Evinse for scala + SaaSBOM v2 #1714

prabhu · 2025-03-31T16:08:05Z

SaaSBOM v2

SaaSBOM v2 powered by atom-tools. cdxgen can now track even the http method for the given service endpoint under the property cdx:service:httpMethod.

"services": [
        {
            "name": "service-v1posts-delete",
            "endpoints": [
                "/v1/posts"
            ],
            "properties": [
                {
                    "name": "cdx:service:httpMethod",
                    "value": "delete"
                },
                {
                    "name": "internal:operationId",
                    "value": "v1.post.PostRouter-4"
                }
            ]
        },
        {
            "name": "service-v1posts-get",
            "endpoints": [
                "/v1/posts"
            ],
            "properties": [
                {
                    "name": "cdx:service:httpMethod",
                    "value": "get"
                },
                {
                    "name": "internal:operationId",
                    "value": "v1.post.PostRouter-1"
                }
            ]
        },

cdx ↝ .services
╔═══════════════════════════════════════════════════════════════════════╗
║                           List of Services                            ║
║                      Generated with ♥  by cdxgen                      ║
╟────────────────────────┬───────────┬───────────────┬──────────────────╢
║ Name                   │ Endpoints │ Authenticated │ X Trust Boundary ║
╟────────────────────────┼───────────┼───────────────┼──────────────────╢
║ service-v1posts-delete │ /v1/posts │               │                  ║
╟────────────────────────┼───────────┼───────────────┼──────────────────╢
║ service-v1posts-get    │ /v1/posts │               │                  ║
╟────────────────────────┼───────────┼───────────────┼──────────────────╢
║ service-v1posts-patch  │ /v1/posts │               │                  ║
╟────────────────────────┼───────────┼───────────────┼──────────────────╢
║ service-v1posts-post   │ /v1/posts │               │                  ║
╟────────────────────────┼───────────┼───────────────┼──────────────────╢
║ service-v1posts-put    │ /v1/posts │               │                  ║
╚════════════════════════╧═══════════╧═══════════════╧══════════════════╝

Evinse for scala

For the first time, we can plot occurrences evidence for scala projects. The granularity is accurate only to the file level though, since we lose the line number information with our hybrid analyzer.

cdx ↝ .occurrences
Component Evidence
Generated with ♥  by cdxgen
╔════════════════════════════════╤════════════════════════════════╤═══════════════════════════╤══════════════════════════════════════════════════════════════════════════════════╗
║ Group                          │ Name                           │                   Version │ Occurrences                                                                      ║
╟────────────────────────────────┼────────────────────────────────┼───────────────────────────┼──────────────────────────────────────────────────────────────────────────────────╢
║ io.lemonlabs                   │ scala-uri_2.13                 │                     4.0.3 │ app/v1/post/PostRouter.scala                                                     ║
╟────────────────────────────────┼────────────────────────────────┼───────────────────────────┼──────────────────────────────────────────────────────────────────────────────────╢
║ com.google.inject              │ guice                          │                     6.0.0 │ app/Module.scala                                                                 ║
╟────────────────────────────────┼────────────────────────────────┼───────────────────────────┼──────────────────────────────────────────────────────────────────────────────────╢
║ net.logstash.logback           │ logstash-logback-encoder       │                       7.3 │ app/v1/post/PostActionBuilder.scala                                              ║
╟────────────────────────────────┼────────────────────────────────┼───────────────────────────┼──────────────────────────────────────────────────────────────────────────────────╢
║ org.playframework              │ play_2.13                      │                     3.0.7 │ app/ErrorHandler.scala                                                           ║
║                                │                                │                           │ app/RequestHandler.scala                                                         ║
║                                │                                │                           │ app/v1/post/PostActionBuilder.scala                                              ║
║                                │                                │                           │ app/v1/post/PostRepository.scala                                                 ║
║                                │                                │                           │ app/v1/post/PostResourceHandler.scala                                            ║
║                                │                                │                           │ app/v1/post/PostRouter.scala                                                     ║
║                                │                                │                           │ target/scala-2.13/routes/main/router/Routes.scala                                ║
╟────────────────────────────────┼────────────────────────────────┼───────────────────────────┼──────────────────────────────────────────────────────────────────────────────────╢
║ org.slf4j                      │ slf4j-api                      │                    2.0.17 │ app/ErrorHandler.scala                                                           ║
║                                │                                │                           │ app/v1/post/PostActionBuilder.scala                                              ║
╟────────────────────────────────┼────────────────────────────────┼───────────────────────────┼──────────────────────────────────────────────────────────────────────────────────╢
║ org.playframework              │ play-configuration_2.13        │                     3.0.7 │ app/ErrorHandler.scala                                                           ║
╟────────────────────────────────┼────────────────────────────────┼───────────────────────────┼──────────────────────────────────────────────────────────────────────────────────╢
║ org.playframework              │ play-json_2.13                 │                     3.0.4 │ app/ErrorHandler.scala                                                           ║
╟────────────────────────────────┼────────────────────────────────┼───────────────────────────┼──────────────────────────────────────────────────────────────────────────────────╢
║ com.example.play-scala-rest-ap │ com.example.play-scala-rest-ap │                           │ app/ErrorHandler.scala                                                           ║
║ i-example-1.0-SNAPSHOT-sans-ex │ i-example-1.0-SNAPSHOT-sans-ex │                           │ app/v1/post/PostController.scala                                                 ║
║ ternalized                     │ ternalized                     │                           │ app/v1/post/PostRepository.scala                                                 ║
║                                │                                │                           │ app/v1/post/PostResourceHandler.scala                                            ║
║                                │                                │                           │ target/scala-2.13/routes/main/router/Routes.scala                                ║
║                                │                                │                           │ target/scala-2.13/routes/main/router/RoutesPrefix.scala                          ║
╟────────────────────────────────┼────────────────────────────────┼───────────────────────────┼──────────────────────────────────────────────────────────────────────────────────╢
║ com.example                    │ play-scala-rest-api-example_2. │              1.0-SNAPSHOT │ app/ErrorHandler.scala                                                           ║
║                                │ 13-1.0-SNAPSHOT                │                           │ app/v1/post/PostController.scala                                                 ║
║                                │                                │                           │ app/v1/post/PostRepository.scala                                                 ║
║                                │                                │                           │ app/v1/post/PostResourceHandler.scala                                            ║
║                                │                                │                           │ target/scala-2.13/routes/main/router/Routes.scala                                ║
║                                │                                │                           │ target/scala-2.13/routes/main/router/RoutesPrefix.scala                          ║
╟────────────────────────────────┼────────────────────────────────┼───────────────────────────┼──────────────────────────────────────────────────────────────────────────────────╢
║ play-scala-rest-api-example_2. │ play-scala-rest-api-example_2. │              1.0-SNAPSHOT │ app/ErrorHandler.scala                                                           ║
║ 13-1.0-SNAPSHOT-sources        │ 13-1.0-SNAPSHOT-sources        │                           │ target/scala-2.13/routes/main/router/Routes.scala                                ║
║                                │                                │                           │ target/scala-2.13/routes/main/router/RoutesPrefix.scala                          ║
╟────────────────────────────────┼────────────────────────────────┼───────────────────────────┼──────────────────────────────────────────────────────────────────────────────────╢
║ play-scala-rest-api-example_2. │ play-scala-rest-api-example_2. │                           │ app/ErrorHandler.scala                                                           ║
║ 13-1.0-SNAPSHOT-sans-externali │ 13-1.0-SNAPSHOT-sans-externali │                           │ app/v1/post/PostController.scala                                                 ║
║ zed                            │ zed                            │                           │ app/v1/post/PostRepository.scala                                                 ║
║                                │                                │                           │ app/v1/post/PostResourceHandler.scala                                            ║
║                                │                                │                           │ target/scala-2.13/routes/main/router/Routes.scala                                ║
║                                │                                │                           │ target/scala-2.13/routes/main/router/RoutesPrefix.scala                          ║
╚════════════════════════════════╧════════════════════════════════╧═══════════════════════════╧══════════════════════════════════════════════════════════════════════════════════╝

Also fixes #1698

Signed-off-by: Prabhu Subramanian <[email protected]>

prabhu · 2025-03-31T16:16:27Z

Artefacts created for this repo

openapi.json
usages.slices.json
reachables.slices.json
semantics.slices.json
bom.json

prabhu · 2025-03-31T16:20:21Z

For any interested students out there, the current state of our callstack evidence for Scala is shown below. I have some ideas to convert this back to a callstack representing the source, but best done as a graduate-level research project.

cdx ↝ .callstack
╔══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗
║                                                                          Component Call Stack Evidence                                                                           ║
║                                                                           Generated with ♥  by cdxgen                                                                            ║
╟──────────────┬──────────────┬─────────┬──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╢
║ Group        │ Name         │ Version │ Call Stack                                                                                                                               ║
╟──────────────┼──────────────┼─────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╢
║ javax.inject │ javax.inject │ 1       │ /var/folders/sj/g0xj1gyn05qcvc6r3j3syg6h0000gn/T/jimple2cpg-16032504132115585684/ErrorHandler.class#40                                   ║
║              │              │         │ ├──  /var/folders/sj/g0xj1gyn05qcvc6r3j3syg6h0000gn/T/jimple2cpg-16032504132115585684/ErrorHandler.class#41                              ║
║              │              │         │ └──  /var/folders/sj/g0xj1gyn05qcvc6r3j3syg6h0000gn/T/jimple2cpg-16032504132115585684/ErrorHandler$$anonfun$$lessinit$greater$1.class#36 ║
╚══════════════╧══════════════╧═════════╧══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝

Signed-off-by: Prabhu Subramanian <[email protected]>

.github/workflows/repotests.yml

lib/evinser/evinser.js

Signed-off-by: Prabhu Subramanian <[email protected]>

prabhu added 8 commits March 30, 2025 22:47

Adds saasbom bin command. Pass --extract-endpoints argument to atom.

842e456

Signed-off-by: Prabhu Subramanian <[email protected]>

Accept openapi spec file via arguments.

eb75ca4

Signed-off-by: Prabhu Subramanian <[email protected]>

Fix setuptools version. Java tool options.

8d7e6f2

Signed-off-by: Prabhu Subramanian <[email protected]>

Collect namespaces from the local target directory.

9c39f64

Signed-off-by: Prabhu Subramanian <[email protected]>

scalasem implementations.

92f858f

Signed-off-by: Prabhu Subramanian <[email protected]>

detect endpoints from openapi spec file.

12d0b1c

Signed-off-by: Prabhu Subramanian <[email protected]>

scala repo tests.

935c389

Signed-off-by: Prabhu Subramanian <[email protected]>

services properties.

85fc4fc

Signed-off-by: Prabhu Subramanian <[email protected]>

prabhu added evinse pro bono scala labels Mar 31, 2025

Fix tests

8483bee

Signed-off-by: Prabhu Subramanian <[email protected]>

prabhu added 5 commits March 31, 2025 19:10

Fix tests

d2e5279

Signed-off-by: Prabhu Subramanian <[email protected]>

Fix tests

63cfee6

Signed-off-by: Prabhu Subramanian <[email protected]>

Fix tests

675c992

Signed-off-by: Prabhu Subramanian <[email protected]>

Fix tests

813b94a

Signed-off-by: Prabhu Subramanian <[email protected]>

Fix tests

061768f

Signed-off-by: Prabhu Subramanian <[email protected]>

prabhu commented Mar 31, 2025

View reviewed changes

.github/workflows/repotests.yml Outdated Show resolved Hide resolved

prabhu commented Mar 31, 2025

View reviewed changes

lib/evinser/evinser.js Show resolved Hide resolved

prabhu added 3 commits March 31, 2025 23:34

Fix tests

4e7c827

Signed-off-by: Prabhu Subramanian <[email protected]>

Fix tests

d92ca5e

Signed-off-by: Prabhu Subramanian <[email protected]>

Fix tests

f3d6130

Signed-off-by: Prabhu Subramanian <[email protected]>

prabhu merged commit c2c0567 into master Mar 31, 2025
30 of 31 checks passed

prabhu deleted the feature/saasbom-v2 branch March 31, 2025 23:02

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Evinse for scala + SaaSBOM v2 #1714

Evinse for scala + SaaSBOM v2 #1714

prabhu commented Mar 31, 2025

prabhu commented Mar 31, 2025

prabhu commented Mar 31, 2025

Evinse for scala + SaaSBOM v2 #1714

Evinse for scala + SaaSBOM v2 #1714

Conversation

prabhu commented Mar 31, 2025

SaaSBOM v2

Evinse for scala

prabhu commented Mar 31, 2025

prabhu commented Mar 31, 2025