Skip to content

Commit 9c7be6a

Browse files
aepplingaeppling
authored
Merge pull request #519 from kexa-io/dev
Dev
2 parents 703a62a + 252cf05 commit 9c7be6a

2 files changed

Lines changed: 72 additions & 19 deletions

File tree

Kexa/services/addOn/githubGathering.service.ts

Lines changed: 71 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -516,8 +516,9 @@ export async function collectTeamProjects(org:string, team: string): Promise<any
516516

517517
export async function collectPackages(repo: string, owner: string): Promise<any[]>{
518518
if(!currentConfig?.ObjectNameNeed?.includes("packages")) return [];
519+
let octokit = await getOctokit();
520+
519521
try{
520-
let octokit = await getOctokit();
521522
const res = await octokit.rest.repos.getContent({
522523
owner,
523524
repo,
@@ -537,6 +538,7 @@ export async function collectPackages(repo: string, owner: string): Promise<any[
537538
}));
538539
};
539540
const packageInfo = {
541+
id: `https://github.com/${owner}/${repo}`,
540542
name: pkg.name || repo,
541543
version: pkg.version || "unknown",
542544
description: pkg.description || null,
@@ -553,23 +555,74 @@ export async function collectPackages(repo: string, owner: string): Promise<any[
553555
};
554556
return [packageInfo];
555557
}catch(e){
556-
logger.debug(`No package.json found for ${owner}/${repo} or error reading it: ${e}`);
557-
return [{
558-
name: repo,
559-
version: "unknown",
560-
description: null,
561-
dependencies: [],
562-
devDependencies: [],
563-
scripts: {},
564-
author: null,
565-
license: null,
566-
repository: null,
567-
keywords: [],
568-
main: null,
569-
engines: {},
570-
packageJsonExists: false,
571-
error: "No package.json found or unable to read"
572-
}];
558+
logger.debug(`No package.json found for ${owner}/${repo}, trying bun.lock: ${e}`);
559+
560+
try {
561+
const bunLockRes = await octokit.rest.repos.getContent({
562+
owner,
563+
repo,
564+
path: "bun.lock",
565+
});
566+
567+
if (!("content" in bunLockRes.data)) {
568+
throw new Error("No content in bun.lock");
569+
}
570+
571+
const bunLockContent = Buffer.from(bunLockRes.data.content, "base64").toString("utf8");
572+
const bunLock = JSON.parse(bunLockContent);
573+
574+
const parseBunDependencies = (workspace: any) => {
575+
if (!workspace || !workspace.dependencies || typeof workspace.dependencies !== 'object') return [];
576+
return Object.entries(workspace.dependencies).map(([name, version]) => ({
577+
name: name,
578+
version: version as string
579+
}));
580+
};
581+
582+
const mainWorkspace = bunLock.workspaces?.[""] || {};
583+
const packageInfo = {
584+
id: `https://github.com/${owner}/${repo}`,
585+
name: repo,
586+
version: "unknown",
587+
description: null,
588+
dependencies: parseBunDependencies(mainWorkspace),
589+
devDependencies: [],
590+
scripts: {},
591+
author: null,
592+
license: null,
593+
repository: null,
594+
keywords: [],
595+
main: null,
596+
engines: {},
597+
packageJsonExists: false,
598+
bunLockExists: true,
599+
lockfileVersion: bunLock.lockfileVersion || "unknown"
600+
};
601+
602+
logger.debug(`Found bun.lock for ${owner}/${repo} with ${packageInfo.dependencies.length} dependencies`);
603+
return [packageInfo];
604+
605+
} catch(bunError) {
606+
logger.debug(`No bun.lock found for ${owner}/${repo} or error reading it: ${bunError}`);
607+
return [{
608+
id: `https://github.com/${owner}/${repo}`,
609+
name: repo,
610+
version: "unknown",
611+
description: null,
612+
dependencies: [],
613+
devDependencies: [],
614+
scripts: {},
615+
author: null,
616+
license: null,
617+
repository: null,
618+
keywords: [],
619+
main: null,
620+
engines: {},
621+
packageJsonExists: false,
622+
bunLockExists: false,
623+
error: "No package.json or bun.lock found or unable to read"
624+
}];
625+
}
573626
}
574627
}
575628

kexa-sbom.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
{"spdxVersion":"SPDX-2.3","dataLicense":"CC0-1.0","SPDXID":"SPDXRef-DOCUMENT","name":"bun.lock","documentNamespace":"https://anchore.com/syft/file/bun.lock-79ec430b-67ae-4f50-bda0-c2a9329d66f9","creationInfo":{"licenseListVersion":"3.27","creators":["Organization: Anchore, Inc","Tool: syft-1.31.0"],"created":"2025-09-10T11:15:51Z"},"packages":[{"name":"bun.lock","SPDXID":"SPDXRef-DocumentRoot-File-bun.lock","versionInfo":"sha256:0c40f800ccc0bafe72357142a0a7157d4975c9bbb57618b66fe5deb8a987797d","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"checksums":[{"algorithm":"SHA256","checksumValue":"0c40f800ccc0bafe72357142a0a7157d4975c9bbb57618b66fe5deb8a987797d"}],"licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","primaryPackagePurpose":"FILE"}],"relationships":[{"spdxElementId":"SPDXRef-DOCUMENT","relatedSpdxElement":"SPDXRef-DocumentRoot-File-bun.lock","relationshipType":"DESCRIBES"}]}
1+
{"spdxVersion":"SPDX-2.3","dataLicense":"CC0-1.0","SPDXID":"SPDXRef-DOCUMENT","name":"bun.lock","documentNamespace":"https://anchore.com/syft/file/bun.lock-aa8556c9-776d-460e-8775-99af97881f21","creationInfo":{"licenseListVersion":"3.27","creators":["Organization: Anchore, Inc","Tool: syft-1.31.0"],"created":"2025-09-10T14:53:35Z"},"packages":[{"name":"bun.lock","SPDXID":"SPDXRef-DocumentRoot-File-bun.lock","versionInfo":"sha256:0c40f800ccc0bafe72357142a0a7157d4975c9bbb57618b66fe5deb8a987797d","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"checksums":[{"algorithm":"SHA256","checksumValue":"0c40f800ccc0bafe72357142a0a7157d4975c9bbb57618b66fe5deb8a987797d"}],"licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","primaryPackagePurpose":"FILE"}],"relationships":[{"spdxElementId":"SPDXRef-DOCUMENT","relatedSpdxElement":"SPDXRef-DocumentRoot-File-bun.lock","relationshipType":"DESCRIBES"}]}

0 commit comments

Comments
 (0)