JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 1

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 2

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In addition to above measures the JS7 ships with a Software Bill of Materials (SBOM) that provides the information to users which 3rd-party component versions and licenses are included 

Display feature availability
StartingFromRelease2.5.2

SBOM

The JS7 SBOM is provided from the OWASP CyclonDX format.

Tools to manage and to visualize the SBOM include the OWASP dependency-track. In addition a number of web sites are available that allow to visualize the SBOM. 

Download

The SBOM ships with from the sbom.json file that is available with for download from JOC Cockpit.

  • URL: http(s)://<host>:<port>/joc/sbom.json
  • Directory: JETTY_BASE/webapps/joc/sbom.json

Example

Find the following example of an SBOM file:

Code Block
languageyml
titleExtract of the SBOM example
linenumberstrue
collapsetrue
{
  "bomFormat": "CycloneDX",
  "specVersion": "1.3",
  "serialNumber": "urn:uuid:725fd204-c3cf-4f2a-9e48-ee0cdfb17f2a",
  "version": 1,
  "metadata": {
    "timestamp": "2023-01-02T06:08:35.977Z",
    "tools": [
      {
        "vendor": "CycloneDX",
        "name": "Node.js module",
        "version": "3.10.6"
      }
    ],
    "component": {
      "type": "library",
      "bom-ref": "pkg:npm/joc-cockpit@2.5.0",
      "name": "joc-cockpit",
      "version": "2.5.0",
      "description": "This project was generated with [Angular CLI](https://github.com/angular/angular-cli) version 14.1.1.",
      "purl": "pkg:npm/joc-cockpit@2.5.0"
    }
  },
  "components": [
    {
      "type": "library",
      "bom-ref": "pkg:npm/%40angular/animations@14.2.12",
      "author": "angular",
      "group": "@angular",
      "name": "animations",
      "version": "14.2.12",
      "description": "Angular - animations integration with web-animations",
      "hashes": [
        {
          "alg": "SHA-512",
          "content": "83076715992f554afe7a750d7e17c2191186a8d1e7d7ebd303cd5aa4b7c762127182388b52d1137382933ab41ebed0e6d36da911df8b4abbebf2bfbb6a0fa393"
        }
      ],
      "licenses": [
        {
          "license": {
            "id": "MIT"
          }
        }
      ],
      "purl": "pkg:npm/%40angular/animations@14.2.12",
      "externalReferences": [
        {
          "type": "website",
          "url": "https://github.com/angular/angular#readme"
        },
        {
          "type": "issue-tracker",
          "url": "https://github.com/angular/angular/issues"
        },
        {
          "type": "vcs",
          "url": "git+https://github.com/angular/angular.git"
        }
      ]
    },
    {
      "type": "library",
      "bom-ref": "pkg:npm/tslib@2.4.1",
      "author": "Microsoft Corp.",
      "name": "tslib",
      "version": "2.4.1",
      "description": "Runtime library for TypeScript helper functions",
      "hashes": [
        {
          "alg": "SHA-512",
          "content": "b46cb2e1d02344813023b073b01d25ca75a03a97ea8d476af755d70252160f63b02811fba0297f1991bf1d3e01387ad394f30e01294c43bbdec93aa999172b34"
        }
      ],
      "licenses": [
        {
          "license": {
            "id": "0BSD"
          }
        }
      ],
      "purl": "pkg:npm/tslib@2.4.1",
      "externalReferences": [
        {
          "type": "website",
          "url": "https://www.typescriptlang.org/"
        },
        {
          "type": "issue-tracker",
          "url": "https://github.com/Microsoft/TypeScript/issues"
        },
        {
          "type": "vcs",
          "url": "git+https://github.com/Microsoft/tslib.git"
        }
      ]
    },
...