diff --git a/internal/gomod/module.go b/internal/gomod/module.go
index dab7104c..c634e497 100644
--- a/internal/gomod/module.go
+++ b/internal/gomod/module.go
@@ -22,14 +22,14 @@ import (
"encoding/json"
"errors"
"fmt"
- "io"
- "path/filepath"
- "strings"
-
"github.com/rs/zerolog"
"golang.org/x/exp/slices"
"golang.org/x/mod/semver"
"golang.org/x/mod/sumdb/dirhash"
+ "io"
+ "path/filepath"
+ "strings"
+ "sync"
"github.com/CycloneDX/cyclonedx-gomod/internal/gocmd"
"github.com/CycloneDX/cyclonedx-gomod/internal/util"
@@ -69,10 +69,23 @@ func (m Module) Hash() (string, error) {
return h1, nil
}
-func (m Module) PackageURL() string {
+func (m Module) BOMRef() string {
return fmt.Sprintf("pkg:golang/%s?type=module", m.Coordinates())
}
+var (
+ envOnce sync.Once
+ envMap map[string]string
+)
+
+func (m Module) PackageURL() string {
+ envOnce.Do(func() {
+ envMap, _ = gocmd.GetEnv(zerolog.Nop())
+ })
+
+ return fmt.Sprintf("pkg:golang/%s?type=module&goos=%s&goarch=%s", m.Coordinates(), envMap["GOOS"], envMap["GOARCH"])
+}
+
// IsModule determines whether dir is a Go module.
func IsModule(dir string) bool {
return util.FileExists(filepath.Join(dir, "go.mod"))
diff --git a/internal/gomod/module_test.go b/internal/gomod/module_test.go
index d7ee41e1..758129c5 100644
--- a/internal/gomod/module_test.go
+++ b/internal/gomod/module_test.go
@@ -19,13 +19,17 @@ package gomod
import (
"bytes"
+
"os/exec"
"path/filepath"
"strings"
"testing"
+ "github.com/rs/zerolog"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
+
+ "github.com/CycloneDX/cyclonedx-gomod/internal/gocmd"
)
func TestModule_Coordinates(t *testing.T) {
@@ -66,13 +70,28 @@ func TestModule_Hash(t *testing.T) {
require.Equal(t, "h1:qJYtXnJRWmpe7m/3XlyhrsLrEURqHRM2kxzoxXqyUDs=", hash)
}
-func TestModule_PackageURL(t *testing.T) {
+func TestModule_BOMRef(t *testing.T) {
+
module := Module{
Path: "github.com/CycloneDX/cyclonedx-go",
Version: "v0.1.0",
}
+ assert.Equal(t, "pkg:golang/github.com/CycloneDX/cyclonedx-go@v0.1.0?type=module", module.BOMRef())
+}
- assert.Equal(t, "pkg:golang/github.com/CycloneDX/cyclonedx-go@v0.1.0?type=module", module.PackageURL())
+func TestModule_PackageURL(t *testing.T) {
+ // To get value from "go env -json", cannot just use t.GetEnv() might return ""
+ envMap, _ = gocmd.GetEnv(zerolog.Nop())
+ goos := envMap["GOOS"]
+ goarch := envMap["GOARCH"]
+
+ module := Module{
+ Path: "github.com/CycloneDX/cyclonedx-go",
+ Version: "v0.1.0",
+ }
+ assert.Equal(t, "linux", goos)
+ assert.Equal(t, "amd64", goarch)
+ assert.Equal(t, "pkg:golang/github.com/CycloneDX/cyclonedx-go@v0.1.0?type=module&goos="+goos+"&goarch="+goarch, module.PackageURL())
}
func TestIsModule(t *testing.T) {
diff --git a/internal/sbom/convert/module/module.go b/internal/sbom/convert/module/module.go
index a0e23cd2..ee774de7 100644
--- a/internal/sbom/convert/module/module.go
+++ b/internal/sbom/convert/module/module.go
@@ -180,7 +180,7 @@ func ToComponent(logger zerolog.Logger, module gomod.Module, options ...Option)
Msg("converting module to component")
component := cdx.Component{
- BOMRef: module.PackageURL(),
+ BOMRef: module.BOMRef(),
Type: cdx.ComponentTypeLibrary,
Name: module.Path,
Version: module.Version,
diff --git a/internal/sbom/convert/module/module_test.go b/internal/sbom/convert/module/module_test.go
index 1ce6e223..ac459c2d 100644
--- a/internal/sbom/convert/module/module_test.go
+++ b/internal/sbom/convert/module/module_test.go
@@ -29,6 +29,7 @@ import (
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
+ "github.com/CycloneDX/cyclonedx-gomod/internal/gocmd"
"github.com/CycloneDX/cyclonedx-gomod/internal/gomod"
)
@@ -179,6 +180,11 @@ func TestWithTestScope(t *testing.T) {
}
func TestToComponent(t *testing.T) {
+ // To get value from "go env -json", cannot just use t.GetEnv() might return ""
+ envMap, _ := gocmd.GetEnv(zerolog.Nop())
+ goos := envMap["GOOS"]
+ goarch := envMap["GOARCH"]
+
t.Run("Success", func(t *testing.T) {
module := gomod.Module{
Path: "path",
@@ -193,7 +199,7 @@ func TestToComponent(t *testing.T) {
require.Equal(t, cdx.ComponentTypeLibrary, component.Type)
require.Equal(t, "path", component.Name)
require.Equal(t, "version", component.Version)
- require.Equal(t, "pkg:golang/path@version?type=module", component.PackageURL)
+ require.Equal(t, "pkg:golang/path@version?type=module&goos="+goos+"&goarch="+goarch, component.PackageURL)
require.Equal(t, cdx.ScopeRequired, component.Scope)
})
@@ -212,7 +218,7 @@ func TestToComponent(t *testing.T) {
require.Equal(t, cdx.ComponentTypeLibrary, component.Type)
require.Equal(t, "path", component.Name)
require.Equal(t, "version", component.Version)
- require.Equal(t, "pkg:golang/path@version?type=module", component.PackageURL)
+ require.Equal(t, "pkg:golang/path@version?type=module&goos="+goos+"&goarch="+goarch, component.PackageURL)
require.Equal(t, cdx.ScopeOptional, component.Scope)
})
@@ -234,7 +240,7 @@ func TestToComponent(t *testing.T) {
require.Equal(t, cdx.ComponentTypeLibrary, component.Type)
require.Equal(t, "pathReplace", component.Name)
require.Equal(t, "versionReplace", component.Version)
- require.Equal(t, "pkg:golang/pathReplace@versionReplace?type=module", component.PackageURL)
+ require.Equal(t, "pkg:golang/pathReplace@versionReplace?type=module&goos="+goos+"&goarch="+goarch, component.PackageURL)
require.Equal(t, cdx.ScopeRequired, component.Scope)
})
diff --git a/internal/sbom/sbom.go b/internal/sbom/sbom.go
index c31ab7e5..1d31d724 100644
--- a/internal/sbom/sbom.go
+++ b/internal/sbom/sbom.go
@@ -82,15 +82,15 @@ func BuildDependencyGraph(modules []gomod.Module) []cdx.Dependency {
if module.Replace != nil {
module = *module.Replace
}
- cdxDependant := cdx.Dependency{Ref: module.PackageURL()}
+ cdxDependant := cdx.Dependency{Ref: module.BOMRef()}
if module.Dependencies != nil {
cdxDependencies := make([]string, len(module.Dependencies))
for i := range module.Dependencies {
if module.Dependencies[i].Replace != nil {
- cdxDependencies[i] = module.Dependencies[i].Replace.PackageURL()
+ cdxDependencies[i] = module.Dependencies[i].Replace.BOMRef()
} else {
- cdxDependencies[i] = module.Dependencies[i].PackageURL()
+ cdxDependencies[i] = module.Dependencies[i].BOMRef()
}
}
if len(cdxDependencies) > 0 {
diff --git a/internal/testutil/testutil.go b/internal/testutil/testutil.go
index 80c65e95..17b43aff 100644
--- a/internal/testutil/testutil.go
+++ b/internal/testutil/testutil.go
@@ -77,9 +77,10 @@ func RequireMatchingPropertyToBeRedacted(t *testing.T, properties []cdx.Property
// If files are expected, their correlating components will be removed and replaced by an empty slice.
func RequireStdlibComponentToBeRedacted(t *testing.T, bom *cdx.BOM, expectPackages, expectFiles bool) {
var (
- version string
- oldPURL string
- newPURL string
+ version string
+ oldBOMRef string
+ newBOMRef string
+ newPURL string
)
for i, component := range *bom.Components {
@@ -87,11 +88,12 @@ func RequireStdlibComponentToBeRedacted(t *testing.T, bom *cdx.BOM, expectPackag
require.Regexp(t, `^go1\.`, component.Version)
version = component.Version
- oldPURL = component.PackageURL
+ oldBOMRef = component.BOMRef
+ newBOMRef = strings.ReplaceAll((*bom.Components)[i].BOMRef, version, Redacted)
newPURL = strings.ReplaceAll((*bom.Components)[i].PackageURL, version, Redacted)
(*bom.Components)[i].Version = Redacted
- (*bom.Components)[i].BOMRef = newPURL
+ (*bom.Components)[i].BOMRef = newBOMRef
(*bom.Components)[i].PackageURL = newPURL
// Redact all packages and files, as they may differ from one go version to another.
@@ -110,21 +112,20 @@ func RequireStdlibComponentToBeRedacted(t *testing.T, bom *cdx.BOM, expectPackag
} else if expectPackages {
t.Fatalf("stdlib is missing packages")
}
-
break
}
}
- if newPURL == "" {
+ if newPURL == "" && newBOMRef == "" {
t.Fatalf("stdlib component not found")
}
for i, dependency := range *bom.Dependencies {
- if dependency.Ref == oldPURL { // Dependant
- (*bom.Dependencies)[i].Ref = newPURL
+ if dependency.Ref == oldBOMRef { // Dependant
+ (*bom.Dependencies)[i].Ref = newBOMRef
} else if dependency.Dependencies != nil { // Dependencies
for j, dependency2 := range *(*bom.Dependencies)[i].Dependencies {
- if dependency2 == oldPURL {
- (*(*bom.Dependencies)[i].Dependencies)[j] = newPURL
+ if dependency2 == oldBOMRef {
+ (*(*bom.Dependencies)[i].Dependencies)[j] = newBOMRef
}
}
}
diff --git a/pkg/generate/app/generator.go b/pkg/generate/app/generator.go
index a0f0eaca..7954fdbf 100644
--- a/pkg/generate/app/generator.go
+++ b/pkg/generate/app/generator.go
@@ -232,19 +232,24 @@ func (g generator) includeAppPathInMainComponentPURL(bom *cdx.BOM) error {
oldPURL := bom.Metadata.Component.PackageURL
newPURL := oldPURL + "#" + filepath.ToSlash(mainDirRel)
+ oldBOMRef := bom.Metadata.Component.BOMRef
+ newBOMRef := oldBOMRef + "#" + filepath.ToSlash(mainDirRel)
+
g.logger.Debug().
- Str("old", oldPURL).
- Str("new", newPURL).
+ Str("oldpurl", oldPURL).
+ Str("newpurl", newPURL).
+ Str("oldbomref", oldBOMRef).
+ Str("newbomref", newBOMRef).
Msg("updating purl of main component")
- // Update PURL of main component
- bom.Metadata.Component.BOMRef = newPURL
+ // Update BOMRef and PURL of main component
+ bom.Metadata.Component.BOMRef = newBOMRef
bom.Metadata.Component.PackageURL = newPURL
- // Update PURL in dependency graph
+ // Update PURL in dependency graph (without GOOS and GOARCH)
for i, dep := range *bom.Dependencies {
- if dep.Ref == oldPURL {
- (*bom.Dependencies)[i].Ref = newPURL
+ if dep.Ref == oldBOMRef {
+ (*bom.Dependencies)[i].Ref = newBOMRef
break
}
}
diff --git a/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-Simple b/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-Simple
index 36bf5838..2e121478 100644
--- a/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-Simple
+++ b/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-Simple
@@ -4,7 +4,7 @@
testmod-simple
v0.0.0-20210716183230-c7ea7c975ab8
- pkg:golang/testmod-simple@v0.0.0-20210716183230-c7ea7c975ab8?type=module
+ pkg:golang/testmod-simple@v0.0.0-20210716183230-c7ea7c975ab8?type=module&goos=linux&goarch=amd64
REDACTED
REDACTED
@@ -21,7 +21,7 @@
a8962d5e72515a6a5eee6ff75e5ca1aec2eb11446a1d1336931ce8c57ab2503b
- pkg:golang/github.com/google/uuid@v1.2.0?type=module
+ pkg:golang/github.com/google/uuid@v1.2.0?type=module&goos=linux&goarch=amd64
https://github.com/google/uuid
@@ -39,7 +39,7 @@
std
REDACTED
required
- pkg:golang/std@REDACTED?type=module
+ pkg:golang/std@REDACTED?type=module&goos=linux&goarch=amd64
diff --git a/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-SimpleMultiCommandPURL b/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-SimpleMultiCommandPURL
index 9e5e2a80..f809b6d0 100644
--- a/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-SimpleMultiCommandPURL
+++ b/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-SimpleMultiCommandPURL
@@ -4,7 +4,7 @@
testmod-simple
v0.0.0-20210901192510-dc2d14d2351d
- pkg:golang/testmod-simple@v0.0.0-20210901192510-dc2d14d2351d?type=module#cmd/purl
+ pkg:golang/testmod-simple@v0.0.0-20210901192510-dc2d14d2351d?type=module&goos=linux&goarch=amd64#cmd/purl
REDACTED
REDACTED
@@ -21,7 +21,7 @@
79f58173df0efdd059460d69c36c620f3a2f9e532309af4d3e77da88176e87c2
- pkg:golang/github.com/package-url/packageurl-go@v0.1.0?type=module
+ pkg:golang/github.com/package-url/packageurl-go@v0.1.0?type=module&goos=linux&goarch=amd64
https://github.com/package-url/packageurl-go
@@ -32,7 +32,7 @@
std
REDACTED
required
- pkg:golang/std@REDACTED?type=module
+ pkg:golang/std@REDACTED?type=module&goos=linux&goarch=amd64
diff --git a/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-SimpleMultiCommandUUID b/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-SimpleMultiCommandUUID
index a34abea8..5a3064fe 100644
--- a/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-SimpleMultiCommandUUID
+++ b/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-SimpleMultiCommandUUID
@@ -4,7 +4,7 @@
testmod-simple
v0.0.0-20210901192510-dc2d14d2351d
- pkg:golang/testmod-simple@v0.0.0-20210901192510-dc2d14d2351d?type=module#cmd/uuid
+ pkg:golang/testmod-simple@v0.0.0-20210901192510-dc2d14d2351d?type=module&goos=linux&goarch=amd64#cmd/uuid
REDACTED
REDACTED
@@ -21,7 +21,7 @@
a8962d5e72515a6a5eee6ff75e5ca1aec2eb11446a1d1336931ce8c57ab2503b
- pkg:golang/github.com/google/uuid@v1.2.0?type=module
+ pkg:golang/github.com/google/uuid@v1.2.0?type=module&goos=linux&goarch=amd64
https://github.com/google/uuid
@@ -39,7 +39,7 @@
std
REDACTED
required
- pkg:golang/std@REDACTED?type=module
+ pkg:golang/std@REDACTED?type=module&goos=linux&goarch=amd64
diff --git a/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-SimpleVendor b/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-SimpleVendor
index e320badf..8a8b0fcf 100644
--- a/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-SimpleVendor
+++ b/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-SimpleVendor
@@ -4,7 +4,7 @@
testmod-vendored
v0.0.0-20210716185931-5c9f3d791930
- pkg:golang/testmod-vendored@v0.0.0-20210716185931-5c9f3d791930?type=module
+ pkg:golang/testmod-vendored@v0.0.0-20210716185931-5c9f3d791930?type=module&goos=linux&goarch=amd64
REDACTED
REDACTED
@@ -18,7 +18,7 @@
github.com/google/uuid
v1.2.0
required
- pkg:golang/github.com/google/uuid@v1.2.0?type=module
+ pkg:golang/github.com/google/uuid@v1.2.0?type=module&goos=linux&goarch=amd64
https://github.com/google/uuid
@@ -36,7 +36,7 @@
std
REDACTED
required
- pkg:golang/std@REDACTED?type=module
+ pkg:golang/std@REDACTED?type=module&goos=linux&goarch=amd64
diff --git a/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-SimpleVendorWithFiles b/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-SimpleVendorWithFiles
index 5143a4b9..f3d98563 100644
--- a/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-SimpleVendorWithFiles
+++ b/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-SimpleVendorWithFiles
@@ -4,7 +4,7 @@
testmod-vendored
v0.0.0-20210716185931-5c9f3d791930
- pkg:golang/testmod-vendored@v0.0.0-20210716185931-5c9f3d791930?type=module
+ pkg:golang/testmod-vendored@v0.0.0-20210716185931-5c9f3d791930?type=module&goos=linux&goarch=amd64
REDACTED
REDACTED
@@ -39,7 +39,7 @@
github.com/google/uuid
v1.2.0
required
- pkg:golang/github.com/google/uuid@v1.2.0?type=module
+ pkg:golang/github.com/google/uuid@v1.2.0?type=module&goos=linux&goarch=amd64
https://github.com/google/uuid
@@ -210,7 +210,7 @@
std
REDACTED
required
- pkg:golang/std@REDACTED?type=module
+ pkg:golang/std@REDACTED?type=module&goos=linux&goarch=amd64
diff --git a/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-SimpleVendorWithPackages b/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-SimpleVendorWithPackages
index 4050adea..fac27db3 100644
--- a/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-SimpleVendorWithPackages
+++ b/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-SimpleVendorWithPackages
@@ -4,7 +4,7 @@
testmod-vendored
v0.0.0-20210716185931-5c9f3d791930
- pkg:golang/testmod-vendored@v0.0.0-20210716185931-5c9f3d791930?type=module
+ pkg:golang/testmod-vendored@v0.0.0-20210716185931-5c9f3d791930?type=module&goos=linux&goarch=amd64
REDACTED
REDACTED
@@ -25,7 +25,7 @@
github.com/google/uuid
v1.2.0
required
- pkg:golang/github.com/google/uuid@v1.2.0?type=module
+ pkg:golang/github.com/google/uuid@v1.2.0?type=module&goos=linux&goarch=amd64
https://github.com/google/uuid
@@ -50,7 +50,7 @@
std
REDACTED
required
- pkg:golang/std@REDACTED?type=module
+ pkg:golang/std@REDACTED?type=module&goos=linux&goarch=amd64
diff --git a/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-SimpleWithFiles b/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-SimpleWithFiles
index 6cfafa11..581544d4 100644
--- a/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-SimpleWithFiles
+++ b/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-SimpleWithFiles
@@ -4,7 +4,7 @@
testmod-simple
v0.0.0-20210716183230-c7ea7c975ab8
- pkg:golang/testmod-simple@v0.0.0-20210716183230-c7ea7c975ab8?type=module
+ pkg:golang/testmod-simple@v0.0.0-20210716183230-c7ea7c975ab8?type=module&goos=linux&goarch=amd64
REDACTED
REDACTED
@@ -42,7 +42,7 @@
a8962d5e72515a6a5eee6ff75e5ca1aec2eb11446a1d1336931ce8c57ab2503b
- pkg:golang/github.com/google/uuid@v1.2.0?type=module
+ pkg:golang/github.com/google/uuid@v1.2.0?type=module&goos=linux&goarch=amd64
https://github.com/google/uuid
@@ -213,7 +213,7 @@
std
REDACTED
required
- pkg:golang/std@REDACTED?type=module
+ pkg:golang/std@REDACTED?type=module&goos=linux&goarch=amd64
diff --git a/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-SimpleWithPackages b/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-SimpleWithPackages
index 22e1f76d..3f142761 100644
--- a/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-SimpleWithPackages
+++ b/pkg/generate/app/testdata/snapshots/TestGenerator_Generate-SimpleWithPackages
@@ -4,7 +4,7 @@
testmod-simple
v0.0.0-20210716183230-c7ea7c975ab8
- pkg:golang/testmod-simple@v0.0.0-20210716183230-c7ea7c975ab8?type=module
+ pkg:golang/testmod-simple@v0.0.0-20210716183230-c7ea7c975ab8?type=module&goos=linux&goarch=amd64
REDACTED
REDACTED
@@ -28,7 +28,7 @@
a8962d5e72515a6a5eee6ff75e5ca1aec2eb11446a1d1336931ce8c57ab2503b
- pkg:golang/github.com/google/uuid@v1.2.0?type=module
+ pkg:golang/github.com/google/uuid@v1.2.0?type=module&goos=linux&goarch=amd64
https://github.com/google/uuid
@@ -53,7 +53,7 @@
std
REDACTED
required
- pkg:golang/std@REDACTED?type=module
+ pkg:golang/std@REDACTED?type=module&goos=linux&goarch=amd64
diff --git a/pkg/generate/bin/generator.go b/pkg/generate/bin/generator.go
index fd66a0d9..d5f38ae0 100644
--- a/pkg/generate/bin/generator.go
+++ b/pkg/generate/bin/generator.go
@@ -302,17 +302,19 @@ func (g generator) includeAppPathInMainComponentPURL(bi *gomod.BuildInfo, bom *c
subpath = strings.TrimPrefix(subpath, "/")
oldPURL := bom.Metadata.Component.PackageURL
+ oldBOMRef := bom.Metadata.Component.BOMRef
newPURL := oldPURL + "#" + subpath
+ newBOMRef := oldBOMRef + "#" + subpath
- // Update PURL of main component
- bom.Metadata.Component.BOMRef = newPURL
+ // Update BOMRef and PURL of main component
+ bom.Metadata.Component.BOMRef = newBOMRef
bom.Metadata.Component.PackageURL = newPURL
- // Update PURL in dependency graph
+ // Update PURL in dependency graph (without GOOS and GOARCH)
if bom.Dependencies != nil {
for i, dep := range *bom.Dependencies {
- if dep.Ref == oldPURL {
- (*bom.Dependencies)[i].Ref = newPURL
+ if dep.Ref == oldBOMRef {
+ (*bom.Dependencies)[i].Ref = newBOMRef
break
}
}
@@ -323,16 +325,16 @@ func (g generator) includeAppPathInMainComponentPURL(bi *gomod.BuildInfo, bom *c
for i := range *bom.Compositions {
if (*bom.Compositions)[i].Assemblies != nil {
for j, assembly := range *(*bom.Compositions)[i].Assemblies {
- if string(assembly) == oldPURL {
- (*(*bom.Compositions)[i].Assemblies)[j] = cdx.BOMReference(newPURL)
+ if string(assembly) == oldBOMRef {
+ (*(*bom.Compositions)[i].Assemblies)[j] = cdx.BOMReference(newBOMRef)
}
}
}
if (*bom.Compositions)[i].Dependencies != nil {
for j, dependency := range *(*bom.Compositions)[i].Dependencies {
- if string(dependency) == oldPURL {
- (*(*bom.Compositions)[i].Dependencies)[j] = cdx.BOMReference(newPURL)
+ if string(dependency) == oldBOMRef {
+ (*(*bom.Compositions)[i].Dependencies)[j] = cdx.BOMReference(newBOMRef)
}
}
}
diff --git a/pkg/generate/bin/testdata/snapshots/TestGenerator_Generate-Simple b/pkg/generate/bin/testdata/snapshots/TestGenerator_Generate-Simple
index 56f1e1d2..ec4c5360 100644
--- a/pkg/generate/bin/testdata/snapshots/TestGenerator_Generate-Simple
+++ b/pkg/generate/bin/testdata/snapshots/TestGenerator_Generate-Simple
@@ -4,7 +4,7 @@
testmod-simple
(devel)
- pkg:golang/testmod-simple@(devel)?type=module
+ pkg:golang/testmod-simple@(devel)?type=module&goos=linux&goarch=amd64
f2bd20870a0bc20bef23facd73a1fd21
@@ -24,7 +24,7 @@
a8962d5e72515a6a5eee6ff75e5ca1aec2eb11446a1d1336931ce8c57ab2503b
- pkg:golang/github.com/google/uuid@v1.2.0?type=module
+ pkg:golang/github.com/google/uuid@v1.2.0?type=module&goos=linux&goarch=amd64
https://github.com/google/uuid
diff --git a/pkg/generate/bin/testdata/snapshots/TestGenerator_Generate-Simple1.18 b/pkg/generate/bin/testdata/snapshots/TestGenerator_Generate-Simple1.18
index b974e689..b2104c2d 100644
--- a/pkg/generate/bin/testdata/snapshots/TestGenerator_Generate-Simple1.18
+++ b/pkg/generate/bin/testdata/snapshots/TestGenerator_Generate-Simple1.18
@@ -4,7 +4,7 @@
testmod-simple
v0.0.0-20210716183230-c7ea7c975ab8
- pkg:golang/testmod-simple@v0.0.0-20210716183230-c7ea7c975ab8?type=module
+ pkg:golang/testmod-simple@v0.0.0-20210716183230-c7ea7c975ab8?type=module&goos=linux&goarch=amd64
2c07cd14d44d6755840ac54352af3b8e
@@ -32,7 +32,7 @@
a8962d5e72515a6a5eee6ff75e5ca1aec2eb11446a1d1336931ce8c57ab2503b
- pkg:golang/github.com/google/uuid@v1.2.0?type=module
+ pkg:golang/github.com/google/uuid@v1.2.0?type=module&goos=linux&goarch=amd64
https://github.com/google/uuid
diff --git a/pkg/generate/mod/testdata/snapshots/TestGenerator_Generate-Simple b/pkg/generate/mod/testdata/snapshots/TestGenerator_Generate-Simple
index 3b49bcb1..f28713d1 100644
--- a/pkg/generate/mod/testdata/snapshots/TestGenerator_Generate-Simple
+++ b/pkg/generate/mod/testdata/snapshots/TestGenerator_Generate-Simple
@@ -4,7 +4,7 @@
testmod-simple
v0.0.0-20210716183230-c7ea7c975ab8
- pkg:golang/testmod-simple@v0.0.0-20210716183230-c7ea7c975ab8?type=module
+ pkg:golang/testmod-simple@v0.0.0-20210716183230-c7ea7c975ab8?type=module&goos=linux&goarch=amd64
@@ -15,7 +15,7 @@
a8962d5e72515a6a5eee6ff75e5ca1aec2eb11446a1d1336931ce8c57ab2503b
- pkg:golang/github.com/google/uuid@v1.2.0?type=module
+ pkg:golang/github.com/google/uuid@v1.2.0?type=module&goos=linux&goarch=amd64
https://github.com/google/uuid
@@ -33,7 +33,7 @@
std
REDACTED
required
- pkg:golang/std@REDACTED?type=module
+ pkg:golang/std@REDACTED?type=module&goos=linux&goarch=amd64
diff --git a/pkg/generate/mod/testdata/snapshots/TestGenerator_Generate-SimpleLocal b/pkg/generate/mod/testdata/snapshots/TestGenerator_Generate-SimpleLocal
index 49a3425d..858935ed 100644
--- a/pkg/generate/mod/testdata/snapshots/TestGenerator_Generate-SimpleLocal
+++ b/pkg/generate/mod/testdata/snapshots/TestGenerator_Generate-SimpleLocal
@@ -4,7 +4,7 @@
testmod-local
v0.0.0-20210716185356-32d6b8adc872
- pkg:golang/testmod-local@v0.0.0-20210716185356-32d6b8adc872?type=module
+ pkg:golang/testmod-local@v0.0.0-20210716185356-32d6b8adc872?type=module&goos=linux&goarch=amd64
@@ -14,13 +14,13 @@
0fc77332094208335c4c70c9580b2a9c29ec4e7da87267a62e0dcfdc19608c85
- pkg:golang/testmod-local-dependency?type=module
+ pkg:golang/testmod-local-dependency?type=module&goos=linux&goarch=amd64
std
REDACTED
required
- pkg:golang/std@REDACTED?type=module
+ pkg:golang/std@REDACTED?type=module&goos=linux&goarch=amd64
diff --git a/pkg/generate/mod/testdata/snapshots/TestGenerator_Generate-SimpleMultiCommand b/pkg/generate/mod/testdata/snapshots/TestGenerator_Generate-SimpleMultiCommand
index d3d112e7..aa384f0a 100644
--- a/pkg/generate/mod/testdata/snapshots/TestGenerator_Generate-SimpleMultiCommand
+++ b/pkg/generate/mod/testdata/snapshots/TestGenerator_Generate-SimpleMultiCommand
@@ -4,7 +4,7 @@
testmod-simple
v0.0.0-20210901192510-dc2d14d2351d
- pkg:golang/testmod-simple@v0.0.0-20210901192510-dc2d14d2351d?type=module
+ pkg:golang/testmod-simple@v0.0.0-20210901192510-dc2d14d2351d?type=module&goos=linux&goarch=amd64
@@ -15,7 +15,7 @@
a8962d5e72515a6a5eee6ff75e5ca1aec2eb11446a1d1336931ce8c57ab2503b
- pkg:golang/github.com/google/uuid@v1.2.0?type=module
+ pkg:golang/github.com/google/uuid@v1.2.0?type=module&goos=linux&goarch=amd64
https://github.com/google/uuid
@@ -36,7 +36,7 @@
79f58173df0efdd059460d69c36c620f3a2f9e532309af4d3e77da88176e87c2
- pkg:golang/github.com/package-url/packageurl-go@v0.1.0?type=module
+ pkg:golang/github.com/package-url/packageurl-go@v0.1.0?type=module&goos=linux&goarch=amd64
https://github.com/package-url/packageurl-go
@@ -47,7 +47,7 @@
std
REDACTED
required
- pkg:golang/std@REDACTED?type=module
+ pkg:golang/std@REDACTED?type=module&goos=linux&goarch=amd64
diff --git a/pkg/generate/mod/testdata/snapshots/TestGenerator_Generate-SimpleNested b/pkg/generate/mod/testdata/snapshots/TestGenerator_Generate-SimpleNested
index f5163a41..0c37a61c 100644
--- a/pkg/generate/mod/testdata/snapshots/TestGenerator_Generate-SimpleNested
+++ b/pkg/generate/mod/testdata/snapshots/TestGenerator_Generate-SimpleNested
@@ -4,7 +4,7 @@
testmod-simple
v0.0.0-20210716190707-a62fcff56e7e
- pkg:golang/testmod-simple@v0.0.0-20210716190707-a62fcff56e7e?type=module
+ pkg:golang/testmod-simple@v0.0.0-20210716190707-a62fcff56e7e?type=module&goos=linux&goarch=amd64
@@ -15,7 +15,7 @@
a8962d5e72515a6a5eee6ff75e5ca1aec2eb11446a1d1336931ce8c57ab2503b
- pkg:golang/github.com/google/uuid@v1.2.0?type=module
+ pkg:golang/github.com/google/uuid@v1.2.0?type=module&goos=linux&goarch=amd64
https://github.com/google/uuid
@@ -33,7 +33,7 @@
std
REDACTED
required
- pkg:golang/std@REDACTED?type=module
+ pkg:golang/std@REDACTED?type=module&goos=linux&goarch=amd64
diff --git a/pkg/generate/mod/testdata/snapshots/TestGenerator_Generate-SimpleNoDependencies b/pkg/generate/mod/testdata/snapshots/TestGenerator_Generate-SimpleNoDependencies
index ba730dce..1e406905 100644
--- a/pkg/generate/mod/testdata/snapshots/TestGenerator_Generate-SimpleNoDependencies
+++ b/pkg/generate/mod/testdata/snapshots/TestGenerator_Generate-SimpleNoDependencies
@@ -4,7 +4,7 @@
testmod-nodeps
v0.0.0-20210716190350-6880323ad03d
- pkg:golang/testmod-nodeps@v0.0.0-20210716190350-6880323ad03d?type=module
+ pkg:golang/testmod-nodeps@v0.0.0-20210716190350-6880323ad03d?type=module&goos=linux&goarch=amd64
@@ -12,7 +12,7 @@
std
REDACTED
required
- pkg:golang/std@REDACTED?type=module
+ pkg:golang/std@REDACTED?type=module&goos=linux&goarch=amd64
diff --git a/pkg/generate/mod/testdata/snapshots/TestGenerator_Generate-SimpleVendor b/pkg/generate/mod/testdata/snapshots/TestGenerator_Generate-SimpleVendor
index e9c16c1d..a396c2b1 100644
--- a/pkg/generate/mod/testdata/snapshots/TestGenerator_Generate-SimpleVendor
+++ b/pkg/generate/mod/testdata/snapshots/TestGenerator_Generate-SimpleVendor
@@ -4,7 +4,7 @@
testmod-vendored
v0.0.0-20210716185931-5c9f3d791930
- pkg:golang/testmod-vendored@v0.0.0-20210716185931-5c9f3d791930?type=module
+ pkg:golang/testmod-vendored@v0.0.0-20210716185931-5c9f3d791930?type=module&goos=linux&goarch=amd64
@@ -12,7 +12,7 @@
github.com/google/uuid
v1.2.0
required
- pkg:golang/github.com/google/uuid@v1.2.0?type=module
+ pkg:golang/github.com/google/uuid@v1.2.0?type=module&goos=linux&goarch=amd64
https://github.com/google/uuid
@@ -30,7 +30,7 @@
std
REDACTED
required
- pkg:golang/std@REDACTED?type=module
+ pkg:golang/std@REDACTED?type=module&goos=linux&goarch=amd64