Merge pull request #21 from ShiftLeftSecurity/hubert/subprojects

Introduce subproject parameter
ShiftLeftSecurity · Oct 27, 2021 · a806a3e · a806a3e
2 parents 8846158 + 42e608b
commit a806a3e
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 6 deletions.
diff --git a/bin/cdxgen b/bin/cdxgen
@@ -18,6 +18,10 @@ const args = require("yargs")
     type: "boolean",
     description: "Recurse mode suitable for mono-repos",
   })
+  .option("subproject", {
+    alias: "s",
+    description: "Analyze only a specific subproject",
+  })
   .option("resolve-class", {
     alias: "c",
     type: "boolean",
@@ -72,6 +76,7 @@ if (process.env.GLOBAL_AGENT_HTTP_PROXY) {
 let options = {
   dev: true,
   projectType: args.type,
+  subprojectName: args.subproject,
   multiProject: args.recurse,
   depth: 3,
   output: args.output,

diff --git a/index.js b/index.js
@@ -720,21 +720,30 @@ const createJavaBom = async (
           for (let i in sbtProjects) {
             const basePath = sbtProjects[i];
             let dlFile = pathLib.join(tempDir, "dl-" + i + ".tmp");
+            var commandPrefix = "";
+            if (options.subprojectName) {
+              commandPrefix = `${options.subprojectName}/`
+            }
+
             console.log(
               "Executing",
               SBT_CMD,
-              "dependencyList in",
+              `${commandPrefix}dependencyList in`,
               basePath,
               "using plugins",
               tempSbtgDir
             );
             var sbtArgs = [];
             var pluginFile = null;
+            var commandPrefix = "";
+            if (options.subprojectName) {
+              commandPrefix = `${options.subprojectName}/`
+            }
             if (standalonePluginFile) {
-              sbtArgs = [`-addPluginSbtFile=${tempSbtPlugins}`,`"dependencyList::toFile ${dlFile} --append"`]
+              sbtArgs = [`-addPluginSbtFile=${tempSbtPlugins}`,`"${commandPrefix}dependencyList::toFile ${dlFile} --append"`]
             } else {
               // write to the existing plugins file
-              sbtArgs = [`"dependencyList::toFile ${dlFile} --append"`]
+              sbtArgs = [`"${commandPrefix}dependencyList::toFile ${dlFile} --append"`]
               pluginFile = utils.addPlugin(basePath, sbtPluginDefinition);
             }
             // Note that the command has to be invoked with `shell: true` to properly execut sbt
@@ -752,9 +761,6 @@ const createJavaBom = async (
                 console.log(
                   `2. Check if the plugin net.virtual-void:sbt-dependency-graph 0.10.0-RC1 can be used in the environment`
                 );
-                console.log(
-                  "3. Consider creating a lockfile using sbt-dependency-lock plugin. See https://github.com/stringbean/sbt-dependency-lock"
-                );
               }
             } else if (DEBUG_MODE) {
               console.log(result.stdout);