diff --git a/grype/presenter/cyclonedx/presenter.go b/grype/presenter/cyclonedx/presenter.go
index aa797690ffd..1069d9106a1 100644
--- a/grype/presenter/cyclonedx/presenter.go
+++ b/grype/presenter/cyclonedx/presenter.go
@@ -67,7 +67,7 @@ func (pres *Presenter) Present(output io.Writer) error {
}
vulns := make([]cyclonedx.Vulnerability, 0)
- for m := range pres.results.Enumerate() {
+ for _, m := range pres.results.Sorted() {
v, err := NewVulnerability(m, pres.metadataProvider)
if err != nil {
continue
diff --git a/grype/presenter/cyclonedx/presenter_test.go b/grype/presenter/cyclonedx/presenter_test.go
index b7012065ac4..bd45a9cc888 100644
--- a/grype/presenter/cyclonedx/presenter_test.go
+++ b/grype/presenter/cyclonedx/presenter_test.go
@@ -5,7 +5,7 @@ import (
"flag"
"testing"
- "github.com/sergi/go-diff/diffmatchpatch"
+ "github.com/stretchr/testify/require"
"github.com/anchore/go-testutils"
"github.com/anchore/grype/grype/presenter/models"
@@ -27,7 +27,7 @@ func TestCycloneDxPresenterImage(t *testing.T) {
SBOM: sbom,
}
- pres := NewXMLPresenter(pb)
+ pres := NewJSONPresenter(pb)
// run presenter
err := pres.Present(&buffer)
if err != nil {
@@ -45,12 +45,7 @@ func TestCycloneDxPresenterImage(t *testing.T) {
actual = models.Redact(actual)
expected = models.Redact(expected)
- if !bytes.Equal(expected, actual) {
- dmp := diffmatchpatch.New()
- diffs := dmp.DiffMain(string(expected), string(actual), true)
- t.Errorf("mismatched output:\n%s", dmp.DiffPrettyText(diffs))
- }
-
+ require.JSONEq(t, string(expected), string(actual))
}
func TestCycloneDxPresenterDir(t *testing.T) {
@@ -65,7 +60,7 @@ func TestCycloneDxPresenterDir(t *testing.T) {
SBOM: sbom,
}
- pres := NewXMLPresenter(pb)
+ pres := NewJSONPresenter(pb)
// run presenter
err := pres.Present(&buffer)
@@ -84,10 +79,5 @@ func TestCycloneDxPresenterDir(t *testing.T) {
actual = models.Redact(actual)
expected = models.Redact(expected)
- if !bytes.Equal(expected, actual) {
- dmp := diffmatchpatch.New()
- diffs := dmp.DiffMain(string(expected), string(actual), true)
- t.Errorf("mismatched output:\n%s", dmp.DiffPrettyText(diffs))
- }
-
+ require.JSONEq(t, string(expected), string(actual))
}
diff --git a/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenterDir.golden b/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenterDir.golden
index 7a0841a34d5..ef6d2fa1aee 100644
--- a/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenterDir.golden
+++ b/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenterDir.golden
@@ -1,85 +1,106 @@
-
-
-
- 2022-12-21T15:20:36-05:00
-
-
- anchore
- grype
- [not provided]
-
-
-
-
-
- package-1
- 1.1.1
- cpe:2.3:a:anchore:engine:0.9.2:*:*:python:*:*:*:*
-
- rpm
- /foo/bar/somefile-1.txt
-
-
-
- package-2
- 2.2.2
- cpe:2.3:a:anchore:engine:2.2.2:*:*:python:*:*:*:*
-
- deb
- /foo/bar/somefile-2.txt
-
-
-
-
-
- CVE-1999-0001
-
-
-
- CVE-1999-0001
-
-
-
-
-
- 4
- low
- CVSSv3
- another vector
-
-
- 1999-01 description
-
-
-
- [d0588608-3c1f-45d6-8eda-b158736b800f]
-
-
-
-
- CVE-1999-0002
-
-
-
- CVE-1999-0002
-
-
-
-
-
- 1
- critical
- CVSSv2
- vector
-
-
- 1999-02 description
-
-
-
- [a7ad0b6b-78f7-4bad-994a-5e1ff09aa706]
-
-
-
-
-
\ No newline at end of file
+{
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.4",
+ "serialNumber": "urn:uuid:5aeb2528-777d-488f-83f4-dfd8918643ee",
+ "version": 1,
+ "metadata": {
+ "timestamp": "2023-01-04T15:06:03-05:00",
+ "tools": [
+ {
+ "vendor": "anchore",
+ "name": "grype",
+ "version": "[not provided]"
+ }
+ ]
+ },
+ "components": [
+ {
+ "bom-ref": "76bd1479d016ce8f",
+ "type": "library",
+ "name": "package-1",
+ "version": "1.1.1",
+ "cpe": "cpe:2.3:a:anchore:engine:0.9.2:*:*:python:*:*:*:*",
+ "properties": [
+ {
+ "name": "syft:package:type",
+ "value": "rpm"
+ },
+ {
+ "name": "syft:location:0:path",
+ "value": "/foo/bar/somefile-1.txt"
+ }
+ ]
+ },
+ {
+ "bom-ref": "3199ef19b28ce437",
+ "type": "library",
+ "name": "package-2",
+ "version": "2.2.2",
+ "cpe": "cpe:2.3:a:anchore:engine:2.2.2:*:*:python:*:*:*:*",
+ "properties": [
+ {
+ "name": "syft:package:type",
+ "value": "deb"
+ },
+ {
+ "name": "syft:location:0:path",
+ "value": "/foo/bar/somefile-2.txt"
+ }
+ ]
+ }
+ ],
+ "vulnerabilities": [
+ {
+ "bom-ref": "urn:uuid:98a38cb7-bf11-41e5-8f55-02dfbe5c7839",
+ "id": "CVE-1999-0001",
+ "source": {},
+ "references": [
+ {
+ "id": "CVE-1999-0001",
+ "source": {}
+ }
+ ],
+ "ratings": [
+ {
+ "score": 4,
+ "severity": "low",
+ "method": "CVSSv3",
+ "vector": "another vector"
+ }
+ ],
+ "description": "1999-01 description",
+ "advisories": [],
+ "affects": [
+ {
+ "ref": "49c2f910-3c3c-4581-8237-c0dd8674b81a"
+ }
+ ]
+ },
+ {
+ "bom-ref": "urn:uuid:e5abab75-8ee4-4370-b1d6-7b67de1b958f",
+ "id": "CVE-1999-0002",
+ "source": {},
+ "references": [
+ {
+ "id": "CVE-1999-0002",
+ "source": {}
+ }
+ ],
+ "ratings": [
+ {
+ "score": 1,
+ "severity": "critical",
+ "method": "CVSSv2",
+ "vector": "vector"
+ }
+ ],
+ "description": "1999-02 description",
+ "advisories": [],
+ "affects": [
+ {
+ "ref": "c38c501d-e801-48b2-bd2f-2aac404fdb79"
+ }
+ ]
+ }
+ ]
+}
diff --git a/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenterImage.golden b/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenterImage.golden
index 6db9c214aca..2f956752af0 100644
--- a/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenterImage.golden
+++ b/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenterImage.golden
@@ -1,85 +1,106 @@
-
-
-
- 2022-12-21T15:20:36-05:00
-
-
- anchore
- grype
- [not provided]
-
-
-
-
-
- package-1
- 1.1.1
- cpe:2.3:a:anchore:engine:0.9.2:*:*:python:*:*:*:*
-
- rpm
- /foo/bar/somefile-1.txt
-
-
-
- package-2
- 2.2.2
- cpe:2.3:a:anchore:engine:2.2.2:*:*:python:*:*:*:*
-
- deb
- /foo/bar/somefile-2.txt
-
-
-
-
-
- CVE-1999-0001
-
-
-
- CVE-1999-0001
-
-
-
-
-
- 4
- low
- CVSSv3
- another vector
-
-
- 1999-01 description
-
-
-
- [51d86ac6-b069-4766-9a53-761d9f211c67]
-
-
-
-
- CVE-1999-0002
-
-
-
- CVE-1999-0002
-
-
-
-
-
- 1
- critical
- CVSSv2
- vector
-
-
- 1999-02 description
-
-
-
- [cc724e1f-8bb6-4e14-be16-97ff7ae4d1e9]
-
-
-
-
-
\ No newline at end of file
+{
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.4",
+ "serialNumber": "urn:uuid:5673e440-02f0-4b92-ada8-f0097fff76c8",
+ "version": 1,
+ "metadata": {
+ "timestamp": "2023-01-04T15:06:03-05:00",
+ "tools": [
+ {
+ "vendor": "anchore",
+ "name": "grype",
+ "version": "[not provided]"
+ }
+ ]
+ },
+ "components": [
+ {
+ "bom-ref": "76bd1479d016ce8f",
+ "type": "library",
+ "name": "package-1",
+ "version": "1.1.1",
+ "cpe": "cpe:2.3:a:anchore:engine:0.9.2:*:*:python:*:*:*:*",
+ "properties": [
+ {
+ "name": "syft:package:type",
+ "value": "rpm"
+ },
+ {
+ "name": "syft:location:0:path",
+ "value": "/foo/bar/somefile-1.txt"
+ }
+ ]
+ },
+ {
+ "bom-ref": "3199ef19b28ce437",
+ "type": "library",
+ "name": "package-2",
+ "version": "2.2.2",
+ "cpe": "cpe:2.3:a:anchore:engine:2.2.2:*:*:python:*:*:*:*",
+ "properties": [
+ {
+ "name": "syft:package:type",
+ "value": "deb"
+ },
+ {
+ "name": "syft:location:0:path",
+ "value": "/foo/bar/somefile-2.txt"
+ }
+ ]
+ }
+ ],
+ "vulnerabilities": [
+ {
+ "bom-ref": "urn:uuid:8598528d-a042-41ad-9485-3b0e15a43e02",
+ "id": "CVE-1999-0001",
+ "source": {},
+ "references": [
+ {
+ "id": "CVE-1999-0001",
+ "source": {}
+ }
+ ],
+ "ratings": [
+ {
+ "score": 4,
+ "severity": "low",
+ "method": "CVSSv3",
+ "vector": "another vector"
+ }
+ ],
+ "description": "1999-01 description",
+ "advisories": [],
+ "affects": [
+ {
+ "ref": "bdedfd95-ff05-44d1-82cc-b4eb0cac486f"
+ }
+ ]
+ },
+ {
+ "bom-ref": "urn:uuid:b92e6bdd-4720-4f74-a14b-56ec04027b62",
+ "id": "CVE-1999-0002",
+ "source": {},
+ "references": [
+ {
+ "id": "CVE-1999-0002",
+ "source": {}
+ }
+ ],
+ "ratings": [
+ {
+ "score": 1,
+ "severity": "critical",
+ "method": "CVSSv2",
+ "vector": "vector"
+ }
+ ],
+ "description": "1999-02 description",
+ "advisories": [],
+ "affects": [
+ {
+ "ref": "cdb88b69-4f37-444f-9de8-f66458d90f80"
+ }
+ ]
+ }
+ ]
+}