-
Notifications
You must be signed in to change notification settings - Fork 561
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: update syft to generate cyclone-dx 1.6 by default (#2978)
- Resolves #2974 - add detailed instructions re: updating schemas (a necessary task when a new CycloneDX spec version becomes available). - The DefaultVersion constant has been updated to "1.6" -- it's not clear to me how this is used at this time (it may be redundant given other code), but effectively unless a specific spec version is configured, `syft` will emit the "most recent" spec version available for cyclonedx. Users who wish to pin back to a "older" specVersion (e.g. to preserve compatibilty with utilities that have not yet bumped to latest) can either set this in a syft config file or pass a name@spec_version pair to the output flag (e.g. `-o [email protected]=some-1.5-spec-bom.cdx.json`) - Regenerate relevant .golden files (there seems to be a way to do this via flags, but I couldn't quite figure out the right set to pass correctly, esp. since (as a relative go novice) I found it difficult to run just a single test file. I ended up "brute-forcing it" by changing the *updateSnapshot val to "true" and running it in Goland. A brief comment giving an example of regenerating fixtures usage would be helpful. Signed-off-by: Rajan Agaskar <[email protected]>
- Loading branch information
Showing
13 changed files
with
6,862 additions
and
1,903 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Large diffs are not rendered by default.
Oops, something went wrong.
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
{ | ||
"$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", | ||
"bomFormat": "CycloneDX", | ||
"specVersion": "1.6", | ||
"serialNumber": "urn:uuid:5208fea9-73dd-4624-b596-69fddccdb9e7", | ||
"version": 1, | ||
"metadata": { | ||
"timestamp": "2023-09-29T12:02:02-04:00", | ||
"tools": [ | ||
{ | ||
"vendor": "anchore", | ||
"name": "syft", | ||
"version": "[not provided]" | ||
} | ||
], | ||
"component": { | ||
"bom-ref": "a0ff99a6af10f11f", | ||
"type": "file", | ||
"name": "go.mod", | ||
"version": "sha256:sha256:dc333f342905248a52e424d8dfd061251d01867d01a4f9d7397144a775ff9ebd" | ||
} | ||
}, | ||
"components": [ | ||
{ | ||
"bom-ref": "pkg:golang/github.com/wagoodman/[email protected]?package-id=2ff71a67fb024c86", | ||
"type": "library", | ||
"name": "github.com/wagoodman/go-partybus", | ||
"version": "v0.0.0-20230516145632-8ccac152c651", | ||
"cpe": "cpe:2.3:a:wagoodman:go-partybus:v0.0.0-20230516145632-8ccac152c651:*:*:*:*:*:*:*", | ||
"purl": "pkg:golang/github.com/wagoodman/[email protected]", | ||
"properties": [ | ||
{ | ||
"name": "syft:package:foundBy", | ||
"value": "go-module-file-cataloger" | ||
}, | ||
{ | ||
"name": "syft:package:language", | ||
"value": "go" | ||
}, | ||
{ | ||
"name": "syft:package:metadataType", | ||
"value": "GolangModMetadata" | ||
}, | ||
{ | ||
"name": "syft:package:type", | ||
"value": "go-module" | ||
}, | ||
{ | ||
"name": "syft:cpe23", | ||
"value": "cpe:2.3:a:wagoodman:go_partybus:v0.0.0-20230516145632-8ccac152c651:*:*:*:*:*:*:*" | ||
}, | ||
{ | ||
"name": "syft:location:0:path", | ||
"value": "/go.mod" | ||
} | ||
] | ||
} | ||
] | ||
} |
Oops, something went wrong.