mirror of
https://github.com/anchore/syft
synced 2024-11-10 06:14:16 +00:00
feat: update syft to generate cyclone-dx 1.6 by default (#2978)
- Resolves #2974 - add detailed instructions re: updating schemas (a necessary task when a new CycloneDX spec version becomes available). - The DefaultVersion constant has been updated to "1.6" -- it's not clear to me how this is used at this time (it may be redundant given other code), but effectively unless a specific spec version is configured, `syft` will emit the "most recent" spec version available for cyclonedx. Users who wish to pin back to a "older" specVersion (e.g. to preserve compatibilty with utilities that have not yet bumped to latest) can either set this in a syft config file or pass a name@spec_version pair to the output flag (e.g. `-o cyclonedx-json@1.5=some-1.5-spec-bom.cdx.json`) - Regenerate relevant .golden files (there seems to be a way to do this via flags, but I couldn't quite figure out the right set to pass correctly, esp. since (as a relative go novice) I found it difficult to run just a single test file. I ended up "brute-forcing it" by changing the *updateSnapshot val to "true" and running it in Goland. A brief comment giving an example of regenerating fixtures usage would be helpful. Signed-off-by: Rajan Agaskar <ragaskar@gmail.com>
This commit is contained in:
parent
9b178174a7
commit
ae0683074e
13 changed files with 5289 additions and 330 deletions
|
@ -7,3 +7,12 @@ For this reason we've included a copy of all schemas needed to validate `syft` o
|
||||||
to reference local copies of dependent schemas.
|
to reference local copies of dependent schemas.
|
||||||
|
|
||||||
You can get the latest schemas from the [CycloneDX specifications repo](https://github.com/CycloneDX/specification/tree/master/schema).
|
You can get the latest schemas from the [CycloneDX specifications repo](https://github.com/CycloneDX/specification/tree/master/schema).
|
||||||
|
|
||||||
|
When the spec version is bumped an approach to determining prior modifications is to compare the
|
||||||
|
prior spec version (e.g. if updating to 1.7, compare the files in this directory against the 1.6
|
||||||
|
equivalents).
|
||||||
|
|
||||||
|
One can also update the schemas and observe the errors in order to make the necessary updates.
|
||||||
|
At the time of writing, the cyclonedx.xsd needed modifications to link to the local spdx.xsd,
|
||||||
|
and also to changes the minOccurs for a license tag to 0. (The json schema does not require
|
||||||
|
modification for the generated file to lint properly, but can simply be copy/pasted).
|
||||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because it is too large
Load diff
|
@ -2,7 +2,7 @@
|
||||||
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||||
elementFormDefault="qualified"
|
elementFormDefault="qualified"
|
||||||
targetNamespace="http://cyclonedx.org/schema/spdx"
|
targetNamespace="http://cyclonedx.org/schema/spdx"
|
||||||
version="1.0-3.23">
|
version="1.0-3.24.0">
|
||||||
|
|
||||||
<xs:simpleType name="licenseId">
|
<xs:simpleType name="licenseId">
|
||||||
<xs:restriction base="xs:string">
|
<xs:restriction base="xs:string">
|
||||||
|
@ -12,6 +12,11 @@
|
||||||
<xs:documentation>BSD Zero Clause License</xs:documentation>
|
<xs:documentation>BSD Zero Clause License</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:enumeration>
|
</xs:enumeration>
|
||||||
|
<xs:enumeration value="3D-Slicer-1.0">
|
||||||
|
<xs:annotation>
|
||||||
|
<xs:documentation>3D Slicer License v1.0</xs:documentation>
|
||||||
|
</xs:annotation>
|
||||||
|
</xs:enumeration>
|
||||||
<xs:enumeration value="AAL">
|
<xs:enumeration value="AAL">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>Attribution Assurance License</xs:documentation>
|
<xs:documentation>Attribution Assurance License</xs:documentation>
|
||||||
|
@ -117,6 +122,11 @@
|
||||||
<xs:documentation>Aladdin Free Public License</xs:documentation>
|
<xs:documentation>Aladdin Free Public License</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:enumeration>
|
</xs:enumeration>
|
||||||
|
<xs:enumeration value="AMD-newlib">
|
||||||
|
<xs:annotation>
|
||||||
|
<xs:documentation>AMD newlib License</xs:documentation>
|
||||||
|
</xs:annotation>
|
||||||
|
</xs:enumeration>
|
||||||
<xs:enumeration value="AMDPLPA">
|
<xs:enumeration value="AMDPLPA">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>AMD's plpa_map.c License</xs:documentation>
|
<xs:documentation>AMD's plpa_map.c License</xs:documentation>
|
||||||
|
@ -147,6 +157,11 @@
|
||||||
<xs:documentation>ANTLR Software Rights Notice with license fallback</xs:documentation>
|
<xs:documentation>ANTLR Software Rights Notice with license fallback</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:enumeration>
|
</xs:enumeration>
|
||||||
|
<xs:enumeration value="any-OSI">
|
||||||
|
<xs:annotation>
|
||||||
|
<xs:documentation>Any OSI License</xs:documentation>
|
||||||
|
</xs:annotation>
|
||||||
|
</xs:enumeration>
|
||||||
<xs:enumeration value="Apache-1.0">
|
<xs:enumeration value="Apache-1.0">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>Apache License 1.0</xs:documentation>
|
<xs:documentation>Apache License 1.0</xs:documentation>
|
||||||
|
@ -322,6 +337,11 @@
|
||||||
<xs:documentation>BSD 2-Clause - Ian Darwin variant</xs:documentation>
|
<xs:documentation>BSD 2-Clause - Ian Darwin variant</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:enumeration>
|
</xs:enumeration>
|
||||||
|
<xs:enumeration value="BSD-2-Clause-first-lines">
|
||||||
|
<xs:annotation>
|
||||||
|
<xs:documentation>BSD 2-Clause - first lines requirement</xs:documentation>
|
||||||
|
</xs:annotation>
|
||||||
|
</xs:enumeration>
|
||||||
<xs:enumeration value="BSD-2-Clause-FreeBSD">
|
<xs:enumeration value="BSD-2-Clause-FreeBSD">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>BSD 2-Clause FreeBSD License</xs:documentation>
|
<xs:documentation>BSD 2-Clause FreeBSD License</xs:documentation>
|
||||||
|
@ -522,6 +542,11 @@
|
||||||
<xs:documentation>Caldera License (without preamble)</xs:documentation>
|
<xs:documentation>Caldera License (without preamble)</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:enumeration>
|
</xs:enumeration>
|
||||||
|
<xs:enumeration value="Catharon">
|
||||||
|
<xs:annotation>
|
||||||
|
<xs:documentation>Catharon License</xs:documentation>
|
||||||
|
</xs:annotation>
|
||||||
|
</xs:enumeration>
|
||||||
<xs:enumeration value="CATOSL-1.1">
|
<xs:enumeration value="CATOSL-1.1">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>Computer Associates Trusted Open Source License 1.1</xs:documentation>
|
<xs:documentation>Computer Associates Trusted Open Source License 1.1</xs:documentation>
|
||||||
|
@ -1002,6 +1027,11 @@
|
||||||
<xs:documentation>curl License</xs:documentation>
|
<xs:documentation>curl License</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:enumeration>
|
</xs:enumeration>
|
||||||
|
<xs:enumeration value="cve-tou">
|
||||||
|
<xs:annotation>
|
||||||
|
<xs:documentation>Common Vulnerability Enumeration ToU License</xs:documentation>
|
||||||
|
</xs:annotation>
|
||||||
|
</xs:enumeration>
|
||||||
<xs:enumeration value="D-FSL-1.0">
|
<xs:enumeration value="D-FSL-1.0">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>Deutsche Freie Software Lizenz</xs:documentation>
|
<xs:documentation>Deutsche Freie Software Lizenz</xs:documentation>
|
||||||
|
@ -1482,6 +1512,11 @@
|
||||||
<xs:documentation>gtkbook License</xs:documentation>
|
<xs:documentation>gtkbook License</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:enumeration>
|
</xs:enumeration>
|
||||||
|
<xs:enumeration value="Gutmann">
|
||||||
|
<xs:annotation>
|
||||||
|
<xs:documentation>Gutmann License</xs:documentation>
|
||||||
|
</xs:annotation>
|
||||||
|
</xs:enumeration>
|
||||||
<xs:enumeration value="HaskellReport">
|
<xs:enumeration value="HaskellReport">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>Haskell Language Report License</xs:documentation>
|
<xs:documentation>Haskell Language Report License</xs:documentation>
|
||||||
|
@ -1532,11 +1567,21 @@
|
||||||
<xs:documentation>HPND with US Government export control warning</xs:documentation>
|
<xs:documentation>HPND with US Government export control warning</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:enumeration>
|
</xs:enumeration>
|
||||||
|
<xs:enumeration value="HPND-export-US-acknowledgement">
|
||||||
|
<xs:annotation>
|
||||||
|
<xs:documentation>HPND with US Government export control warning and acknowledgment</xs:documentation>
|
||||||
|
</xs:annotation>
|
||||||
|
</xs:enumeration>
|
||||||
<xs:enumeration value="HPND-export-US-modify">
|
<xs:enumeration value="HPND-export-US-modify">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>HPND with US Government export control warning and modification rqmt</xs:documentation>
|
<xs:documentation>HPND with US Government export control warning and modification rqmt</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:enumeration>
|
</xs:enumeration>
|
||||||
|
<xs:enumeration value="HPND-export2-US">
|
||||||
|
<xs:annotation>
|
||||||
|
<xs:documentation>HPND with US Government export control and 2 disclaimers</xs:documentation>
|
||||||
|
</xs:annotation>
|
||||||
|
</xs:enumeration>
|
||||||
<xs:enumeration value="HPND-Fenneberg-Livingston">
|
<xs:enumeration value="HPND-Fenneberg-Livingston">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>Historical Permission Notice and Disclaimer - Fenneberg-Livingston variant</xs:documentation>
|
<xs:documentation>Historical Permission Notice and Disclaimer - Fenneberg-Livingston variant</xs:documentation>
|
||||||
|
@ -1547,6 +1592,11 @@
|
||||||
<xs:documentation>Historical Permission Notice and Disclaimer - INRIA-IMAG variant</xs:documentation>
|
<xs:documentation>Historical Permission Notice and Disclaimer - INRIA-IMAG variant</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:enumeration>
|
</xs:enumeration>
|
||||||
|
<xs:enumeration value="HPND-Intel">
|
||||||
|
<xs:annotation>
|
||||||
|
<xs:documentation>Historical Permission Notice and Disclaimer - Intel variant</xs:documentation>
|
||||||
|
</xs:annotation>
|
||||||
|
</xs:enumeration>
|
||||||
<xs:enumeration value="HPND-Kevlin-Henney">
|
<xs:enumeration value="HPND-Kevlin-Henney">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>Historical Permission Notice and Disclaimer - Kevlin Henney variant</xs:documentation>
|
<xs:documentation>Historical Permission Notice and Disclaimer - Kevlin Henney variant</xs:documentation>
|
||||||
|
@ -1557,6 +1607,11 @@
|
||||||
<xs:documentation>Historical Permission Notice and Disclaimer - Markus Kuhn variant</xs:documentation>
|
<xs:documentation>Historical Permission Notice and Disclaimer - Markus Kuhn variant</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:enumeration>
|
</xs:enumeration>
|
||||||
|
<xs:enumeration value="HPND-merchantability-variant">
|
||||||
|
<xs:annotation>
|
||||||
|
<xs:documentation>Historical Permission Notice and Disclaimer - merchantability variant</xs:documentation>
|
||||||
|
</xs:annotation>
|
||||||
|
</xs:enumeration>
|
||||||
<xs:enumeration value="HPND-MIT-disclaimer">
|
<xs:enumeration value="HPND-MIT-disclaimer">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>Historical Permission Notice and Disclaimer with MIT disclaimer</xs:documentation>
|
<xs:documentation>Historical Permission Notice and Disclaimer with MIT disclaimer</xs:documentation>
|
||||||
|
@ -1587,11 +1642,21 @@
|
||||||
<xs:documentation>HPND sell variant with MIT disclaimer</xs:documentation>
|
<xs:documentation>HPND sell variant with MIT disclaimer</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:enumeration>
|
</xs:enumeration>
|
||||||
|
<xs:enumeration value="HPND-sell-variant-MIT-disclaimer-rev">
|
||||||
|
<xs:annotation>
|
||||||
|
<xs:documentation>HPND sell variant with MIT disclaimer - reverse</xs:documentation>
|
||||||
|
</xs:annotation>
|
||||||
|
</xs:enumeration>
|
||||||
<xs:enumeration value="HPND-UC">
|
<xs:enumeration value="HPND-UC">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>Historical Permission Notice and Disclaimer - University of California variant</xs:documentation>
|
<xs:documentation>Historical Permission Notice and Disclaimer - University of California variant</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:enumeration>
|
</xs:enumeration>
|
||||||
|
<xs:enumeration value="HPND-UC-export-US">
|
||||||
|
<xs:annotation>
|
||||||
|
<xs:documentation>Historical Permission Notice and Disclaimer - University of California, US export warning</xs:documentation>
|
||||||
|
</xs:annotation>
|
||||||
|
</xs:enumeration>
|
||||||
<xs:enumeration value="HTMLTIDY">
|
<xs:enumeration value="HTMLTIDY">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>HTML Tidy License</xs:documentation>
|
<xs:documentation>HTML Tidy License</xs:documentation>
|
||||||
|
@ -2027,6 +2092,11 @@
|
||||||
<xs:documentation>MIT Festival Variant</xs:documentation>
|
<xs:documentation>MIT Festival Variant</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:enumeration>
|
</xs:enumeration>
|
||||||
|
<xs:enumeration value="MIT-Khronos-old">
|
||||||
|
<xs:annotation>
|
||||||
|
<xs:documentation>MIT Khronos - old variant</xs:documentation>
|
||||||
|
</xs:annotation>
|
||||||
|
</xs:enumeration>
|
||||||
<xs:enumeration value="MIT-Modern-Variant">
|
<xs:enumeration value="MIT-Modern-Variant">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>MIT License Modern Variant</xs:documentation>
|
<xs:documentation>MIT License Modern Variant</xs:documentation>
|
||||||
|
@ -2162,11 +2232,21 @@
|
||||||
<xs:documentation>Net Boolean Public License v1</xs:documentation>
|
<xs:documentation>Net Boolean Public License v1</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:enumeration>
|
</xs:enumeration>
|
||||||
|
<xs:enumeration value="NCBI-PD">
|
||||||
|
<xs:annotation>
|
||||||
|
<xs:documentation>NCBI Public Domain Notice</xs:documentation>
|
||||||
|
</xs:annotation>
|
||||||
|
</xs:enumeration>
|
||||||
<xs:enumeration value="NCGL-UK-2.0">
|
<xs:enumeration value="NCGL-UK-2.0">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>Non-Commercial Government Licence</xs:documentation>
|
<xs:documentation>Non-Commercial Government Licence</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:enumeration>
|
</xs:enumeration>
|
||||||
|
<xs:enumeration value="NCL">
|
||||||
|
<xs:annotation>
|
||||||
|
<xs:documentation>NCL Source Code License</xs:documentation>
|
||||||
|
</xs:annotation>
|
||||||
|
</xs:enumeration>
|
||||||
<xs:enumeration value="NCSA">
|
<xs:enumeration value="NCSA">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>University of Illinois/NCSA Open Source License</xs:documentation>
|
<xs:documentation>University of Illinois/NCSA Open Source License</xs:documentation>
|
||||||
|
@ -2282,6 +2362,11 @@
|
||||||
<xs:documentation>Open Use of Data Agreement v1.0</xs:documentation>
|
<xs:documentation>Open Use of Data Agreement v1.0</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:enumeration>
|
</xs:enumeration>
|
||||||
|
<xs:enumeration value="OAR">
|
||||||
|
<xs:annotation>
|
||||||
|
<xs:documentation>OAR License</xs:documentation>
|
||||||
|
</xs:annotation>
|
||||||
|
</xs:enumeration>
|
||||||
<xs:enumeration value="OCCT-PL">
|
<xs:enumeration value="OCCT-PL">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>Open CASCADE Technology Public License</xs:documentation>
|
<xs:documentation>Open CASCADE Technology Public License</xs:documentation>
|
||||||
|
@ -2562,6 +2647,11 @@
|
||||||
<xs:documentation>Pixar License</xs:documentation>
|
<xs:documentation>Pixar License</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:enumeration>
|
</xs:enumeration>
|
||||||
|
<xs:enumeration value="pkgconf">
|
||||||
|
<xs:annotation>
|
||||||
|
<xs:documentation>pkgconf License</xs:documentation>
|
||||||
|
</xs:annotation>
|
||||||
|
</xs:enumeration>
|
||||||
<xs:enumeration value="Plexus">
|
<xs:enumeration value="Plexus">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>Plexus Classworlds License</xs:documentation>
|
<xs:documentation>Plexus Classworlds License</xs:documentation>
|
||||||
|
@ -2587,6 +2677,11 @@
|
||||||
<xs:documentation>PostgreSQL License</xs:documentation>
|
<xs:documentation>PostgreSQL License</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:enumeration>
|
</xs:enumeration>
|
||||||
|
<xs:enumeration value="PPL">
|
||||||
|
<xs:annotation>
|
||||||
|
<xs:documentation>Peer Production License</xs:documentation>
|
||||||
|
</xs:annotation>
|
||||||
|
</xs:enumeration>
|
||||||
<xs:enumeration value="PSF-2.0">
|
<xs:enumeration value="PSF-2.0">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>Python Software Foundation License 2.0</xs:documentation>
|
<xs:documentation>Python Software Foundation License 2.0</xs:documentation>
|
||||||
|
@ -2862,6 +2957,11 @@
|
||||||
<xs:documentation>Sun PPP License</xs:documentation>
|
<xs:documentation>Sun PPP License</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:enumeration>
|
</xs:enumeration>
|
||||||
|
<xs:enumeration value="Sun-PPP-2000">
|
||||||
|
<xs:annotation>
|
||||||
|
<xs:documentation>Sun PPP License (2000)</xs:documentation>
|
||||||
|
</xs:annotation>
|
||||||
|
</xs:enumeration>
|
||||||
<xs:enumeration value="SunPro">
|
<xs:enumeration value="SunPro">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>SunPro License</xs:documentation>
|
<xs:documentation>SunPro License</xs:documentation>
|
||||||
|
@ -2907,6 +3007,11 @@
|
||||||
<xs:documentation>Transitive Grace Period Public Licence 1.0</xs:documentation>
|
<xs:documentation>Transitive Grace Period Public Licence 1.0</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:enumeration>
|
</xs:enumeration>
|
||||||
|
<xs:enumeration value="threeparttable">
|
||||||
|
<xs:annotation>
|
||||||
|
<xs:documentation>threeparttable License</xs:documentation>
|
||||||
|
</xs:annotation>
|
||||||
|
</xs:enumeration>
|
||||||
<xs:enumeration value="TMate">
|
<xs:enumeration value="TMate">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>TMate Open Source License</xs:documentation>
|
<xs:documentation>TMate Open Source License</xs:documentation>
|
||||||
|
@ -3132,6 +3237,11 @@
|
||||||
<xs:documentation>XSkat License</xs:documentation>
|
<xs:documentation>XSkat License</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:enumeration>
|
</xs:enumeration>
|
||||||
|
<xs:enumeration value="xzoom">
|
||||||
|
<xs:annotation>
|
||||||
|
<xs:documentation>xzoom License</xs:documentation>
|
||||||
|
</xs:annotation>
|
||||||
|
</xs:enumeration>
|
||||||
<xs:enumeration value="YPL-1.0">
|
<xs:enumeration value="YPL-1.0">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>Yahoo! Public License v1.0</xs:documentation>
|
<xs:documentation>Yahoo! Public License v1.0</xs:documentation>
|
||||||
|
@ -3203,6 +3313,11 @@
|
||||||
<xs:documentation>Asterisk exception</xs:documentation>
|
<xs:documentation>Asterisk exception</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:enumeration>
|
</xs:enumeration>
|
||||||
|
<xs:enumeration value="Asterisk-linking-protocols-exception">
|
||||||
|
<xs:annotation>
|
||||||
|
<xs:documentation>Asterisk linking protocols exception</xs:documentation>
|
||||||
|
</xs:annotation>
|
||||||
|
</xs:enumeration>
|
||||||
<xs:enumeration value="Autoconf-exception-2.0">
|
<xs:enumeration value="Autoconf-exception-2.0">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>Autoconf exception 2.0</xs:documentation>
|
<xs:documentation>Autoconf exception 2.0</xs:documentation>
|
||||||
|
@ -3438,6 +3553,11 @@
|
||||||
<xs:documentation>OpenVPN OpenSSL Exception</xs:documentation>
|
<xs:documentation>OpenVPN OpenSSL Exception</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:enumeration>
|
</xs:enumeration>
|
||||||
|
<xs:enumeration value="PCRE2-exception">
|
||||||
|
<xs:annotation>
|
||||||
|
<xs:documentation>PCRE2 exception</xs:documentation>
|
||||||
|
</xs:annotation>
|
||||||
|
</xs:enumeration>
|
||||||
<xs:enumeration value="PS-or-PDF-font-exception-20170817">
|
<xs:enumeration value="PS-or-PDF-font-exception-20170817">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>PS/PDF font exception (2017-08-17)</xs:documentation>
|
<xs:documentation>PS/PDF font exception (2017-08-17)</xs:documentation>
|
||||||
|
@ -3463,6 +3583,11 @@
|
||||||
<xs:documentation>Qwt exception 1.0</xs:documentation>
|
<xs:documentation>Qwt exception 1.0</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:enumeration>
|
</xs:enumeration>
|
||||||
|
<xs:enumeration value="RRDtool-FLOSS-exception-2.0">
|
||||||
|
<xs:annotation>
|
||||||
|
<xs:documentation>RRDtool FLOSS exception 2.0</xs:documentation>
|
||||||
|
</xs:annotation>
|
||||||
|
</xs:enumeration>
|
||||||
<xs:enumeration value="SANE-exception">
|
<xs:enumeration value="SANE-exception">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>SANE Exception</xs:documentation>
|
<xs:documentation>SANE Exception</xs:documentation>
|
||||||
|
|
59
syft/format/cyclonedxjson/test-fixtures/identify/1.6.json
Normal file
59
syft/format/cyclonedxjson/test-fixtures/identify/1.6.json
Normal file
|
@ -0,0 +1,59 @@
|
||||||
|
{
|
||||||
|
"$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
|
||||||
|
"bomFormat": "CycloneDX",
|
||||||
|
"specVersion": "1.6",
|
||||||
|
"serialNumber": "urn:uuid:5208fea9-73dd-4624-b596-69fddccdb9e7",
|
||||||
|
"version": 1,
|
||||||
|
"metadata": {
|
||||||
|
"timestamp": "2023-09-29T12:02:02-04:00",
|
||||||
|
"tools": [
|
||||||
|
{
|
||||||
|
"vendor": "anchore",
|
||||||
|
"name": "syft",
|
||||||
|
"version": "[not provided]"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"component": {
|
||||||
|
"bom-ref": "a0ff99a6af10f11f",
|
||||||
|
"type": "file",
|
||||||
|
"name": "go.mod",
|
||||||
|
"version": "sha256:sha256:dc333f342905248a52e424d8dfd061251d01867d01a4f9d7397144a775ff9ebd"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"components": [
|
||||||
|
{
|
||||||
|
"bom-ref": "pkg:golang/github.com/wagoodman/go-partybus@v0.0.0-20230516145632-8ccac152c651?package-id=2ff71a67fb024c86",
|
||||||
|
"type": "library",
|
||||||
|
"name": "github.com/wagoodman/go-partybus",
|
||||||
|
"version": "v0.0.0-20230516145632-8ccac152c651",
|
||||||
|
"cpe": "cpe:2.3:a:wagoodman:go-partybus:v0.0.0-20230516145632-8ccac152c651:*:*:*:*:*:*:*",
|
||||||
|
"purl": "pkg:golang/github.com/wagoodman/go-partybus@v0.0.0-20230516145632-8ccac152c651",
|
||||||
|
"properties": [
|
||||||
|
{
|
||||||
|
"name": "syft:package:foundBy",
|
||||||
|
"value": "go-module-file-cataloger"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "syft:package:language",
|
||||||
|
"value": "go"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "syft:package:metadataType",
|
||||||
|
"value": "GolangModMetadata"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "syft:package:type",
|
||||||
|
"value": "go-module"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "syft:cpe23",
|
||||||
|
"value": "cpe:2.3:a:wagoodman:go_partybus:v0.0.0-20230516145632-8ccac152c651:*:*:*:*:*:*:*"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "syft:location:0:path",
|
||||||
|
"value": "/go.mod"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,28 @@
|
||||||
|
{
|
||||||
|
"bomFormat": "CycloneDX",
|
||||||
|
"specVersion": "1.6",
|
||||||
|
"version": 1,
|
||||||
|
"components": [
|
||||||
|
{
|
||||||
|
"type": "library",
|
||||||
|
"group": "io.netty",
|
||||||
|
"name": "netty-codec-http2",
|
||||||
|
"version": "4.1.73.Final",
|
||||||
|
"properties": [
|
||||||
|
{
|
||||||
|
"name": "syft:cpe23",
|
||||||
|
"value": "cpe:2.3:a:codec:codec:4.1.73.Final:*:*:*:*:*:*:*"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "syft:cpe23",
|
||||||
|
"value": "cpe:2.3:a:codec:netty-codec-http2:4.1.73.Final:*:*:*:*:*:*:*"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "syft:cpe23",
|
||||||
|
"value": "cpe:2.3:a:codec:netty_codec_http2:4.1.73.Final:*:*:*:*:*:*:*"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"serialNumber": "urn:uuid:3eb5ec7a-cb05-4339-b873-e27b1c1efaba"
|
||||||
|
}
|
|
@ -1,7 +1,7 @@
|
||||||
{
|
{
|
||||||
"$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
|
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
|
||||||
"bomFormat": "CycloneDX",
|
"bomFormat": "CycloneDX",
|
||||||
"specVersion": "1.5",
|
"specVersion": "1.6",
|
||||||
"serialNumber": "urn:uuid:redacted",
|
"serialNumber": "urn:uuid:redacted",
|
||||||
"version": 1,
|
"version": 1,
|
||||||
"metadata": {
|
"metadata": {
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{
|
{
|
||||||
"$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
|
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
|
||||||
"bomFormat": "CycloneDX",
|
"bomFormat": "CycloneDX",
|
||||||
"specVersion": "1.5",
|
"specVersion": "1.6",
|
||||||
"serialNumber": "urn:uuid:redacted",
|
"serialNumber": "urn:uuid:redacted",
|
||||||
"version": 1,
|
"version": 1,
|
||||||
"metadata": {
|
"metadata": {
|
||||||
|
|
33
syft/format/cyclonedxxml/test-fixtures/identify/1.6.xml
Normal file
33
syft/format/cyclonedxxml/test-fixtures/identify/1.6.xml
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<bom xmlns="http://cyclonedx.org/schema/bom/1.6" serialNumber="urn:uuid:098e8516-ecd5-4130-9d5f-c32ba1ddb0dd" version="1">
|
||||||
|
<metadata>
|
||||||
|
<timestamp>2023-09-29T11:48:10-04:00</timestamp>
|
||||||
|
<tools>
|
||||||
|
<tool>
|
||||||
|
<vendor>anchore</vendor>
|
||||||
|
<name>syft</name>
|
||||||
|
<version>[not provided]</version>
|
||||||
|
</tool>
|
||||||
|
</tools>
|
||||||
|
<component bom-ref="a0ff99a6af10f11f" type="file">
|
||||||
|
<name>go.mod</name>
|
||||||
|
<version>sha256:sha256:dc333f342905248a52e424d8dfd061251d01867d01a4f9d7397144a775ff9ebd</version>
|
||||||
|
</component>
|
||||||
|
</metadata>
|
||||||
|
<components>
|
||||||
|
<component bom-ref="pkg:golang/github.com/wagoodman/go-partybus@v0.0.0-20230516145632-8ccac152c651?package-id=2ff71a67fb024c86" type="library">
|
||||||
|
<name>github.com/wagoodman/go-partybus</name>
|
||||||
|
<version>v0.0.0-20230516145632-8ccac152c651</version>
|
||||||
|
<cpe>cpe:2.3:a:wagoodman:go-partybus:v0.0.0-20230516145632-8ccac152c651:*:*:*:*:*:*:*</cpe>
|
||||||
|
<purl>pkg:golang/github.com/wagoodman/go-partybus@v0.0.0-20230516145632-8ccac152c651</purl>
|
||||||
|
<properties>
|
||||||
|
<property name="syft:package:foundBy">go-module-file-cataloger</property>
|
||||||
|
<property name="syft:package:language">go</property>
|
||||||
|
<property name="syft:package:metadataType">GolangModMetadata</property>
|
||||||
|
<property name="syft:package:type">go-module</property>
|
||||||
|
<property name="syft:cpe23">cpe:2.3:a:wagoodman:go_partybus:v0.0.0-20230516145632-8ccac152c651:*:*:*:*:*:*:*</property>
|
||||||
|
<property name="syft:location:0:path">/go.mod</property>
|
||||||
|
</properties>
|
||||||
|
</component>
|
||||||
|
</components>
|
||||||
|
</bom>
|
|
@ -1,5 +1,5 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
<bom xmlns="http://cyclonedx.org/schema/bom/1.5" serialNumber="redacted" version="1">
|
<bom xmlns="http://cyclonedx.org/schema/bom/1.6" serialNumber="redacted" version="1">
|
||||||
<metadata>
|
<metadata>
|
||||||
<timestamp>redacted</timestamp>
|
<timestamp>redacted</timestamp>
|
||||||
<tools>
|
<tools>
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
<bom xmlns="http://cyclonedx.org/schema/bom/1.5" serialNumber="redacted" version="1">
|
<bom xmlns="http://cyclonedx.org/schema/bom/1.6" serialNumber="redacted" version="1">
|
||||||
<metadata>
|
<metadata>
|
||||||
<timestamp>redacted</timestamp>
|
<timestamp>redacted</timestamp>
|
||||||
<tools>
|
<tools>
|
||||||
|
|
|
@ -9,7 +9,7 @@ import (
|
||||||
"github.com/anchore/syft/syft/sbom"
|
"github.com/anchore/syft/syft/sbom"
|
||||||
)
|
)
|
||||||
|
|
||||||
const DefaultVersion = "1.5"
|
const DefaultVersion = "1.6"
|
||||||
|
|
||||||
type Encoder struct {
|
type Encoder struct {
|
||||||
version cyclonedx.SpecVersion
|
version cyclonedx.SpecVersion
|
||||||
|
|
|
@ -19,6 +19,7 @@ func SupportedVersions(id sbom.FormatID) []string {
|
||||||
"1.3",
|
"1.3",
|
||||||
"1.4",
|
"1.4",
|
||||||
"1.5",
|
"1.5",
|
||||||
|
"1.6",
|
||||||
}
|
}
|
||||||
|
|
||||||
if id != JSONFormatID {
|
if id != JSONFormatID {
|
||||||
|
@ -43,6 +44,8 @@ func SpecVersionFromString(v string) (cyclonedx.SpecVersion, error) {
|
||||||
return cyclonedx.SpecVersion1_4, nil
|
return cyclonedx.SpecVersion1_4, nil
|
||||||
case "1.5":
|
case "1.5":
|
||||||
return cyclonedx.SpecVersion1_5, nil
|
return cyclonedx.SpecVersion1_5, nil
|
||||||
|
case "1.6":
|
||||||
|
return cyclonedx.SpecVersion1_6, nil
|
||||||
}
|
}
|
||||||
return -1, fmt.Errorf("unsupported CycloneDX version %q", v)
|
return -1, fmt.Errorf("unsupported CycloneDX version %q", v)
|
||||||
}
|
}
|
||||||
|
@ -61,6 +64,8 @@ func VersionFromSpecVersion(spec cyclonedx.SpecVersion) string {
|
||||||
return "1.4"
|
return "1.4"
|
||||||
case cyclonedx.SpecVersion1_5:
|
case cyclonedx.SpecVersion1_5:
|
||||||
return "1.5"
|
return "1.5"
|
||||||
|
case cyclonedx.SpecVersion1_6:
|
||||||
|
return "1.6"
|
||||||
}
|
}
|
||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue