Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(sbom): migrate to CycloneDX v1.6 #6902

Closed
DmitriyLewen opened this issue Jun 11, 2024 · 5 comments · Fixed by #6903
Closed

feat(sbom): migrate to CycloneDX v1.6 #6902

DmitriyLewen opened this issue Jun 11, 2024 · 5 comments · Fixed by #6903
Assignees
@DmitriyLewen
Labels
kind/feature Categorizes issue or PR as related to a new feature. scan/sbom Issues relating to SBOM
Milestone
v0.58.1

Comments

@DmitriyLewen
Copy link
Contributor

##Description
CycloneDX v1.6 released - https://cyclonedx.org/news/cyclonedx-v1.6-released/
github.com/CycloneDX/cyclonedx-go v0.9.0 already supports v1.6.

v1.6 doesn't contain broken changes for fields used in Trivy.
So we can upgrade to v1.6 without any problems.
@DmitriyLewen DmitriyLewen added kind/feature Categorizes issue or PR as related to a new feature. scan/sbom Issues relating to SBOM labels Jun 11, 2024
@DmitriyLewen DmitriyLewen self-assigned this Jun 11, 2024
@DmitriyLewen DmitriyLewen mentioned this issue Jun 11, 2024
Merged
6 tasks
@DmitriyLewen DmitriyLewen changed the title migrate to CycloneDX v1.6 feat(sbom): migrate to CycloneDX v1.6 Jun 11, 2024
@knqyf263 knqyf263 added this to the v0.53.0 milestone Jun 11, 2024
@candrews candrews mentioned this issue Jul 16, 2024
Open
@eruvanos
Copy link

Hi, regarding this related issue, trivy does not support 1.6.

CycloneDX/cyclonedx-go#192

@eruvanos
Copy link

@knqyf263 could we reopen this until a downstream fix this issue?

@knqyf263
Copy link
Collaborator

@DmitriyLewen Can you please take a look?

@DmitriyLewen
Copy link
Contributor Author

Hello @eruvanos
I think that downgrading the CycloneDX version is not very good idea (especially since trivi does not use this field)
I created CycloneDX/cyclonedx-go#204 in cyclonedx-go.
I hope they will consider it quickly

@DmitriyLewen DmitriyLewen mentioned this issue Oct 28, 2024
Closed
@DmitriyLewen DmitriyLewen mentioned this issue Dec 16, 2024
Merged
7 tasks
@DmitriyLewen
Copy link
Contributor Author

Hello @eruvanos
CycloneDX finally merged my PR.

I create #8105

@DmitriyLewen DmitriyLewen modified the milestones: v0.53.0, v0.58.1 Dec 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DmitriyLewen DmitriyLewen

Labels
kind/feature Categorizes issue or PR as related to a new feature. scan/sbom Issues relating to SBOM
Projects
Trivy Roadmap
Archived in project
Milestone
v0.58.1
Development

Successfully merging a pull request may close this issue.

feat(sbom): migrate to CycloneDX v1.6 DmitriyLewen/trivy
3 participants
@knqyf263 @eruvanos @DmitriyLewen