mirror of
https://github.com/anchore/grype
synced 2024-11-10 06:34:13 +00:00
24d5d4ffb2
* upgrade tool management Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update version file on release Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> |
||
---|---|---|
.. | ||
.gitignore | ||
cyclonedx.json | ||
cyclonedx.xsd | ||
Makefile | ||
README.md | ||
spdx.xsd |
CycloneDX Schemas
grype
generates a CycloneDX output. This validation is similar to what is done in syft
, validating output against CycloneDX schemas.
Validation is done with xmllint
, which requires a copy of all schemas because it can't work with HTTP references. The schemas are modified to reference local copies of dependent schemas.
Updating
You will need to go to https://github.com/CycloneDX/specification/blob/1.5/schema and download the latest bom-#.#.xsd
and spdx.xsd
.
Additionally, for xmllint
to function you will need to patch the bom schema with the location to the SPDX schema by changing:
<xs:import namespace="http://cyclonedx.org/schema/spdx" schemaLocation="http://cyclonedx.org/schema/spdx"/>
To:
<xs:import namespace="http://cyclonedx.org/schema/spdx" schemaLocation="spdx.xsd"/>