Export proto (#791)

* Export proto

Signed-off-by: Prabhu Subramanian <[email protected]>

* Export proto tests

Signed-off-by: Prabhu Subramanian <[email protected]>

* Spec bug fix

Signed-off-by: Prabhu Subramanian <[email protected]>

---------

Signed-off-by: Prabhu Subramanian <[email protected]>

.github/workflows/repotests.yml

@@ -200,7 +200,7 @@ jobs:
           bin/cdxgen.js -p -t java repotests/java-sec-code -o bomresults/bom-java-sec-code-4.json --filter postgres --filter json
           bin/cdxgen.js -p -t java repotests/java-sec-code -o bomresults/bom-java-sec-code-5.json --only spring
           bin/cdxgen.js -p -t java repotests/java-sec-code -o bomresults/bom-java-sec-code-6.json --deep --evidence
-          bin/cdxgen.js -p -t java repotests/java-sec-code -o bomresults/bom-java-sec-code-7.json --profile research
+          bin/cdxgen.js -p -t java repotests/java-sec-code -o bomresults/bom-java-sec-code-7.json --profile research --export-proto
           bin/cdxgen.js -p -t java repotests/java-sec-code -o bomresults/bom-java-sec-code-8.json --profile license-compliance
         shell: bash
       - name: repotests django-DefectDojo
@@ -233,7 +233,7 @@ jobs:
         shell: bash
       - name: repotests shiftleft-go-example
         run: |
-          FETCH_LICENSE=false bin/cdxgen.js -p -r -t go repotests/shiftleft-go-example -o bomresults/bom-go.json --validate
+          FETCH_LICENSE=false bin/cdxgen.js -p -r -t go repotests/shiftleft-go-example -o bomresults/bom-go.json --validate --export-proto
         shell: bash
       - name: repotests vulnerable_net_core
         run: |
@@ -305,7 +305,7 @@ jobs:
         run: |
           bin/cdxgen.js -p -r -t dotnet repotests/dotnet-paket -o bomresults/bom-dotnet-paket.json --validate
           FETCH_LICENSE=true bin/cdxgen.js -p -r -t dotnet repotests/dotnet-paket -o bomresults/bom-dotnet-paket-2.json --validate
-          bin/cdxgen.js -p -r -t dotnet repotests/dotnet-podcasts -o bomresults/bom-dotnet-podcasts.json --profile research
+          bin/cdxgen.js -p -r -t dotnet repotests/dotnet-podcasts -o bomresults/bom-dotnet-podcasts.json --profile research --export-proto
         shell: bash
       - name: repotests blint
         run: |

bin/cdxgen.js

@@ -220,6 +220,17 @@ const args = yargs(hideBin(process.argv))
     description: "Additional glob pattern(s) to ignore",
     hidden: true
   })
+  .option("export-proto", {
+    type: "boolean",
+    default: false,
+    description: "Serialize and export BOM as protobuf binary.",
+    hidden: true
+  })
+  .option("proto-bin-file", {
+    description: "Path for the serialized protobuf binary.",
+    default: "bom.cdx",
+    hidden: true
+  })
   .completion("completion", "Generate bash/zsh completion")
   .array("filter")
   .array("only")
@@ -582,7 +593,11 @@ const checkPermissions = (filePath) => {
       console.log(err);
     }
   }
-
+  // Protobuf serialization
+  if (options.exportProto) {
+    const protobomModule = await import("../protobom.js");
+    protobomModule.writeBinary(bomNSData.bomJson, options.protoBinFile);
+  }
   if (options.print && bomNSData.bomJson && bomNSData.bomJson.components) {
     printDependencyTree(bomNSData.bomJson);
     printTable(bomNSData.bomJson);

docs/ADVANCED.md

@@ -347,3 +347,11 @@ Refer to the nydus-demo.yml workflow for an example github action that demonstra
 ```shell
 sudo nerdctl --snapshotter nydus run --rm -v $HOME/.m2:/root/.m2 -v $(pwd):/app ghcr.io/cyclonedx/cdxgen:master-nydus -p -t java /app
 ```
+
+## Export as protobuf binary
+
+Pass the argument `--export-proto` to serialize and export the BOM as protobuf binary. Only the spec version 1.5 is supported in this mode.
+
+```shell
+--export-proto --proto-bin-file bom.cdx.bin
+```