mirror of https://github.com/anchore/syft synced 2024-11-13 23:57:07 +00:00

History

Dan Luhring f98868b55e Find Java package versions in additional manifest sections (#673 ) * Add failing test for missing versions Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Look through all named sections for version Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Consistent installation of yajsv Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Adjust output text for test assertion Signed-off-by: Dan Luhring <dan+github@luhrings.com>		2021-12-13 15:39:42 -05:00
..
.gitignore	add cyclone-json output format (#635 )	2021-12-03 17:06:23 -08:00
bom-1.3.schema.json	add cyclone-json output format (#635 )	2021-12-03 17:06:23 -08:00
cyclonedx.xsd	add cyclone-json output format (#635 )	2021-12-03 17:06:23 -08:00
Makefile	Find Java package versions in additional manifest sections (#673 )	2021-12-13 15:39:42 -05:00
README.md	add bom descriptor schema + test against xml schemas in pipeline (#163 )	2020-08-27 19:12:45 -04:00
spdx.xsd	add cyclone-json output format (#635 )	2021-12-03 17:06:23 -08:00

README.md

CycloneDX Schemas

syft generates a CycloneDX BOm output. We want to be able to validate the CycloneDX schemas (and dependent schemas) against generated syft output. The best way to do this is with xmllint, however, this tool does not know how to deal with references from HTTP, only the local filesystem. For this reason we've included a copy of all schemas needed to validate syft output, modified to reference local copies of dependent schemas.