def get_cyclonedx_bom(self) -> Bom:
bom = Bom()
if sys.version_info >= (3, 8, 0):
from importlib.metadata import version as meta_version
else:
from importlib_metadata import version as meta_version
try:
this_tool = Tool(vendor='bridgecrew',
name='checkov',
version=meta_version('checkov'))
except Exception:
# Unable to determine current version of 'checkov'
this_tool = Tool(vendor='bridgecrew',
name='checkov',
version='UNKNOWN')
bom.get_metadata().add_tool(this_tool)
for check in itertools.chain(self.passed_checks, self.skipped_checks):
component = Component.for_file(
absolute_file_path=check.file_abs_path,
path_for_bom=check.file_path)
if bom.has_component(component=component):
component = bom.get_component_by_purl(
purl=component.get_purl())
bom.add_component(component=component)
for failed_check in self.failed_checks:
component = Component.for_file(
absolute_file_path=failed_check.file_abs_path,
path_for_bom=failed_check.file_path)
if bom.has_component(component=component):
component = bom.get_component_by_purl(
purl=component.get_purl())
component.add_vulnerability(
Vulnerability(
id=failed_check.check_id,
source_name='checkov',
description=
f'Resource: {failed_check.resource}. {failed_check.check_name}',
recommendations=[failed_check.guideline]))
bom.add_component(component=component)
return bom
def report_to_cyclonedx(report: Report) -> Bom:
bom = Bom()
for failed_check in report.failed_checks:
component = Component.for_file(
absolute_file_path=failed_check.file_abs_path,
path_for_bom=failed_check.file_path)
component.add_vulnerability(
Vulnerability(
id=failed_check.check_id,
source_name='checkov',
description=
f'Resource: {failed_check.resource}. {failed_check.check_name}',
recommendations=[failed_check.guideline]))
bom.add_component(component=component)
return bom