Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat: Support CBOM (1.6 specification) (#140) #142

Closed
wants to merge 14 commits into from
Closed

Feat: Support CBOM (1.6 specification) (#140) #142

wants to merge 14 commits into from
+273 −9

Conversation

Petzys
Copy link

@Petzys Petzys commented Apr 24, 2024

🚧 WIP 🚧
This PR is meant to implement the CBOM specification from specification 1.6. It might be extended to include to full scope of 1.6.

As I mainly use this module to decode JSON BOMs, I might or might not continue development on this PR. Contributions of any kind are highly appreciated.

Partly addresses #140.

dependabot bot and others added 4 commits March 1, 2024 09:40
@dependabot
build(deps): bump gitpod/workspace-go from 9118b93 to 8b9a0f6
d98494e 
Bumps gitpod/workspace-go from `9118b93` to `8b9a0f6`.

---
updated-dependencies:
- dependency-name: gitpod/workspace-go
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@Petzys
Feat(CBOM Types): Added CBOM types
e8a52d8 
Signed-off-by: Petzys <87223648+Petzys@users.noreply.github.com>
@Petzys
Feat(spec type): Added v1.6 spec type
f13799c 
Signed-off-by: Petzys <87223648+Petzys@users.noreply.github.com>
@Petzys
Fix(CBOM Types): Removed omitempty where zero values are needed
eb5f576 
Signed-off-by: Petzys <87223648+Petzys@users.noreply.github.com>
nscuro
nscuro reviewed Apr 25, 2024
View reviewed changes
cyclonedx.go Outdated
AssetTypeRelatedCryptoMaterial AssetType = "related-crypto-material"
)

type Primitive string
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some of these types have rather generic names (e.g. Primitive, Mode). We need to pay attention that we won't cause naming collisions as the spec grows. Consider prefixing some of these types so they're "pseudo-namespaced". For example CryptoPrimitive instead of Primitive.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup, I see your point and I agree. I think Crypto works as a prefix. I will work on that.

@Petzys
Fix(CBOM Types): Added "Crypto" prefix to generic sounding types
988f215 
Signed-off-by: Petzys <87223648+Petzys@users.noreply.github.com>
@javirln javirln mentioned this pull request Apr 25, 2024
Open
@dependabot
build(deps): bump actions/checkout from 4.1.1 to 4.1.5
ec6291e 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.1 to 4.1.5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@b4ffde6...44c2b7a)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@jkowalleck jkowalleck changed the base branch from master to spec/1.6 May 7, 2024 16:30
@dependabot
build(deps): bump golangci/golangci-lint-action from 4.0.0 to 6.0.1
521d1ce 
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 4.0.0 to 6.0.1.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](golangci/golangci-lint-action@3cfe3a4...a4f60bb)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
This was referenced May 8, 2024
Open
Closed
Closed
nscuro and others added 7 commits May 8, 2024 12:55
@nscuro
Merge pull request CycloneDX#150 from CycloneDX/dependabot/github_act…
c6f99a0 
…ions/golangci/golangci-lint-action-6.0.1

build(deps): bump golangci/golangci-lint-action from 4.0.0 to 6.0.1
@nscuro
Merge pull request CycloneDX#148 from CycloneDX/dependabot/github_act…
062472d 
…ions/actions/checkout-4.1.5

build(deps): bump actions/checkout from 4.1.1 to 4.1.5
@nscuro
Merge pull request CycloneDX#136 from CycloneDX/dependabot/docker/git…
b9ef26c 
…pod/workspace-go-8b9a0f6

build(deps): bump gitpod/workspace-go from `9118b93` to `8b9a0f6`
@dependabot
build(deps): bump actions/setup-go from 5.0.0 to 5.0.1
8674ed5 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@0c52d54...cdcb360)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@nscuro
Merge pull request CycloneDX#146 from CycloneDX/dependabot/github_act…
82bc972 
…ions/actions/setup-go-5.0.1

build(deps): bump actions/setup-go from 5.0.0 to 5.0.1
@mcombuechen
Merge branch 'CycloneDX:master' into master
2499ef8
@mcombuechen
fix: reorder, adjust types
ff41376 
Closes CycloneDX#140.

Signed-off-by: Maximilian Combüchen <max.combuchen@snyk.io>
@Petzys Petzys mentioned this pull request May 16, 2024
Merged
@Petzys
Copy link
Author

Petzys commented May 16, 2024

This PR is outdated and was continued in #165. Closed.

@Petzys Petzys closed this May 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nscuro nscuro nscuro left review comments

Assignees
No one assigned
Labels
spec/1.6
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@Petzys @nscuro @jkowalleck @mcombuechen