Page History
...
- the JS7 source code is publicly available from https://github.com/sos-berlin
- the JS7 ships with a Software Bill of Materials (SBOM) that provides the information which 3rd-party componentsproducts, versions and licenses are included.
Display feature availability StartingFromRelease 2.5.23
JS7 - Package Management allows to enable and to disable software packages based on information from the SBOM.
Software Bill of Materials
...
- SOS is striving to use up-to-date versions of 3rd-party components.
- SOS cannot exclude a situation when 3rd-party components are hit by vulnerabilities.
- SOS is monitoring 3rd-party components for vulnerabilities at an ongoing basis.
- If vulnerabilities are detected the Release Policy - Vulnerability Management applies.
- This includes to make information about vulnerabilities public with our Change Management System, see https://change.sos-berlin.com
- This includes to add fixed versions of 3rd-party components to JS7 maintenance releases in a timely manner.
- The SBOM enables users to check directly from their JS7 scheduling environment if a vulnerable version of a 3rd-party component is included.
- JS7 SBOM files include any components developed by SOS and by 3rd-parties.
- In addition, dependencies for any components are included with an SBOM file. This allows to track down which components are affected by a given vulnerability.
- Users of JS7 can check independently from SOS if the version of JS7 in use is affected by a given vulnerability and which component or feature makes use of vulnerable libraries.
Accessing the Software Bill of Materials
- Users have a choice to remove vulnerable 3rd-party components from the installation of a JS7 product:
- The JS7 - Package Management offers to disable/enable software packages.
- This approach is applicable if minor features of JS7 are affected and if users are willing not to use such features.
Accessing the Software Bill of Materials
The sbom.json file is provided individually The sbom.json file is provided individually for Controller, Agent and JOC Cockpit.
Within limits users can operate the JS7 components products from different releases. This requires the sbom.json file to be available per component product and release.
Accessing the Controller SBOM
The sbom.json file is available from the JS7_CONTROLLER_HOME directory.
Accessing the Agent SBOM
The sbom.json file is available from the JS7_AGENT_HOME directory.
Accessing the JOC Cockpit SBOM
Example:
- Unix:
/opt/sos-berlin.com/js7/controller/sbom.json - Windows:
C:\Program Files\sos-berlin.com\js7\controller\sbom.json
Accessing the Agent SBOM
The The SBOM ships from the sbom.json file that is available for download from JOC Cockpitfrom the JS7_AGENT_HOME directory.
Example:
- UnixURL: <http|https>:
//<host>:<port>/jocopt/sos-berlin.com/js7/agent/sbom.json <http> or <https>is the protocol for which JOC Cockpit is operated.<host>is the name of the host on which JOC Cockpit is running.<port>is the port for which JOC Cockpit is operated.- Directory:
JETTY_BASE/webapps/joc/sbom.json
Downloading from the Login Window
...
Downloading from any JOC Cockpit page
...
- Windows:
C:\Program Files\sos-berlin.com\js7\agent\sbom.json
Accessing the JOC Cockpit SBOM
The SBOM ships from the sbom.json file that is available from the JOC_HOME directory.
Example:
- Unix:
/opt/sos-berlin.com/js7/joc/sbom.json - Windows:
C:\Program Files\sos-berlin.com\js7\joc\sbom.json
...
Example
Find the following example of an SBOM file for JOC Cockpit JS7 Agent release 2.5.3:
- Download: sbom.json
| Code Block | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||
{{ "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat" : "CycloneDX", "specVersion" : "1.4", "version": 1, "serialNumber"serialNumber" : "urn:uuid:7dab054226528067-3a28d05b-4cb84457-af80-5c9699ffb719"bec6-59e72e50d80e", "version" : 1, "metadata" : { "timestamp" : "2023-04-05T1211T12:4624:31.277Z08Z", "tools" : [ { "vendor" : "@cyclonedxOWASP Foundation", "name" : "cyclonedx-npmCycloneDX Maven plugin", "version" : "12.9.17.1", "hashes" : [ { "alg" : "MD5", "externalReferencescontent" : ["538c878ebf89b372876e247d056a3fc5" {}, "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",{ "typealg" : "vcsSHA-1", "commentcontent": "as detected from PackageJson property \"repository.url\" : "4561e50edb47e12a03712b1afce9b20cba32fd28" }, { "urlalg" : "https://github.com/CycloneDX/cyclonedx-node-npm#readmeSHA-256", "typecontent" : "website",f0ea7b3bcf5c7ba649b8d9807e805385330501881677d47333aebce8305ef4d4" }, { "comment": "as detected from PackageJson property \"homepage\"alg" : "SHA-512", "content" : "a35400ca6411692ae8964fe7030eaba2a83a2fa50e2883def3054191283c3b48e2dcdd68bf80f5a0ede3898cc6b7cb7b998aacd2c1e969320053c43b6ab8d873" }, { "urlalg" : "https://github.com/CycloneDX/cyclonedx-node-npm/issuesSHA-384", "typecontent" : "issue-tracker"75c0c03a03c69e82ad1f7b942d6d733da8261c4058174355d6b24ebd88cee34180f2e8484d2b0fedaf459078bdf6e927" }, { "comment": "as detected from PackageJson property \"bugs.url\"" "alg" : "SHA3-384", } "content" : "98cd312d4dfc104a0a66d65023d0aade423f08951f2a9e0215e703f0c81c4f274d8e11a2db1abc30a558b820d65860c4" ] }, { { "vendor": "@cyclonedx", "namealg" : "cyclonedxSHA3-library256", "versioncontent" : "1.12.20c5fd65013128de457b049a824c4ad11212d668b503613ce19a54d545e5cf82d", "externalReferences": [ }, { "urlalg" : "git+https://github.com/CycloneDX/cyclonedx-javascript-library.gitSHA3-512", "typecontent" : "vcs", 72ea0ed8faa3cc4493db96d0223094842e7153890b091ff364040ad3ad89363157fc9d1bd852262124aec83134f0c19aa4fd0fa482031d38a76d74dfd36b7964" } ] "comment": "as detected from PackageJson property \"repository.url\"" } ], "component" : { "group" }: "com.sos-berlin.setups", "name" : "agent-sos-sbom", { "version" : "2.5.3", "urldescription" : "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", A pom that creates all setups.", "typelicenses" : "website"[ ], "purl" : "comment": "as detected from PackageJson property \"homepage\"" "pkg:maven/com.sos-berlin.setups/agent-sos-sbom@2.5.3?type=jar", "externalReferences" : [ },{ { "type" : "vcs", "url" : "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", sos-berlin/setup/jobscheduler/agent-sos-sbom" } "type": "issue-tracker" ], "commenttype" : "as detected from PackageJson property \"bugs.url\"""library", "bom-ref" : "pkg:maven/com.sos-berlin.setups/agent-sos-sbom@2.5.3?type=jar" } }, "components" : [ ]{ } "publisher" : "Software- und ], "component": {Organisations-Service GmbH, Berlin", "typegroup" : "applicationcom.sos-berlin.js7.engine", "name" : "joc-cockpitjs7-agent_2.13", "version" : "2.5.3", "bom-refdescription" : "joc-cockpit@2.5.3js7-agent", "purlscope" : "pkg:npm/joc-cockpit@2.5.3optional", "propertieshashes" : [ { "namealg" : "cdx:npm:package:pathMD5", "valuecontent" : "9890f27abea81351d992f6233f5319d4" }, { "namealg" : "cdx:npm:package:privateSHA-1", "valuecontent" : "trueeb6e46e9d60555b97e19ec4e47466747d626121c" }, ] { } }, "componentsalg" : ["SHA-256", { "typecontent" : "library", 9bce37ed1a7d72726f50868cfbc25c67b408040c6de08b1b6b92ef38ebfbef91" }, { "name": "__ngcc_entry_points__.json", "bom-refalg" : "-/__ngcc_entry_points__.json@-SHA-512", "purlcontent" : "pkg:npm/__ngcc_entry_points__.json", 182deb6603a92e68b63d2a8e9f222f3d6ebf6d0128c86c77d6f0ac0935fd9ceb749e41a0dc4899cde963f083a5491f1bee0d308f765862be7b7617407c1949eb" "properties": [ }, { "namealg" : "cdx:npm:package:pathSHA-384", "valuecontent" : "node_modules/__ngcc_entry_points__.json30e11a6173cebb1ada2d0997967f744593891e2c7fdae56cb6752ef0ee2d3b335949bb1b58913cbbb2b9c57b9cd4499e" }, { "namealg" : "cdx:npm:package:extraneousSHA3-384", "valuecontent" : "true01469eed6af10deaaccc7d6553782811b3d50f266b374033f49c77a942a6fd864fb674eaf4f237e1197c23d33f0d4d43" }, ] },{ { "typealg" : "librarySHA3-256", "namecontent" : "build-angulare6ef3c6d8e6a11cf1011139e4e595a9228433a9ba97dcd8a8faa4624f095dfe3", "group": "@angular-devkit" }, "version": "14.2.11", { "bom-ref" "alg" : "@angular-devkit/build-angular@14.2.11SHA3-512", "authorcontent" : "Angular Authors0b83b3118ab0142dc010273f1da042f8ec6ee904e96af3aa0d5d7b679b2a0e32f23178798fa5bd9f864fc4c887393d72f8f81e79a3fe9ef970273b21c16ab760", "description": "Angular Webpack Build Facade" } ], "licenses" : [ { "license" : { "idname" : "MIT" } }GPLv3", ], "purlurl" : "pkg:npm/%40angular-devkit/build-angular@14.2.11", https://www.gnu.org/licenses/gpl-3.0.txt" "externalReferences": [} {} ], "urlpurl" : "git+httpspkg://github.com/angular/angular-cli.git",maven/com.sos-berlin.js7.engine/js7-agent_2.13@2.5.3?type=jar", "externalReferences" : [ { "type" : "vcswebsite", "commenturl" : "as detected from PackageJson property \"repository.url\""https://js7.sh" }, },{ { "type" : "vcs", "url" : "https://github.com/angular/angularsos-cliberlin/js7", } "type": "website", ], "commenttype" : "as detected from PackageJson property \"homepage\"" "library", "bom-ref" : "pkg:maven/com.sos-berlin.js7.engine/js7-agent_2.13@2.5.3?type=jar" }, ... "dependencies" : [ { "urlref" : "httpspkg://github.com/angular/angular-cli/issues", maven/com.sos-berlin.setups/agent-sos-sbom@2.5.3?type=jar", "dependsOn" : [ "type": "issue-trackerpkg:maven/com.sos-berlin.js7.engine/js7-agent_2.13@2.5.3?type=jar", "comment": "as detected from PackageJson property \"bugs.url\""pkg:maven/com.sos-berlin.js7.engine/js7-agent-client_2.13@2.5.3?type=jar", }, "pkg:maven/com.sos-berlin.js7.engine/js7-agent-data_2.13@2.5.3?type=jar", { "url": "https://registry.npmjs.org/@angular-devkit/build-angular/-/build-angular-14.2.11.tgz"pkg:maven/com.sos-berlin.js7.engine/js7-base_2.13@2.5.3?type=jar", "type": "distribution""pkg:maven/com.sos-berlin.js7.engine/js7-cluster_2.13@2.5.3?type=jar", "comment": "as detected from npm-ls property \"resolved\""pkg:maven/com.sos-berlin.js7.engine/js7-cluster-watch_2.13@2.5.3?type=jar", } ], ... "dependencies": ["pkg:maven/com.sos-berlin.js7.engine/js7-cluster-watch-api_2.13@2.5.3?type=jar", { "ref": "joc-cockpit@2pkg:maven/com.sos-berlin.js7.engine/js7-common_2.13@2.5.3?type=jar", "dependsOn": [ "pkg:maven/com.sos-berlin.js7.engine/js7-common-http_2.13@2.5.3?type=jar", "pkg:maven/com.sos-berlin.js7.engine/__ngcc_entry_points__.json@-js7-controller_2.13@2.5.3?type=jar", "@angular-devkit/build-angular@14.2.11pkg:maven/com.sos-berlin.js7.engine/js7-controller-client_2.13@2.5.3?type=jar", "@angular/animations@14.3.0", "@angular/cli@14.2.11pkg:maven/com.sos-berlin.js7.engine/js7-core_2.13@2.5.3?type=jar", "@angular/common@14.3.0pkg:maven/com.sos-berlin.js7.engine/js7-data_2.13@2.5.3?type=jar", "@angular/compiler-cli@14.3.0pkg:maven/com.sos-berlin.js7.engine/js7-data-for-java_2.13@2.5.3?type=jar", "@angular/compiler@14.3.0pkg:maven/com.sos-berlin.js7.engine/js7-journal_2.13@2.5.3?type=jar", "@angular/core@14.3.0", "@angular/forms@14.3.0pkg:maven/com.sos-berlin.js7.engine/js7-launcher_2.13@2.5.3?type=jar", "@angular/platform-browser-dynamic@14.3.0pkg:maven/com.sos-berlin.js7.engine/js7-launcher-for-java_2.13@2.5.3?type=jar", "@angular/platform-browser@14.3.0pkg:maven/com.sos-berlin.js7.engine/js7-launcher-for-windows_2.13@2.5.3?type=jar", "@angular/router@14.3.0pkg:maven/com.sos-berlin.js7.engine/js7-license_2.13@2.5.3?type=jar", "@ctrl/ngx-codemirror@5.1.1", "@cyclonedx/cyclonedx-npm@1.9.1pkg:maven/com.sos-berlin.js7.engine/js7-proxy_2.13@2.5.3?type=jar", "@ngx-translate/core@14.0.0pkg:maven/com.sos-berlin.js7.engine/js7-service-pgp_2.13@2.5.3?type=jar", "@ngx-translate/http-loader@7.0.0pkg:maven/com.sos-berlin.js7.engine/js7-subagent_2.13@2.5.3?type=jar", "@types/jasmine@3.10.7pkg:maven/com.sos-berlin/sos-commons-cli@2.5.3?type=jar", "@types/node@12.20.55pkg:maven/com.sos-berlin/sos-commons-credentialstore@2.5.3?type=jar", "@types/underscore@1.11.4pkg:maven/com.sos-berlin/sos-commons-exception@2.5.3?type=jar", "@xmldom/xmldom@0.8.6pkg:maven/com.sos-berlin/sos-commons-hibernate@2.5.3?type=jar", "ang-jsoneditor@1.10.5pkg:maven/com.sos-berlin/sos-commons-httpclient@2.5.3?type=jar", "angular-gridster2@14.1.5pkg:maven/com.sos-berlin/sos-commons-mail@2.5.3?type=jar", "chart.js@3.9.1pkg:maven/com.sos-berlin/sos-commons-sign@2.5.3?type=jar", "chartjs-plugin-datalabels@2.2.0pkg:maven/com.sos-berlin/sos-commons-util@2.5.3?type=jar", "codemirror@5.65.12pkg:maven/com.sos-berlin/sos-commons-vfs@2.5.3?type=jar", "cross-env@7.0.3pkg:maven/com.sos-berlin/sos-commons-xml@2.5.3?type=jar", "crypto-js@4.1.1pkg:maven/com.sos-berlin/sos-jitl-jobs@2.5.3?type=jar", "d3-array@3.2.3pkg:maven/com.sos-berlin/sos-js7-loganonymizer@2.5.3?type=jar", "d3-brush@3.0.0pkg:maven/com.sos-berlin/sos-webservices-json@2.5.3?type=jar", "d3-color@3.1.0",pkg:maven/com.sos-berlin/sos-yade-commons@2.5.3?type=jar" ] "d3-format@3.1.0"}, { "ref" : "d3-scale@4.0.2pkg:maven/com.sos-berlin.js7.engine/js7-agent_2.13@2.5.3?type=jar", "dependsOn" "d3-selection@3.0.0",: [ "d3-shape@3.2.0pkg:maven/org.scala-lang/scala-library@2.13.10?type=jar", "date-holidays@3.19.0", "file-saver@2.0.5pkg:maven/com.sos-berlin.js7.engine/js7-subagent_2.13@2.5.3?type=jar", "font-awesome@4.7.0pkg:maven/com.sos-berlin.js7.engine/js7-agent-data_2.13@2.5.3?type=jar", "jasmine-core@4.0.1pkg:maven/com.sos-berlin.js7.engine/js7-launcher_2.13@2.5.3?type=jar", "jasmine-spec-reporter@5.0.2", "jsoneditor@9.10.0pkg:maven/com.sos-berlin.js7.engine/js7-core_2.13@2.5.3?type=jar", "karma-chrome-launcher@3.1.1pkg:maven/com.sos-berlin.js7.engine/js7-common_2.13@2.5.3?type=jar", "karma-coverage@2.1.1pkg:maven/com.sos-berlin.js7.engine/js7-data_2.13@2.5.3?type=jar", "karma-jasmine-html-reporter@1.7.0pkg:maven/com.google.code.findbugs/jsr305@3.0.2?type=jar", "karma-jasmine@4.0.2pkg:maven/com.typesafe.akka/akka-actor_2.13@2.6.20?type=jar", "karma@6.3.20 "pkg:maven/com.typesafe.akka/akka-stream_2.13@2.6.20?type=jar", "moment-timezone@0.5.42pkg:maven/com.typesafe.akka/akka-slf4j_2.13@2.6.20?type=jar", "ng-zorro-antd@14.3.0pkg:maven/com.typesafe.akka/akka-http_2.13@10.2.10?type=jar", "ng2-charts@3.1.2pkg:maven/com.intellij/annotations@12.0?type=jar", "ng2-file-upload@1.4.0pkg:maven/com.google.inject/guice@5.1.0?type=jar", "ngx-clipboard@15.1.0pkg:maven/javax.inject/javax.inject@1?type=jar", "ngx-toastr@16.1.0",pkg:maven/com.google.guava/guava@31.1-jre?type=jar" "perfect-scrollbar@1.5.5",] }, "replace-in-file@6.3.5",{ "ref" : "resize-observer-polyfill@1.5.1pkg:maven/org.scala-lang/scala-library@2.13.10?type=jar", "rxjs@7.8.0", dependsOn" : [ ] "save-svg-as-png@1.4.17"}, "stream@0.0.2",{ "ref" : "svg-gauge@1.0.7", "tslib@2.5.0pkg:maven/com.sos-berlin.js7.engine/js7-subagent_2.13@2.5.3?type=jar", "dependsOn" "typescript@4.6.4",: [ "underscore@1pkg:maven/org.scala-lang/scala-library@2.13.610?type=jar", "xlsx@0.17.5pkg:maven/com.sos-berlin.js7.engine/js7-launcher_2.13@2.5.3?type=jar", "xml-formatter@2.6.1pkg:maven/com.sos-berlin.js7.engine/js7-common_2.13@2.5.3?type=jar", "xml-js@1.6.11", "xpath@0.0.32pkg:maven/com.sos-berlin.js7.engine/js7-data_2.13@2.5.3?type=jar", "zone.js@0.11.8pkg:maven/com.intellij/annotations@12.0?type=jar" ] }, { "ref": "-/__ngcc_entry_points__.json@-" }, ... |
Overview
Content Tools