Let's make things easy for Ruby - part 1

.codacy.yml

@@ -1,3 +1,7 @@
 ---
 exclude_paths:
   - "test/**/*"
+  - "ci/**/*"
+  - "contrib/**/*"
+  - "docs/**/*"
+  - "types/**/*"

.github/workflows/build-base-images.yml

@@ -222,6 +222,160 @@ jobs:
           tags: ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11
           labels: ${{ steps.meta-cdxgen-debian-dotnet6.outputs.labels }}
 
+  debian-ruby33-image:
+    if: github.repository == 'CycloneDX/cdxgen'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta-debian-ruby33
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/cyclonedx/debian-ruby33
+
+      - name: Build and push Docker images
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ci/base-images/debian/Dockerfile.ruby33
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta-debian-ruby33.outputs.tags }}
+          labels: ${{ steps.meta-debian-ruby33.outputs.labels }}
+
+  cdxgen-debian-ruby33-image:
+    if: github.repository == 'CycloneDX/cdxgen'
+    runs-on: ubuntu-latest
+    needs: debian-ruby33-image
+    permissions:
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta-cdxgen-debian-ruby33
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/cyclonedx/cdxgen-debian-ruby33
+
+      - name: Build and push Docker images
+        uses: docker/build-push-action@v5
+        if: github.ref == 'refs/heads/master'
+        with:
+          context: .
+          file: ci/base-images/cdxgen/debian/Dockerfile.ruby33
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ghcr.io/cyclonedx/cdxgen-debian-ruby33:v11
+          labels: ${{ steps.meta-cdxgen-debian-ruby33.outputs.labels }}
+
+  debian-ruby34-image:
+    if: github.repository == 'CycloneDX/cdxgen'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta-debian-ruby34
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/cyclonedx/debian-ruby34
+
+      - name: Build and push Docker images
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ci/base-images/debian/Dockerfile.ruby34
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta-debian-ruby34.outputs.tags }}
+          labels: ${{ steps.meta-debian-ruby34.outputs.labels }}
+
+  cdxgen-debian-ruby34-image:
+    if: github.repository == 'CycloneDX/cdxgen'
+    runs-on: ubuntu-latest
+    needs: debian-ruby34-image
+    permissions:
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta-cdxgen-debian-ruby34
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/cyclonedx/cdxgen-debian-ruby34
+
+      - name: Build and push Docker images
+        uses: docker/build-push-action@v5
+        if: github.ref == 'refs/heads/master'
+        with:
+          context: .
+          file: ci/base-images/cdxgen/debian/Dockerfile.ruby34
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ghcr.io/cyclonedx/cdxgen-debian-ruby34:v11
+          labels: ${{ steps.meta-cdxgen-debian-ruby34.outputs.labels }}
+
   sle-dotnet7-image:
     if: github.repository == 'CycloneDX/cdxgen'
     runs-on: ubuntu-latest

bin/cdxgen.js

@@ -296,7 +296,7 @@ const args = yargs(hideBin(process.argv))
   .option("feature-flags", {
     description: "Experimental feature flags to enable. Advanced users only.",
     hidden: true,
-    choices: ["safe-pip-install", "suggest-build-tools"],
+    choices: ["safe-pip-install", "suggest-build-tools", "ruby-docker-install"],
   })
   .option("min-confidence", {
     description:

ci/Dockerfile

@@ -21,7 +21,7 @@ ARG SBT_VERSION=1.10.7
 ARG MAVEN_VERSION=3.9.9
 ARG GRADLE_VERSION=8.11
 ARG GO_VERSION=1.23.3
-ARG NODE_VERSION=23.5.0
+ARG NODE_VERSION=23.6.0
 ARG PYTHON_VERSION=3.12
 ARG RUBY_VERSION=3.4.0
 

ci/base-images/README.md

@@ -142,6 +142,30 @@ Node.js 20
 docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-node20:v11 -r /app -o /app/bom.json -t js
 ```
 
+### Ruby applications
+
+Use the custom image `ghcr.io/cyclonedx/cdxgen-ruby34:v11`.
+
+Ruby 3.3.6
+
+```shell
+docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-ruby33:v11 -r /app -o /app/bom.json -t ruby
+```
+
+Ruby 3.4.1
+
+```shell
+docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-ruby34:v11 -r /app -o /app/bom.json -t ruby
+```
+
+Pass any Ruby version with the type argument to make cdxgen automatically install the appropriate version using `rbenv` prior to BOM generation.
+
+Example: Pass `-t ruby2.5.0` to install Ruby 2.5.0
+
+```shell
+docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-ruby34:v11 -r /app -o /app/bom.json -t ruby2.5.0
+```
+
 ## Troubleshooting
 
 ### .Net restore crashes

ci/base-images/cdxgen/Dockerfile.python

@@ -11,7 +11,7 @@ LABEL maintainer="CycloneDX" \
       org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for Python 3.12 apps" \
       org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python:v11 -r /app --server"
 
-ARG NODE_VERSION=23.5.0
+ARG NODE_VERSION=23.6.0
 
 ENV NVM_DIR="/root/.nvm" \
     PYTHON_CMD=python3 \

ci/base-images/cdxgen/debian/Dockerfile.ruby33

@@ -0,0 +1,27 @@
+FROM ghcr.io/cyclonedx/debian-ruby33:master
+
+LABEL maintainer="CycloneDX" \
+      org.opencontainers.image.authors="Team AppThreat <[email protected]>" \
+      org.opencontainers.image.source="https://github.com/CycloneDX/cdxgen" \
+      org.opencontainers.image.url="https://github.com/CycloneDX/cdxgen" \
+      org.opencontainers.image.version="rolling" \
+      org.opencontainers.image.vendor="AppThreat" \
+      org.opencontainers.image.licenses="Apache-2.0" \
+      org.opencontainers.image.title="cdxgen" \
+      org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for Ruby 3.3 apps" \
+      org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-debian-ruby33:v11 -r /app --server"
+
+ENV CDXGEN_IN_CONTAINER=true \
+    NODE_COMPILE_CACHE="/opt/cdxgen-node-cache" \
+    CDXGEN_GEM_HOME="/tmp/gems" \
+    PYTHONPATH=/opt/pypi
+ENV PATH=${PATH}:/usr/local/bin:/opt/pypi/bin:
+
+COPY . /opt/cdxgen
+
+RUN cd /opt/cdxgen && corepack enable && corepack pnpm install --prod --package-import-method copy && corepack pnpm cache delete \
+    && mkdir -p /opt/cdxgen-node-cache \
+    && node /opt/cdxgen/bin/cdxgen.js --help \
+    && chmod a-w -R /opt
+
+ENTRYPOINT ["node", "/opt/cdxgen/bin/cdxgen.js"]

ci/base-images/cdxgen/debian/Dockerfile.ruby34

@@ -0,0 +1,27 @@
+FROM ghcr.io/cyclonedx/debian-ruby34:master
+
+LABEL maintainer="CycloneDX" \
+      org.opencontainers.image.authors="Team AppThreat <[email protected]>" \
+      org.opencontainers.image.source="https://github.com/CycloneDX/cdxgen" \
+      org.opencontainers.image.url="https://github.com/CycloneDX/cdxgen" \
+      org.opencontainers.image.version="rolling" \
+      org.opencontainers.image.vendor="AppThreat" \
+      org.opencontainers.image.licenses="Apache-2.0" \
+      org.opencontainers.image.title="cdxgen" \
+      org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for Ruby apps" \
+      org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-debian-ruby34:v11 -r /app --server"
+
+ENV CDXGEN_IN_CONTAINER=true \
+    NODE_COMPILE_CACHE="/opt/cdxgen-node-cache" \
+    CDXGEN_GEM_HOME="/tmp/gems" \
+    PYTHONPATH=/opt/pypi
+ENV PATH=${PATH}:/usr/local/bin:/opt/pypi/bin:
+
+COPY . /opt/cdxgen
+
+RUN cd /opt/cdxgen && corepack enable && corepack pnpm install --prod --package-import-method copy && corepack pnpm cache delete \
+    && mkdir -p /opt/cdxgen-node-cache \
+    && node /opt/cdxgen/bin/cdxgen.js --help \
+    && chmod a-w -R /opt
+
+ENTRYPOINT ["node", "/opt/cdxgen/bin/cdxgen.js"]

ci/base-images/debian/Dockerfile.dotnet6

@@ -1,7 +1,7 @@
 FROM mcr.microsoft.com/dotnet/sdk:6.0-bookworm-slim
 
 ARG JAVA_VERSION=23.0.1-tem
-ARG NODE_VERSION=22.12.0
+ARG NODE_VERSION=22.13.0
 
 ENV JAVA_VERSION=$JAVA_VERSION \
     JAVA_HOME="/opt/java/${JAVA_VERSION}" \
@@ -14,8 +14,7 @@ ENV JAVA_VERSION=$JAVA_VERSION \
     LC_ALL=en_US.UTF-8 \
     LANG=en_US.UTF-8 \
     LANGUAGE=en_US.UTF-8 \
-    NVM_DIR="/root/.nvm" \
-    npm_config_python=/usr/bin/python3.11
+    NVM_DIR="/root/.nvm"
 ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:${JAVA_HOME}/bin:${MAVEN_HOME}/bin:/usr/local/bin:/root/.local/bin:
 
 COPY ci/base-images/debian/install.sh /tmp/

ci/base-images/debian/Dockerfile.dotnet8

@@ -1,7 +1,7 @@
 FROM mcr.microsoft.com/dotnet/sdk:8.0
 
 ARG JAVA_VERSION=23.0.1-tem
-ARG NODE_VERSION=23.5.0
+ARG NODE_VERSION=23.6.0
 
 ENV JAVA_VERSION=$JAVA_VERSION \
     JAVA_HOME="/opt/java/${JAVA_VERSION}" \
@@ -14,8 +14,7 @@ ENV JAVA_VERSION=$JAVA_VERSION \
     LC_ALL=en_US.UTF-8 \
     LANG=en_US.UTF-8 \
     LANGUAGE=en_US.UTF-8 \
-    NVM_DIR="/root/.nvm" \
-    npm_config_python=/usr/bin/python3.11
+    NVM_DIR="/root/.nvm"
 ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:${JAVA_HOME}/bin:${MAVEN_HOME}/bin:/usr/local/bin:/root/.local/bin:
 
 COPY ci/base-images/debian/install.sh /tmp/

ci/base-images/debian/Dockerfile.dotnet9

@@ -1,7 +1,7 @@
 FROM mcr.microsoft.com/dotnet/sdk:9.0
 
 ARG JAVA_VERSION=23.0.1-tem
-ARG NODE_VERSION=23.5.0
+ARG NODE_VERSION=23.6.0
 
 ENV JAVA_VERSION=$JAVA_VERSION \
     JAVA_HOME="/opt/java/${JAVA_VERSION}" \
@@ -14,8 +14,7 @@ ENV JAVA_VERSION=$JAVA_VERSION \
     LC_ALL=en_US.UTF-8 \
     LANG=en_US.UTF-8 \
     LANGUAGE=en_US.UTF-8 \
-    NVM_DIR="/root/.nvm" \
-    npm_config_python=/usr/bin/python3.11
+    NVM_DIR="/root/.nvm"
 ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:${JAVA_HOME}/bin:${MAVEN_HOME}/bin:/usr/local/bin:/root/.local/bin:
 
 COPY ci/base-images/debian/install.sh /tmp/

ci/base-images/debian/Dockerfile.ruby33

@@ -0,0 +1,26 @@
+FROM ruby:3.3.6
+
+ARG JAVA_VERSION=23.0.1-tem
+ARG NODE_VERSION=23.6.0
+
+ENV JAVA_VERSION=$JAVA_VERSION \
+    JAVA_HOME="/opt/java/${JAVA_VERSION}" \
+    LC_ALL=en_US.UTF-8 \
+    LANG=en_US.UTF-8 \
+    LANGUAGE=en_US.UTF-8 \
+    NVM_DIR="/root/.nvm"
+ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:/usr/local/bin:/root/.local/bin:/root/.rbenv/bin:
+
+COPY ci/base-images/debian/install.sh /tmp/
+
+RUN apt-get update && apt-get install -y --no-install-recommends curl bash bzip2 git-core zip unzip make gawk \
+    && apt-get install -y build-essential python3 python3-pip python3-dev libmagic-dev \
+    && chmod +x /tmp/install.sh \
+    && ./tmp/install.sh && rm /tmp/install.sh \
+    && node -v \
+    && npm -v \
+    && gem install bundler \
+    && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
+    && rm -rf /var/lib/apt/lists/*
+
+CMD /bin/bash

ci/base-images/debian/Dockerfile.ruby34

@@ -0,0 +1,26 @@
+FROM ruby:3.4
+
+ARG JAVA_VERSION=23.0.1-tem
+ARG NODE_VERSION=23.6.0
+
+ENV JAVA_VERSION=$JAVA_VERSION \
+    JAVA_HOME="/opt/java/${JAVA_VERSION}" \
+    LC_ALL=en_US.UTF-8 \
+    LANG=en_US.UTF-8 \
+    LANGUAGE=en_US.UTF-8 \
+    NVM_DIR="/root/.nvm"
+ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:/usr/local/bin:/root/.local/bin:/root/.rbenv/bin:
+
+COPY ci/base-images/debian/install.sh /tmp/
+
+RUN apt-get update && apt-get install -y --no-install-recommends curl bash bzip2 git-core zip unzip make gawk \
+    && apt-get install -y build-essential python3 python3-pip python3-dev libmagic-dev \
+    && chmod +x /tmp/install.sh \
+    && ./tmp/install.sh && rm /tmp/install.sh \
+    && node -v \
+    && npm -v \
+    && gem install bundler \
+    && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
+    && rm -rf /var/lib/apt/lists/*
+
+CMD /bin/bash