Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CycloneDxReporter: Update CycloneDX Version to v1.4 #7165

Closed
mawl opened this issue Jun 21, 2023 · 4 comments
Closed

CycloneDxReporter: Update CycloneDX Version to v1.4 #7165

mawl opened this issue Jun 21, 2023 · 4 comments
Assignees
@sschuberth
Labels
enhancement Issues that are considered to be enhancements reporter About the reporter tool

Comments

@mawl
Copy link

mawl commented Jun 21, 2023

CycloneDX Version 1.4 was released 12 January 2022: https://cyclonedx.org/about/history/

Can you please update the version in

ort/plugins/reporters/cyclonedx/src/main/kotlin/CycloneDxReporter.kt

Line 63 in c5bae30

val DEFAULT_SCHEMA_VERSION = CycloneDxSchema.Version.VERSION_13

BTW: v1.4 is the first version supporting vulnerabilities: https://cyclonedx.org/docs/1.4/json/

Thanks :)
@mawl mawl changed the title Update CycloneDX Version to 1.4 CycloneDxReporter: Update CycloneDX Version to v1.4 Jun 21, 2023
@sschuberth
Copy link
Member

@mawl, are you aware that this is just the default schema version that can be overridden via the reporter-specific "schema.version" option? (I just realized that option is not documented for the class, I'll fix that.)

@sschuberth sschuberth added enhancement Issues that are considered to be enhancements reporter About the reporter tool labels Jun 21, 2023
@sschuberth sschuberth self-assigned this Jun 21, 2023
sschuberth added a commit that referenced this issue Jun 21, 2023
@sschuberth
feat(cyclonedx-reporter): Upgrade the default schema version to 1.4
deab6c1 
This resolves #7165 and helps with #4531 as vulnerabilities are part of
the core since version 1.4.

Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>
@sschuberth sschuberth mentioned this issue Jun 21, 2023
Closed
@mawl
Copy link
Author

mawl commented Jun 21, 2023

@sschuberth: you mean https://github.com/oss-review-toolkit/ort/blob/c79919dfe7a4a1e963973679982582a627112d6b/plugins/reporters/cyclonedx/src/main/kotlin/CycloneDxReporter.kt#LL67C19-L67C41 - Sounds good to me. Maybe you can also document output.file.formats as I have learned yesterday that you also support json output :)

@mawl
Copy link
Author

mawl commented Jun 21, 2023

--report-option CycloneDX=schema.version=1.4 works, thanks :)

@sschuberth
Copy link
Member

sschuberth commented Jun 21, 2023
edited
Loading

Maybe you can also document output.file.formats

It's already documented as part of the class docs 😉

And version 1.4 is now also the default.

@sschuberth sschuberth mentioned this issue May 30, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sschuberth sschuberth

Labels
enhancement Issues that are considered to be enhancements reporter About the reporter tool
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sschuberth @mawl