From f47b79a62b3bc158de51e309f29fa5acad9c7bf3 Mon Sep 17 00:00:00 2001 From: Paul Hewlett Date: Wed, 5 Jan 2022 12:00:22 +0000 Subject: [PATCH] CycloneDX 1.3 Problem: Script and SBOM service endpoint must both use CDX 1.3 Solution: Change to schema 1.3 and ensure that correct version of syft is installed. Signed-off-by: Paul Hewlett --- scripts/cyclonedx-wrapper.xsd | 2 +- scripts/sbom_scraper.sh | 21 ++++++++++++++++++--- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/scripts/cyclonedx-wrapper.xsd b/scripts/cyclonedx-wrapper.xsd index ab0ceba..90b4cf0 100644 --- a/scripts/cyclonedx-wrapper.xsd +++ b/scripts/cyclonedx-wrapper.xsd @@ -1,5 +1,5 @@ - + diff --git a/scripts/sbom_scraper.sh b/scripts/sbom_scraper.sh index 57f5230..b374d65 100755 --- a/scripts/sbom_scraper.sh +++ b/scripts/sbom_scraper.sh @@ -30,6 +30,21 @@ do fi done +SYFT_VERSION=$(syft version | grep '^Version' | tr -s ' ' | cut -d' ' -f2) +compare_version() { + local x=$1 + first=${x%%.*} # Delete first dot and what follows. + last=${x##*.} # Delete up to last dot. + mid=${x##"$first".} # Delete first number and dot. + mid=${mid%%."$last"} # Delete dot and last number. + if [ "$mid" -lt 34 ] + then + echo >&2 "syft must be at least version 0.34.0" + exit 10 + fi +} +compare_version "${SYFT_VERSION}" + set -e set -u @@ -68,7 +83,7 @@ URL=https://app.rkvst.io usage() { cat >&2 <