feat: provide output config options [#5]

README.md

@@ -33,14 +33,17 @@ export default defineConfig({
 
 ### Options
 
-| Name                | Default       | Description                                                |
-| ------------------- | ------------- | ---------------------------------------------------------- |
-| `specVersion`       | `1.5`         | The CycloneDX specification version to use                 |
-| `rootComponentType` | `application` | The root component type, can be `library` or `application` |
-| `outDir`            | `cyclonedx`   | The output directory where the BOM file will be saved.     |
-| `saveTimestamp`     | `true`        | Whether to save the timestamp in the BOM metadata.         |
-| `autodetect`        | `true`        | Whether to get the root package registered automatically.  |
-| `generateSerial`    | `false`       | Whether to generate a serial number for the BOM.           |
+| Name                | Default           | Description                                                |
+| ------------------- | ----------------- | ---------------------------------------------------------- |
+| `specVersion`       | `1.5`             | The CycloneDX specification version to use                 |
+| `rootComponentType` | `application`     | The root component type, can be `library` or `application` |
+| `outDir`            | `cyclonedx`       | The output directory where the BOM file will be saved.     |
+| `saveTimestamp`     | `true`            | Whether to save the timestamp in the BOM metadata.         |
+| `autodetect`        | `true`            | Whether to get the root package registered automatically.  |
+| `generateSerial`    | `false`           | Whether to generate a serial number for the BOM.           |
+| `sbomFilename`      | `sbom`            | The base filename for the SBOM files.                      |
+| `outputFormats`     | `['json', 'xml']` | The formats to output. Can be any of ['json', 'xml'].      |
+| `includeWellKnown`  | `true`            | Whether to generate a SBOM in the `well-known` directory.  |
 
 ## Contributors
 

src/index.ts

@@ -95,35 +95,48 @@ export default function rollupPluginSbom(userOptions?: RollupPluginSbomOptions):
          * Finalize the SBOM and emit files
          */
         generateBundle() {
-            this.emitFile({
-                type: "asset",
-                fileName: join(options.outDir, "bom.json"),
-                needsCodeReference: false,
-                source: jsonSerializer.serialize(bom, {
-                    sortLists: false,
-                    space: "\t",
-                }),
-            });
+            options.outputFormats.forEach((format) => {
+                let serializer: CDX.Serialize.BaseSerializer<any>;
+                let extension: string;
+
+                // determine the serializer and file extension based on the format
+                switch (format) {
+                    case "json":
+                        serializer = jsonSerializer;
+                        extension = "json";
+                        break;
+                    case "xml":
+                        serializer = xmlSerializer;
+                        extension = "xml";
+                        break;
+                    default:
+                        throw new Error(`Unsupported format: ${format}`);
+                }
 
-            this.emitFile({
-                type: "asset",
-                fileName: join(options.outDir, ".well-known/sbom"),
-                needsCodeReference: false,
-                source: jsonSerializer.serialize(bom, {
-                    sortLists: false,
-                    space: "\t",
-                }),
+                // serialize the BOM and emit the file
+                this.emitFile({
+                    type: "asset",
+                    fileName: join(options.outDir, `${options.sbomFilename}.${extension}`),
+                    needsCodeReference: false,
+                    source: serializer.serialize(bom, {
+                        sortLists: false,
+                        space: "\t",
+                    }),
+                });
             });
 
-            this.emitFile({
-                type: "asset",
-                fileName: join(options.outDir, "bom.xml"),
-                needsCodeReference: false,
-                source: xmlSerializer.serialize(bom, {
-                    sortLists: false,
-                    space: "\t",
-                }),
-            });
+            // emit the .well-known/sbom file
+            if (options.includeWellKnown) {
+                this.emitFile({
+                    type: "asset",
+                    fileName: ".well-known/sbom",
+                    needsCodeReference: false,
+                    source: jsonSerializer.serialize(bom, {
+                        sortLists: false,
+                        space: "\t",
+                    }),
+                });
+            }
         },
     } satisfies Plugin;
 }

src/options.ts

@@ -28,6 +28,18 @@ export interface RollupPluginSbomOptions {
      * If the tool should add a random serial number for the application, defaults to `false`
      */
     generateSerial?: boolean;
+    /**
+     * The base filename for the SBOM files, defaults to 'sbom'
+     */
+    sbomFilename?: string;
+    /**
+     * The formats to output, defaults to ['json', 'xml']
+     */
+    outputFormats?: string[];
+    /**
+     * If the tool should include the well-known components, defaults to `true`
+     */
+    includeWellKnown?: boolean;
 }
 
 export const DEFAULT_OPTIONS: Required<RollupPluginSbomOptions> = {
@@ -37,4 +49,7 @@ export const DEFAULT_OPTIONS: Required<RollupPluginSbomOptions> = {
     saveTimestamp: true,
     autodetect: true,
     generateSerial: false,
+    sbomFilename: "bom",
+    outputFormats: ["json", "xml"],
+    includeWellKnown: true,
 };