Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Import SBOM in CycloneDX 1.5 format #1056

Closed
DennisClark opened this issue Jan 19, 2024 · 2 comments
Closed

Import SBOM in CycloneDX 1.5 format #1056

DennisClark opened this issue Jan 19, 2024 · 2 comments
Assignees
@tdruez
Labels
enhancement New feature or request high priority Top Priority (Max 3 per Release) Focus for a release
Milestone
v34.0.0

Comments

@DennisClark
Copy link
Member

See related issue #807
to generate an SBOM in CycloneDX 1.5 format

Usage of the CycloneDX 1.5 format is spreading and we need to be able to support importing an SBOM with that specification version.

@tdruez I can provide you with test data when you are ready.

Per @mjherzog this enhancement is a high priority.
@DennisClark DennisClark added enhancement New feature or request high priority labels Jan 19, 2024
@DennisClark DennisClark added the Top Priority (Max 3 per Release) Focus for a release label Jan 19, 2024
@DennisClark DennisClark added this to the v34.0.0 milestone Jan 19, 2024
@DennisClark
Copy link
Member Author

this should be helpful
https://owasp.org/blog/2023/06/23/CycloneDX-v1.5

tdruez added a commit that referenced this issue Jan 25, 2024
@tdruez
Migrate the cyclonedx resolve to native app for 1.5 support #1056
04b49df 
Signed-off-by: tdruez <tdruez@nexb.com>
tdruez added a commit that referenced this issue Jan 25, 2024
@tdruez
Refine the code and unit tests #1056
7c478b8 
Signed-off-by: tdruez <tdruez@nexb.com>
tdruez added a commit that referenced this issue Jan 25, 2024
@tdruez
Refine the license related code and unit tests #1056
0101a3b 
Signed-off-by: tdruez <tdruez@nexb.com>
tdruez added a commit that referenced this issue Feb 11, 2024
@tdruez
Refine unit test #1056
763864c 
Signed-off-by: tdruez <tdruez@nexb.com>
tdruez added a commit that referenced this issue Mar 7, 2024
@tdruez
Refactor get_components to use function from the library #1056
3e43863 
Signed-off-by: tdruez <tdruez@nexb.com>
tdruez added a commit that referenced this issue Mar 7, 2024
@tdruez
Add nestedComponents in package data #1056
64fb2d5 
Signed-off-by: tdruez <tdruez@nexb.com>
tdruez added a commit that referenced this issue Mar 7, 2024
@tdruez
Add test to make sure CycloneDX 1.2 to 1.5 are supported #1056
29d0b98 
Signed-off-by: tdruez <tdruez@nexb.com>
@DennisClark
Copy link
Member Author

@tdruez using some of the SBOMs in my archives, I successfully imported cdx 1.2 and 1.4 formats.

tdruez added a commit that referenced this issue Mar 7, 2024
@tdruez
Migrate the cyclonedx resolve to native app for 1.5 support #1056 (#1086
f42522b 
)

Signed-off-by: tdruez <tdruez@nexb.com>
@tdruez tdruez closed this as completed Mar 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tdruez tdruez

Labels
enhancement New feature or request high priority Top Priority (Max 3 per Release) Focus for a release
Projects
None yet
Milestone
v34.0.0
Development

No branches or pull requests
2 participants
@tdruez @DennisClark