shiftleftcyber · VinnyBarton · Dec 14, 2024 · Nov 13, 2023 · Feb 18, 2024 · Feb 19, 2024
diff --git a/Dockerfile b/Dockerfile
@@ -1,16 +1,15 @@
-FROM node:18-alpine3.20
+FROM node:22-alpine3.20
 
 ARG ARCH
 
-ENV BASH_VERSION="5.2.26-r0"
-
+# hadolint ignore=DL3018
 RUN apk update \
     && apk upgrade \
-    && apk --no-cache add bash=${BASH_VERSION}
+    && apk --no-cache add bash
 
 SHELL ["/bin/bash", "-c"]
 
-ENV CYCLONEDX_NPM_VERSION="1.19.0" \
+ENV CYCLONEDX_NPM_VERSION="1.19.3" \
     GEN_SBOM_SCRIPT_LOCATION="/opt"
 ENV PATH="${GEN_SBOM_SCRIPT_LOCATION}:${PATH}"
 

diff --git a/Makefile b/Makefile
@@ -55,7 +55,7 @@ scan-project:
 	export NPM_FLATTEN_COMPONENTS=false && \
 	export NPM_SHORT_PURLS=false && \
 	export NPM_OUTPUT_REPRODUCIBLE=false && \
-	export NPM_SPEC_VERSION=1.4 && \
+	export NPM_SPEC_VERSION=1.6 && \
 	export NPM_OUTPUT_FORMAT=json && \
 	$(GEN_SBOM)
 

diff --git a/README.md b/README.md
@@ -29,7 +29,7 @@ pipelines:
         caches:
           - node
         script:
-          - pipe: docker://ccideas/cyclonedx-npm-pipe:1.5.0
+          - pipe: docker://ccideas/cyclonedx-npm-pipe:1.6.0
             variables:
               IGNORE_NPM_ERRORS: 'true' # optional
               NPM_SHORT_PURLS: 'true' # optional

diff --git a/bitbucket-pipelines.yml b/bitbucket-pipelines.yml
@@ -48,10 +48,10 @@ definitions:
             - apt-get update
             - DEBIAN_FRONTEND=noninteractive apt-get -y upgrade
             - apt-get install -y curl
-            - curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin v1.0.1
+            - curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin v1.18.0
             - docker load --input "${BITBUCKET_REPO_SLUG}.tar"
             - mkdir sbom_output
-            - syft "${BITBUCKET_REPO_SLUG}:local" --output cyclonedx-json@1.4 >> sbom_output/${BITBUCKET_REPO_SLUG}_cyclonedx-sbom.json
+            - syft "${BITBUCKET_REPO_SLUG}:local" --output cyclonedx-json@1.6 >> sbom_output/${BITBUCKET_REPO_SLUG}_cyclonedx-sbom.json
           artifacts:
             - sbom_output/*
 

diff --git a/pipe.yml b/pipe.yml
@@ -1,5 +1,5 @@
 name: CycloneDX node/npm sBOM Generator
-image: ccideas/cyclonedx-npm-pipe:1.3.0
+image: shiftleftcyber/cyclonedx-npm-pipe:1.6.0
 category: Security
 description: Generates a CycloneDX compliant Software Bill of Materials for a node/npm project
 repository: https://bitbucket.org/ccideas1/cyclonedx-npm-pipe/src/main/

diff --git a/variables.list b/variables.list
@@ -3,6 +3,6 @@ IGNORE_NPM_ERRORS=true
 NPM_FLATTEN_COMPONENTS=false
 NPM_SHORT_PURLS=false
 NPM_OUTPUT_REPRODUCIBLE=false
-NPM_SPEC_VERSION=1.4
+NPM_SPEC_VERSION=1.6
 NPM_OUTPUT_FORMAT=json
 OUTPUT_DIRECTORY=build