From e40217c1d1c6fa6dfd209e88aea00d4fa080c8c6 Mon Sep 17 00:00:00 2001
From: Sumanth K B <sumanth.k-b@siemens.com>
Date: Wed, 3 Jan 2024 11:24:22 +0530
Subject: [PATCH 1/2] npm dev findings

---
 CA.nuspec                                 | 2 +-
 Dockerfile                                | 3 ++-
 src/LCT.PackageIdentifier/NpmProcessor.cs | 8 +++++++-
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/CA.nuspec b/CA.nuspec
index 69def6de..7ec69469 100644
--- a/CA.nuspec
+++ b/CA.nuspec
@@ -4,7 +4,7 @@
 <package >
   <metadata>
     <id>continuous-clearing</id>
-    <version>5.1.0</version>
+    <version>5.1.1</version>
     <authors>Siemens AG</authors>
     <owners>continuous-clearing contributors</owners>
     <projectUrl>https://github.com/siemens/continuous-clearing</projectUrl>
diff --git a/Dockerfile b/Dockerfile
index 2a9680c7..ea94ad2d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,13 +13,14 @@ RUN mkdir /opt/DebianImageClearing && \
     mkdir /app/out/PatchedFiles
 
 # Installing required packages
+# Installing syft:v0.90.0
 RUN apt-get update && \
     apt-get -y install --no-install-recommends nodejs npm && \
     apt-get -y install --no-install-recommends git && \
     apt-get -y install --no-install-recommends maven && \
     apt-get -y install --no-install-recommends curl && \
     apt-get -y install --no-install-recommends dpkg-dev && \   
-    curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /opt/DebianImageClearing && \
+    curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /opt/DebianImageClearing v0.90.0 && \
     rm -rf /var/lib/apt/lists/* && \
     rm -rf archive.tar.gz
 
diff --git a/src/LCT.PackageIdentifier/NpmProcessor.cs b/src/LCT.PackageIdentifier/NpmProcessor.cs
index f2e3273c..95cbe181 100644
--- a/src/LCT.PackageIdentifier/NpmProcessor.cs
+++ b/src/LCT.PackageIdentifier/NpmProcessor.cs
@@ -40,6 +40,7 @@ public class NpmProcessor : CycloneDXBomParser, IParser
         private const string Bundled = "bundled";
         private const string Dependencies = "dependencies";
         private const string Dev = "dev";
+        private const string DevOptional = "devOptional";
         private const string Version = "version";
         private const string NotFoundInRepo = "Not Found in JFrogRepo";
         private const string Requires = "requires";
@@ -214,11 +215,16 @@ private void GetComponentsForBom(string filepath, CommonAppSettings appSettings,
 
                 var properties = JObject.Parse(Convert.ToString(prop.Value));
 
-                // dev components are not ignored and added as a part of SBOM    
+                // dev components are not ignored and added as a part of SBOM
+                // If package section has Dev or DevOptional as true , considering it as Dev Component
                 if (IsDevDependency(prop.Value[Dev], ref noOfDevDependent))
                 {
                     isdev.Value = "true";
                 }
+                else if (IsDevDependency(prop.Value[DevOptional], ref noOfDevDependent))
+                {
+                    isdev.Value = "true";
+                }
 
                 IEnumerable<JProperty> subDependencyComponentList = prop.Value[Dependencies]?.OfType<JProperty>();
                 if (subDependencyComponentList != null)

From 50e7ede992e1b7459a87aaabd630ec9e5c6b0daf Mon Sep 17 00:00:00 2001
From: Sumanth K B <sumanth.k-b@siemens.com>
Date: Wed, 3 Jan 2024 14:35:08 +0530
Subject: [PATCH 2/2] AppSettings changes

---
 src/LCT.Common/appSettings.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/LCT.Common/appSettings.json b/src/LCT.Common/appSettings.json
index 8dc8a0cf..a4edac84 100644
--- a/src/LCT.Common/appSettings.json
+++ b/src/LCT.Common/appSettings.json
@@ -5,7 +5,7 @@
 // --------------------------------------------------------------------------------------------------------------------
 
 {
-  "CaVersion": "5.0.0",
+  "CaVersion": "5.1.1",
   "TimeOut": 200,
   "ProjectType": "<Insert ProjectType>",
   "SW360ProjectName": "<Insert SW360 Project Name>",