feat: tools as components

package.json

@@ -47,10 +47,10 @@
     }
   ],
   "dependencies": {
-    "@cyclonedx/cyclonedx-library": "^6.11.0",
+    "@cyclonedx/cyclonedx-library": "^7.0.0-beta.1",
     "commander": "^10.0.0",
     "normalize-package-data": "^3||^4||^5||^6",
-    "packageurl-js": "^1.2.1",
+    "packageurl-js": "^2.0.0",
     "xmlbuilder2": "^3.0.2"
   },
   "devDependencies": {

src/builders.ts

@@ -44,7 +44,6 @@
 type AllComponents = Map<cPath, Models.Component>
 
 export class BomBuilder {
-  toolBuilder: Builders.FromNodePackageJson.ToolBuilder
   componentBuilder: Builders.FromNodePackageJson.ComponentBuilder
   treeBuilder: TreeBuilder
   purlFactory: Factories.FromNodePackageJson.PackageUrlFactory
@@ -61,14 +60,12 @@
   console: Console
 
   constructor (
-    toolBuilder: BomBuilder['toolBuilder'],
     componentBuilder: BomBuilder['componentBuilder'],
     treeBuilder: BomBuilder['treeBuilder'],
     purlFactory: BomBuilder['purlFactory'],
     options: BomBuilderOptions,
     console_: BomBuilder['console']
   ) {
-    this.toolBuilder = toolBuilder
     this.componentBuilder = componentBuilder
     this.treeBuilder = treeBuilder
     this.purlFactory = purlFactory
@@ -227,14 +224,14 @@
 
     bom.metadata.component = rootComponent
 
-    bom.metadata.tools.add(new Models.Tool({
-      name: 'npm',
+    bom.metadata.tools.components.add(new Models.Component(
+      Enums.ComponentType.Application, 'npm' ,{
       version: npmVersion // use the self-proclaimed `version`
-      // omit `vendor` and `externalReferences`, because we cannot be sure about the used tool's actual origin
+      // omit `group` and `externalReferences`, because we cannot be sure about the used tool's actual origin
       // omit `hashes`, because unfortunately there is no agreed process of generating them
     }))
-    for (const tool of this.makeTools()) {
-      bom.metadata.tools.add(tool)
+    for (const toolC of this.makeToolCs()) {
+      bom.metadata.tools.components.add(toolC)
     }
 
     if (!this.reproducible) {
@@ -582,7 +579,7 @@
     }
   }
 
-  private * makeTools (): Generator<Models.Tool> {
+  private * makeToolCs (): Generator<Models.Component> {
     const packageJsonPaths = [path.resolve(module.path, '..', 'package.json')]
 
     const libs = [
@@ -605,9 +602,9 @@
     for (const packageJsonPath of packageJsonPaths) {
       const packageData: object = loadJsonFile(packageJsonPath) ?? {}
       normalizePackageData(packageData /* add debug for warnings? */)
-      const tool = this.toolBuilder.makeTool(packageData)
-      if (tool !== undefined) {
-        yield tool
+      const toolC = this.componentBuilder.makeComponent(packageData)
+      if (toolC !== undefined) {
+        yield toolC
       }
     }
   }

src/cli.ts

@@ -231,13 +231,10 @@ export async function run (process: NodeJS.Process): Promise<number> {
     throw new Error('missing evidence')
   }
 
-  const extRefFactory = new Factories.FromNodePackageJson.ExternalReferenceFactory()
-
   myConsole.log('LOG   | gathering BOM data ...')
   const bom = new BomBuilder(
-    new Builders.FromNodePackageJson.ToolBuilder(extRefFactory),
     new Builders.FromNodePackageJson.ComponentBuilder(
-      extRefFactory,
+      new Factories.FromNodePackageJson.ExternalReferenceFactory(),
       new Factories.LicenseFactory()
     ),
     new TreeBuilder(),