Can you please clarify if there is specific query that is used for sarif file generation of this would be enough:
{
"dependencies": [
{
"ref": "91a6a25a-73c6-41bb-9ea7-62c8949bcf1f"
}
],
"metadata": {
"component": {
"bom-ref": "91a6a25a-73c6-41bb-9ea7-62c8949bcf1f",
"name": "root",
"type": "application"
},
"timestamp": "2024-08-27T17:05:25.098877+00:00",
"tools": [
{
"externalReferences": [
{
"type": "build-system",
"url": "https://github.com/CycloneDX/cyclonedx-python-lib/actions"
},
{
"type": "distribution",
"url": "https://pypi.org/project/cyclonedx-python-lib/"
},
{
"type": "documentation",
"url": "https://cyclonedx.github.io/cyclonedx-python-lib/"
},
{
"type": "issue-tracker",
"url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues"
},
{
"type": "license",
"url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE"
},
{
"type": "release-notes",
"url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md"
},
{
"type": "vcs",
"url": "https://github.com/CycloneDX/cyclonedx-python-lib"
},
{
"type": "website",
"url": "https://cyclonedx.org"
}
],
"name": "cyclonedx-python-lib",
"vendor": "CycloneDX",
"version": "4.2.2"
},
{
"name": "CodeQL",
"vendor": "GitHub",
"version": "2.18.2"
}
]
},
"serialNumber": "urn:uuid:049c2a82-ac92-4839-8be7-4d2cd0f8a9de",
"version": 1,
"$schema": "https://raw.githubusercontent.com/IBM/CBOM/main/bom-1.4-cbom-1.0.schema.json",
"bomFormat": "CBOM",
"specVersion": "1.4-cbom-1.0"
}
Can you please clarify if there is specific query that is used for sarif file generation of this would be enough:
codeql database create java-db --language=java codeql database analyze java-db--format=sarif-latest --output=java-jb-output #would run `codeql/java-queries` codeql queries cryptobom generate java-jb-output --output-file cbom.jsonThis does not produces any info except for the wrapper: