From 09e50ce6a82073ba62f1732d5aa0cd2701578693 Mon Sep 17 00:00:00 2001 From: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com> Date: Tue, 11 Jun 2024 13:41:07 +0600 Subject: [PATCH] feat(sbom): migrate to `CycloneDX v1.6` (#6903) --- go.mod | 2 +- go.sum | 4 +- .../testdata/conda-cyclonedx.json.golden | 4 +- .../conda-environment-cyclonedx.json.golden | 4 +- ...fluentd-multiple-lockfiles.cdx.json.golden | 4 +- .../testdata/pom-cyclonedx.json.golden | 4 +- pkg/sbom/cyclonedx/marshal_test.go | 42 +++++++++---------- pkg/sbom/cyclonedx/testdata/happy/bom.json | 2 +- 8 files changed, 33 insertions(+), 33 deletions(-) diff --git a/go.mod b/go.mod index e041336347b5..e89d26e96169 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 github.com/BurntSushi/toml v1.4.0 - github.com/CycloneDX/cyclonedx-go v0.8.0 + github.com/CycloneDX/cyclonedx-go v0.9.0 github.com/GoogleCloudPlatform/docker-credential-gcr v2.0.5+incompatible github.com/Masterminds/sprig/v3 v3.2.3 github.com/NYTimes/gziphandler v1.1.1 diff --git a/go.sum b/go.sum index 5c4cc4d02054..134e1d777079 100644 --- a/go.sum +++ b/go.sum @@ -653,8 +653,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03 github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0= github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/CycloneDX/cyclonedx-go v0.8.0 h1:FyWVj6x6hoJrui5uRQdYZcSievw3Z32Z88uYzG/0D6M= -github.com/CycloneDX/cyclonedx-go v0.8.0/go.mod h1:K2bA+324+Og0X84fA8HhN2X066K7Bxz4rpMQ4ZhjtSk= +github.com/CycloneDX/cyclonedx-go v0.9.0 h1:inaif7qD8bivyxp7XLgxUYtOXWtDez7+j72qKTMQTb8= +github.com/CycloneDX/cyclonedx-go v0.9.0/go.mod h1:NE/EWvzELOFlG6+ljX/QeMlVt9VKcTwu8u0ccsACEsw= github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU= github.com/GoogleCloudPlatform/docker-credential-gcr v2.0.5+incompatible h1:juIaKLLVhqzP55d8x4cSVgwyQv76Z55/fRv/UBr2KkQ= diff --git a/integration/testdata/conda-cyclonedx.json.golden b/integration/testdata/conda-cyclonedx.json.golden index 9640112cce12..7f3a352fcce7 100644 --- a/integration/testdata/conda-cyclonedx.json.golden +++ b/integration/testdata/conda-cyclonedx.json.golden @@ -1,7 +1,7 @@ { - "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3ff14136-e09f-4df9-80ea-000000000004", "version": 1, "metadata": { diff --git a/integration/testdata/conda-environment-cyclonedx.json.golden b/integration/testdata/conda-environment-cyclonedx.json.golden index e927b7594bfb..7062e1e1a356 100644 --- a/integration/testdata/conda-environment-cyclonedx.json.golden +++ b/integration/testdata/conda-environment-cyclonedx.json.golden @@ -1,7 +1,7 @@ { - "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3ff14136-e09f-4df9-80ea-000000000004", "version": 1, "metadata": { diff --git a/integration/testdata/fluentd-multiple-lockfiles.cdx.json.golden b/integration/testdata/fluentd-multiple-lockfiles.cdx.json.golden index 934bda200639..cc442e7d881d 100644 --- a/integration/testdata/fluentd-multiple-lockfiles.cdx.json.golden +++ b/integration/testdata/fluentd-multiple-lockfiles.cdx.json.golden @@ -1,7 +1,7 @@ { - "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3ff14136-e09f-4df9-80ea-000000000163", "version": 1, "metadata": { diff --git a/integration/testdata/pom-cyclonedx.json.golden b/integration/testdata/pom-cyclonedx.json.golden index 0baa2382d58c..42650c62b54e 100644 --- a/integration/testdata/pom-cyclonedx.json.golden +++ b/integration/testdata/pom-cyclonedx.json.golden @@ -1,7 +1,7 @@ { - "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3ff14136-e09f-4df9-80ea-000000000005", "version": 1, "metadata": { diff --git a/pkg/sbom/cyclonedx/marshal_test.go b/pkg/sbom/cyclonedx/marshal_test.go index d86cbfd1a218..d1fc8a455a2a 100644 --- a/pkg/sbom/cyclonedx/marshal_test.go +++ b/pkg/sbom/cyclonedx/marshal_test.go @@ -254,10 +254,10 @@ func TestMarshaler_MarshalReport(t *testing.T) { }, }, want: &cdx.BOM{ - XMLNS: "http://cyclonedx.org/schema/bom/1.5", + XMLNS: "http://cyclonedx.org/schema/bom/1.6", BOMFormat: "CycloneDX", - SpecVersion: cdx.SpecVersion1_5, - JSONSchema: "http://cyclonedx.org/schema/bom-1.5.schema.json", + SpecVersion: cdx.SpecVersion1_6, + JSONSchema: "http://cyclonedx.org/schema/bom-1.6.schema.json", SerialNumber: "urn:uuid:3ff14136-e09f-4df9-80ea-000000000014", Version: 1, Metadata: &cdx.Metadata{ @@ -909,10 +909,10 @@ func TestMarshaler_MarshalReport(t *testing.T) { }, }, want: &cdx.BOM{ - XMLNS: "http://cyclonedx.org/schema/bom/1.5", + XMLNS: "http://cyclonedx.org/schema/bom/1.6", BOMFormat: "CycloneDX", - SpecVersion: cdx.SpecVersion1_5, - JSONSchema: "http://cyclonedx.org/schema/bom-1.5.schema.json", + SpecVersion: cdx.SpecVersion1_6, + JSONSchema: "http://cyclonedx.org/schema/bom-1.6.schema.json", SerialNumber: "urn:uuid:3ff14136-e09f-4df9-80ea-000000000007", Version: 1, Metadata: &cdx.Metadata{ @@ -1293,10 +1293,10 @@ func TestMarshaler_MarshalReport(t *testing.T) { }, }, want: &cdx.BOM{ - XMLNS: "http://cyclonedx.org/schema/bom/1.5", + XMLNS: "http://cyclonedx.org/schema/bom/1.6", BOMFormat: "CycloneDX", - SpecVersion: cdx.SpecVersion1_5, - JSONSchema: "http://cyclonedx.org/schema/bom-1.5.schema.json", + SpecVersion: cdx.SpecVersion1_6, + JSONSchema: "http://cyclonedx.org/schema/bom-1.6.schema.json", SerialNumber: "urn:uuid:3ff14136-e09f-4df9-80ea-000000000007", Version: 1, Metadata: &cdx.Metadata{ @@ -1518,10 +1518,10 @@ func TestMarshaler_MarshalReport(t *testing.T) { BOM: testSBOM, }, want: &cdx.BOM{ - XMLNS: "http://cyclonedx.org/schema/bom/1.5", + XMLNS: "http://cyclonedx.org/schema/bom/1.6", BOMFormat: "CycloneDX", - SpecVersion: cdx.SpecVersion1_5, - JSONSchema: "http://cyclonedx.org/schema/bom-1.5.schema.json", + SpecVersion: cdx.SpecVersion1_6, + JSONSchema: "http://cyclonedx.org/schema/bom-1.6.schema.json", SerialNumber: "urn:uuid:3ff14136-e09f-4df9-80ea-000000000002", Version: 1, Metadata: &cdx.Metadata{ @@ -1770,10 +1770,10 @@ func TestMarshaler_MarshalReport(t *testing.T) { }, }, want: &cdx.BOM{ - XMLNS: "http://cyclonedx.org/schema/bom/1.5", + XMLNS: "http://cyclonedx.org/schema/bom/1.6", BOMFormat: "CycloneDX", - SpecVersion: cdx.SpecVersion1_5, - JSONSchema: "http://cyclonedx.org/schema/bom-1.5.schema.json", + SpecVersion: cdx.SpecVersion1_6, + JSONSchema: "http://cyclonedx.org/schema/bom-1.6.schema.json", SerialNumber: "urn:uuid:3ff14136-e09f-4df9-80ea-000000000004", Version: 1, Metadata: &cdx.Metadata{ @@ -1956,10 +1956,10 @@ func TestMarshaler_MarshalReport(t *testing.T) { }, }, want: &cdx.BOM{ - XMLNS: "http://cyclonedx.org/schema/bom/1.5", + XMLNS: "http://cyclonedx.org/schema/bom/1.6", BOMFormat: "CycloneDX", - SpecVersion: cdx.SpecVersion1_5, - JSONSchema: "http://cyclonedx.org/schema/bom-1.5.schema.json", + SpecVersion: cdx.SpecVersion1_6, + JSONSchema: "http://cyclonedx.org/schema/bom-1.6.schema.json", SerialNumber: "urn:uuid:3ff14136-e09f-4df9-80ea-000000000003", Version: 1, Metadata: &cdx.Metadata{ @@ -2044,10 +2044,10 @@ func TestMarshaler_MarshalReport(t *testing.T) { Results: types.Results{}, }, want: &cdx.BOM{ - XMLNS: "http://cyclonedx.org/schema/bom/1.5", + XMLNS: "http://cyclonedx.org/schema/bom/1.6", BOMFormat: "CycloneDX", - SpecVersion: cdx.SpecVersion1_5, - JSONSchema: "http://cyclonedx.org/schema/bom-1.5.schema.json", + SpecVersion: cdx.SpecVersion1_6, + JSONSchema: "http://cyclonedx.org/schema/bom-1.6.schema.json", SerialNumber: "urn:uuid:3ff14136-e09f-4df9-80ea-000000000002", Version: 1, Metadata: &cdx.Metadata{ diff --git a/pkg/sbom/cyclonedx/testdata/happy/bom.json b/pkg/sbom/cyclonedx/testdata/happy/bom.json index a7a1a474b8bd..e2d68e96b38b 100644 --- a/pkg/sbom/cyclonedx/testdata/happy/bom.json +++ b/pkg/sbom/cyclonedx/testdata/happy/bom.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:c986ba94-e37d-49c8-9e30-96daccd0415b", "version": 1, "metadata": {