From d5da84ee2950781b36c9e4df70af8ab1be9dac1d Mon Sep 17 00:00:00 2001 From: Simon Bennetts Date: Tue, 10 Oct 2023 18:59:20 +0200 Subject: [PATCH] Add SBOM help page Signed-off-by: Simon Bennetts --- addOns/help/CHANGELOG.md | 3 ++ .../src/main/javahelp/contents/cmdline.html | 1 + .../contents/start/features/features.html | 1 + .../contents/start/features/sbom.html | 42 +++++++++++++++++++ .../javahelp/contents/ui/tlmenu/help.html | 7 +++- addOns/help/src/main/javahelp/toc.xml | 1 + commonFiles/src/main/resources/map.jhm | 1 + 7 files changed, 54 insertions(+), 2 deletions(-) create mode 100644 addOns/help/src/main/javahelp/contents/start/features/sbom.html diff --git a/addOns/help/CHANGELOG.md b/addOns/help/CHANGELOG.md index 82072937..88cac27d 100644 --- a/addOns/help/CHANGELOG.md +++ b/addOns/help/CHANGELOG.md @@ -4,6 +4,9 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased +### Added +- SBOM help page. + ### Changed - Updated for 2.14.0. diff --git a/addOns/help/src/main/javahelp/contents/cmdline.html b/addOns/help/src/main/javahelp/contents/cmdline.html index 4a6a9379..96546c3a 100644 --- a/addOns/help/src/main/javahelp/contents/cmdline.html +++ b/addOns/help/src/main/javahelp/contents/cmdline.html @@ -49,6 +49,7 @@

Options

    -addonlistList all of the installed add-ons     -script <script>Run the specified script (file system path) if command line/daemon, or just load it if GUI     -suppinfoOutputs details relevant for support and troubleshooting (to the console/standard out). Such as: ZAP version, java version, installed add-ons and version, locale info, operating system, etc. +    -sbomzip <path>Creates a zip file containing all of the available SBOMs
diff --git a/addOns/help/src/main/javahelp/contents/start/features/features.html b/addOns/help/src/main/javahelp/contents/start/features/features.html index a56ac3cb..a5a2e3e6 100644 --- a/addOns/help/src/main/javahelp/contents/start/features/features.html +++ b/addOns/help/src/main/javahelp/contents/start/features/features.html @@ -27,6 +27,7 @@

Features

    Modes     Notes     Passive Scan +    Software Bill of Materials     Scan Policy     Scope     Scripts diff --git a/addOns/help/src/main/javahelp/contents/start/features/sbom.html b/addOns/help/src/main/javahelp/contents/start/features/sbom.html new file mode 100644 index 00000000..38f2b1ec --- /dev/null +++ b/addOns/help/src/main/javahelp/contents/start/features/sbom.html @@ -0,0 +1,42 @@ + + + + + +Software Bill of Materials + + + +

Software Bill of Materials

+

+ZAP includes a runtime Software Bill of Materials (SBOM) generated by CycloneDX +for both the ZAP core and all of the add-ons maintained by the ZAP team. +Each SBOM will appear as a file called "bom.json" included at the root of the ZAP JARs. +

+Note that SBOMs may not be available if you run ZAP from the source code, and some 3rd party add-ons may also not define them. + +

SBOM zip

+A zip file containing all of the available SBOM files can be generated via the following options. +The ZAP core SBOM file will be called "zap-core-bom.json" and the add-on SBOM files will be called "<addon-id>-bom.json". + +

Desktop

+The Help menu "Support Info..." dialog "Save SBOM zip..." button. + +

Command Line

+ +The "-sbomzip" Command Line option. + +

API

+ +The core "createSbomZip" API action. + +

See also

+ + + +
     +UI Overviewfor an overview of the user interface
     +Featuresprovided by ZAP
+ + + diff --git a/addOns/help/src/main/javahelp/contents/ui/tlmenu/help.html b/addOns/help/src/main/javahelp/contents/ui/tlmenu/help.html index fd11024b..76b23174 100644 --- a/addOns/help/src/main/javahelp/contents/ui/tlmenu/help.html +++ b/addOns/help/src/main/javahelp/contents/ui/tlmenu/help.html @@ -17,8 +17,11 @@

Support Info...

Displays a dialog that contains information which is useful when troubleshooting or seeking support. Such as:
Version, installed add-ons and versions, operating system, java version, locale info, and ZAP Home Directory path. This information can be copied and pasted.
-The dialog includes an "Open" button, which assuming the OS supports the necessary functionality, will open the ZAP Home Directory -(for logs or configuration files) when clicked. +The dialog includes an "Open ZAP Home" button, which assuming the OS supports the necessary functionality, will open the ZAP Home Directory +(for logs or configuration files) when clicked.
+The dialog includes a "Save SBOM zip..." button, which will prompt you for the name of a zip file +which it will generate containing all of the available +SBOM files.

Check for Updates...

This checks to see if you are running the latest version of ZAP. diff --git a/addOns/help/src/main/javahelp/toc.xml b/addOns/help/src/main/javahelp/toc.xml index 16c53ca7..997d47b8 100644 --- a/addOns/help/src/main/javahelp/toc.xml +++ b/addOns/help/src/main/javahelp/toc.xml @@ -34,6 +34,7 @@ + diff --git a/commonFiles/src/main/resources/map.jhm b/commonFiles/src/main/resources/map.jhm index bd8b5a90..74f54b61 100644 --- a/commonFiles/src/main/resources/map.jhm +++ b/commonFiles/src/main/resources/map.jhm @@ -30,6 +30,7 @@ +