mirror of https://github.com/anchore/grype synced 2024-09-20 22:41:55 +00:00

History

Christopher Angelo Phillips a62a3a413e feat: swap custom cyclone-dx model for cyclone-dx library (#1038 ) grype currently produces CYCLONE-DX SBOM that are not compliant with the cyclone-dx tooling libraries. Rather than write the logic in two places, this PR moves grype to use syft's formatting functions as a library to produce valid CYCLONE-DX SBOM components along with the discovered vulnerabilities. For more context on impacted issues: https://github.com/anchore/grype/issues/796 https://github.com/anchore/grype/issues/951		2022-12-22 16:35:09 +00:00
..
.gitignore	feat: swap custom cyclone-dx model for cyclone-dx library (#1038 )	2022-12-22 16:35:09 +00:00
cyclonedx.json	feat: swap custom cyclone-dx model for cyclone-dx library (#1038 )	2022-12-22 16:35:09 +00:00
cyclonedx.xsd	feat: swap custom cyclone-dx model for cyclone-dx library (#1038 )	2022-12-22 16:35:09 +00:00
Makefile	feat: swap custom cyclone-dx model for cyclone-dx library (#1038 )	2022-12-22 16:35:09 +00:00
README.md	feat: swap custom cyclone-dx model for cyclone-dx library (#1038 )	2022-12-22 16:35:09 +00:00
spdx.xsd	feat: swap custom cyclone-dx model for cyclone-dx library (#1038 )	2022-12-22 16:35:09 +00:00

README.md

CycloneDX Schemas

grype generates a CycloneDX output. This validation is similar to what is done in syft, validating output against CycloneDX schemas.

Validation is done with xmllint, which requires a copy of all schemas because it can't work with HTTP references. The schemas are modified to reference local copies of dependent schemas.