Skip to content

Commit

Permalink
fix(sbom): move licenses to name field in Cyclonedx format (aquasec…
Browse files Browse the repository at this point in the history 
…urity#4941)

* use license.Name instead of Expression

* update tests
  • Loading branch information
@DmitriyLewen
DmitriyLewen committed Aug 6, 2023
1 parent a796701 commit f18b0db
Show file tree
Hide file tree
Showing 3 changed files with 55 additions and 29 deletions.
55 changes: 31 additions & 24 deletions integration/testdata/conda-cyclonedx.json.golden
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
{
"$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"serialNumber": "urn:uuid:e1f49b6f-018f-4bf3-97c8-85cd92a82c7c",
"serialNumber": "urn:uuid:e7d2faf4-1d5f-4cd7-a792-8b9b5f6fe2d7",
"version": 1,
"metadata": {
"timestamp": "2023-05-19T10:38:39+00:00",
"timestamp": "2023-08-04T05:57:22+00:00",
"tools": [
{
"vendor": "aquasecurity",
Expand All @@ -13,7 +14,7 @@
}
],
"component": {
"bom-ref": "cd0ebb00-5c53-4b82-a3f7-271add663c51",
"bom-ref": "a80bd6fc-91e4-4e42-9941-eafc2423d031",
"type": "application",
"name": "testdata/fixtures/repo/conda",
"properties": [
Expand All @@ -26,63 +27,69 @@
},
"components": [
{
"bom-ref": "pkg:conda/pip@22.2.2?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fpip-22.2.2-py38h06a4308_0.json",
"bom-ref": "pkg:conda/openssl@1.1.1q?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fopenssl-1.1.1q-h7f8727e_0.json",
"type": "library",
"name": "pip",
"version": "22.2.2",
"name": "openssl",
"version": "1.1.1q",
"licenses": [
{
"expression": "MIT"
"license": {
"name": "OpenSSL"
}
}
],
"purl": "pkg:conda/pip@22.2.2",
"purl": "pkg:conda/openssl@1.1.1q",
"properties": [
{
"name": "aquasecurity:trivy:PkgType",
"value": "conda-pkg"
"name": "aquasecurity:trivy:FilePath",
"value": "miniconda3/envs/testenv/conda-meta/openssl-1.1.1q-h7f8727e_0.json"
},
{
"name": "aquasecurity:trivy:FilePath",
"value": "miniconda3/envs/testenv/conda-meta/pip-22.2.2-py38h06a4308_0.json"
"name": "aquasecurity:trivy:PkgType",
"value": "conda-pkg"
}
]
},
{
"bom-ref": "pkg:conda/openssl@1.1.1q?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fopenssl-1.1.1q-h7f8727e_0.json",
"bom-ref": "pkg:conda/pip@22.2.2?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fpip-22.2.2-py38h06a4308_0.json",
"type": "library",
"name": "openssl",
"version": "1.1.1q",
"name": "pip",
"version": "22.2.2",
"licenses": [
{
"expression": "OpenSSL"
"license": {
"name": "MIT"
}
}
],
"purl": "pkg:conda/openssl@1.1.1q",
"purl": "pkg:conda/pip@22.2.2",
"properties": [
{
"name": "aquasecurity:trivy:PkgType",
"value": "conda-pkg"
"name": "aquasecurity:trivy:FilePath",
"value": "miniconda3/envs/testenv/conda-meta/pip-22.2.2-py38h06a4308_0.json"
},
{
"name": "aquasecurity:trivy:FilePath",
"value": "miniconda3/envs/testenv/conda-meta/openssl-1.1.1q-h7f8727e_0.json"
"name": "aquasecurity:trivy:PkgType",
"value": "conda-pkg"
}
]
}
],
"dependencies": [
{
"ref": "cd0ebb00-5c53-4b82-a3f7-271add663c51",
"ref": "a80bd6fc-91e4-4e42-9941-eafc2423d031",
"dependsOn": [
"pkg:conda/openssl@1.1.1q?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fopenssl-1.1.1q-h7f8727e_0.json",
"pkg:conda/pip@22.2.2?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fpip-22.2.2-py38h06a4308_0.json"
]
},
{
"ref": "pkg:conda/openssl@1.1.1q?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fopenssl-1.1.1q-h7f8727e_0.json"
"ref": "pkg:conda/openssl@1.1.1q?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fopenssl-1.1.1q-h7f8727e_0.json",
"dependsOn": []
},
{
"ref": "pkg:conda/pip@22.2.2?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fpip-22.2.2-py38h06a4308_0.json"
"ref": "pkg:conda/pip@22.2.2?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fpip-22.2.2-py38h06a4308_0.json",
"dependsOn": []
}
],
"vulnerabilities": []
Expand Down
5 changes: 4 additions & 1 deletion pkg/sbom/cyclonedx/core/cyclonedx.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -304,7 +304,10 @@ func (c *CycloneDX) Licenses(licenses []string) *cdx.Licenses {
return nil
}
choices := lo.Map(licenses, func(license string, i int) cdx.LicenseChoice {
return cdx.LicenseChoice{Expression: license}
return cdx.LicenseChoice{
License: &cdx.License{
Name: license},
}
})
return lo.ToPtr(cdx.Licenses(choices))
}
Expand Down
24 changes: 20 additions & 4 deletions pkg/sbom/cyclonedx/marshal_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -381,7 +381,11 @@ func TestMarshaler_Marshal(t *testing.T) {
Name: "binutils",
Version: "2.30-93.el8",
Licenses: &cdx.Licenses{
cdx.LicenseChoice{Expression: "GPLv3+"},
cdx.LicenseChoice{
License: &cdx.License{
Name: "GPLv3+",
},
},
},
PackageURL: "pkg:rpm/centos/binutils@2.30-93.el8?arch=aarch64&distro=centos-8.3.2011",
Supplier: &cdx.OrganizationalEntity{
Expand Down Expand Up @@ -840,7 +844,11 @@ func TestMarshaler_Marshal(t *testing.T) {
Name: "acl",
Version: "2.2.53-1.el8",
Licenses: &cdx.Licenses{
cdx.LicenseChoice{Expression: "GPLv2+"},
cdx.LicenseChoice{
License: &cdx.License{
Name: "GPLv2+",
},
},
},
PackageURL: "pkg:rpm/centos/acl@2.2.53-1.el8?arch=aarch64&epoch=1&distro=centos-8.3.2011",
Properties: &[]cdx.Property{
Expand Down Expand Up @@ -882,7 +890,11 @@ func TestMarshaler_Marshal(t *testing.T) {
Name: "glibc",
Version: "2.28-151.el8",
Licenses: &cdx.Licenses{
cdx.LicenseChoice{Expression: "GPLv2+"},
cdx.LicenseChoice{
License: &cdx.License{
Name: "GPLv2+",
},
},
},
PackageURL: "pkg:rpm/centos/glibc@2.28-151.el8?arch=aarch64&distro=centos-8.3.2011",
Properties: &[]cdx.Property{
Expand Down Expand Up @@ -1484,7 +1496,11 @@ func TestMarshaler_Marshal(t *testing.T) {
Version: "0.20.1",
PackageURL: "pkg:npm/ruby-typeprof@0.20.1",
Licenses: &cdx.Licenses{
cdx.LicenseChoice{Expression: "MIT"},
cdx.LicenseChoice{
License: &cdx.License{
Name: "MIT",
},
},
},
Properties: &[]cdx.Property{
{
Expand Down

0 comments on commit f18b0db

Please sign in to comment.