Addes option to resolve license when creating SBOM file with CdxGen.

Author: Harri Klingsten

README.md

@@ -15,6 +15,8 @@ Returns  EPSS score for provided CVE, the value is percent where 0 is minimum an
 
 
 # Prerequisites
+I know the setup of this is a bit corky, just be aware of that, look at troubleshot if you have problems. 
+
 If this is the first time you use a Power Commands implementation a encryption setup will be done at the first startup. The encryption key is setup for all Power Commands projects and is unique for every machine. Encryption is used by this Power Commands project to secure your **Dependency Track** API key.
 
 This application is intended to use **CycloneDX** and **Dependency Track** software running as container, therefore you need to have Docker Desktop installed, this way you do not need to install software on your machine besides this Power Commands console application. Setup Docker Desktop is however not described in this documentation. 
@@ -79,13 +81,24 @@ If you add the --upload option, the sbom will also be uploaded to Dependency Tra
 
 ```sbom --path https://github.com/PowerCommands/PowerCommands2022.git --NAME <my-sbom-name> --upload```
 
+### Resolve licenses
+By default resolving licenses is turned off because it is a very time consuming process. If you need this you need to configure this in the ```PowerCommandsConfiguration.yaml``` configuration file. 
+```
+cdxgen:  
+  resolveLicenses: true
+```
+This has to be done before the container has been started so if it is already running you need to stop the container first and restart it with the ```start``` command. There will be some warning about the Dependency Track container already running but that is nothing to worry about.
 ___
 
 ## Trouble shoot
 If you having trouble to start Dependency Track or login from Dependency Track, open Docker Desktop and make sure that the containers is running.
 
 <img src="containers_running.png" alt="Docker Containers running" width="800">
 
+Also check the ```PowerCommandsConfiguration.yaml``` configuration file that the path to the directory where SBOM is stored is correct and exists.
+
+```sdxGenServerVolumeMount: C:\Temp\Cdxgen_server```
+
 ## Power Commands
 
 Read more about Power Commands: https://github.com/PowerCommands/PowerCommands2022

src/SecTools/SecToolsCommands/Commands/SetupCommand.cs

@@ -23,13 +23,16 @@ public override RunResult Run()
             DockerDesktopManager.Pull(Configuration.DependencyTracker.FrontendImage);
 
             WriteSuccessLine("\nDependency track setup done!");
+            return Ok();
         }
         else if (HasOption("dt-key"))
         {
             var secretCommand = new SecretCommand("secret", Configuration);
             secretCommand.InitializeAndValidateInput("secret --create \"DT_PowerCommand\"".Interpret());
             secretCommand.Run();
+            return Ok();
         }
+        WriteWarning("No option was provided, you need to provide either --docker to setup the docker images or --dt_key to setup the Dependency Track access token. (create a Team in DT Administration/Access management/Teams)");
         return Ok();
     }
 }

src/SecTools/SecToolsCommands/Commands/StartCommand.cs

@@ -15,7 +15,7 @@ public override RunResult Run()
         DockerDesktopManager.StartDockerDesktop(fullFileName, Configuration.DockerDesktop.StartupTime);
 
         var xCfg = Configuration.Cdxgen;
-        CycloneDxManager.Start(xCfg.HostMount, xCfg.ContainerMount, xCfg.HostPort, xCfg.ContainerPort, xCfg.SdxGenServerVolumeMount, xCfg.ImageUrl, xCfg.ServerHost);
+        CycloneDxManager.Start(xCfg.HostMount, xCfg.ContainerMount, xCfg.HostPort, xCfg.ContainerPort, xCfg.SdxGenServerVolumeMount, xCfg.ImageUrl, xCfg.ServerHost, xCfg.ResolveLicenses);
 
         var dCfg = Configuration.DependencyTracker;
         DependencyTrackManager.Start(dCfg.ApiUrl, dCfg.ApiServerImage, dCfg.ApiServerContainer, dCfg.ApiPorts, dCfg.FrontendImage, dCfg.FrontendContainer, dCfg.FrontendPorts, dCfg.AdminUrl, dCfg.StartupTime);

src/SecTools/SecToolsCommands/Configuration/CdxgenConfiguration.cs

@@ -10,4 +10,5 @@ public class CdxgenConfiguration
     public string ContainerMount { get; set; } = "/tmp";
     public string ServerHost { get; set; } = "0.0.0.0";
     public string SbomApiUrl { get; set; } = "http://127.0.0.1:9090/sbom";
+    public bool ResolveLicenses { get; set; }
 }

src/SecTools/SecToolsCommands/Managers/CycloneDxManager.cs

@@ -1,9 +1,10 @@
 namespace SecToolsCommands.Managers;
 public static class CycloneDxManager
 {
-    public static void Start(string hostMount, string containerMount, string hostPort, string containerPort, string sdxGenServerVolumeMount, string imageUrl, string serverHost)
+    public static void Start(string hostMount, string containerMount, string hostPort, string containerPort, string sdxGenServerVolumeMount, string imageUrl, string serverHost, bool resolveLicenses = false)
     {
-        var arguments = $"run --rm -v {hostMount}:{containerMount} -p {hostPort}:{containerPort} -v {sdxGenServerVolumeMount}:/app:rw -t {imageUrl} -r /app --server --server-host {serverHost} --restart unless-stopped";
+        var resolveLicenseEnvironmentVariable = resolveLicenses ? "--env FETCH_LICENSE=true" : "";
+        var arguments = $"run --rm -v {hostMount}:{containerMount} {resolveLicenseEnvironmentVariable} -p {hostPort}:{containerPort} -v {sdxGenServerVolumeMount}:/app:rw -t {imageUrl} -r /app --server --server-host {serverHost} --restart unless-stopped";
         ShellService.Service.Execute("docker", arguments, "");
         ConsoleService.Service.WriteSuccessLine(nameof(CycloneDxManager), "CycloneDX Generator server ready!");
     }

src/SecTools/SecToolsCommands/PowerCommandsConfiguration.yaml

@@ -17,6 +17,7 @@ configuration:
     containerMount: /tmp
     serverHost: "0.0.0.0"    
     sbomApiUrl: http://127.0.0.1:9090/sbom
+    resolveLicenses: true
   dependencyTracker:
     urlToDockerComposeFile: https://dependencytrack.org/docker-compose.yml    
     adminUrl: http://localhost:8080