gave me the impression that huge parts of the PR are mere copy/paste. Some details dont make sense, based on the tools' homepage/repo/description

Yes lots of cut n'paste as it isn't straighforward to create a tools entry by hand. If there was a tool/form to create a tool entry that might make it easier and it could also provide some basic validation to ensure there is consistency of the data.

@jkowalleck jkowalleck mentioned this pull request Jul 16, 2025
Closed
@jkowalleck
Copy link
Member

jkowalleck commented Jul 16, 2025

a first review gave me the impression that huge parts of the PR are mere copy/paste. Some details dont make sense, based on the tools' homepage/repo/description

Yes lots of cut n'paste as it isn't straighforward to create a tools entry by hand. If there was a tool/form to create a tool entry that might make it easier and it could also provide some basic validation to ensure there is consistency of the data.

@jkowalleck
Copy link
Member

jkowalleck commented Sep 24, 2025

we've changed how the tools.json is managed.
since now, each tool has its own json file in https://github.com/CycloneDX/tool-center/tree/main/tools
please revert your changes to tools.json, and add a dedicated fiele in the tools folder.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jkowalleck jkowalleck jkowalleck left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@anthonyharrison @jkowalleck