Mirrors/grype
2
0
Fork 0
mirror of https://github.com/anchore/grype synced 2024-11-10 06:34:13 +00:00
Code Issues Projects Releases Packages Wiki Activity
grype/schema/cyclonedx/README.md
Christopher Angelo Phillips 5821351240
chore: Update syft v1.7.0 (#1945) 
chore: update syft to v1.7.0
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-06-14 20:47:19 +00:00

847 B
Raw Blame History

CycloneDX Schemas

grype generates a CycloneDX output. This validation is similar to what is done in syft, validating output against CycloneDX schemas.

Validation is done with xmllint, which requires a copy of all schemas because it can't work with HTTP references. The schemas are modified to reference local copies of dependent schemas.

Updating

You will need to go to https://github.com/CycloneDX/specification/blob/1.5/schema and download the latest bom-#.#.xsd and spdx.xsd.

Additionally, for xmllint to function you will need to patch the bom schema with the location to the SPDX schema by changing:

<xs:import namespace="http://cyclonedx.org/schema/spdx" schemaLocation="http://cyclonedx.org/schema/spdx"/>

To:

<xs:import namespace="http://cyclonedx.org/schema/spdx" schemaLocation="spdx.xsd"/>