cyclonedx-php-composer icon indicating copy to clipboard operation
cyclonedx-php-composer copied to clipboard

Published 20 hours ago verified publisher icon CycloneDX

render property `cdx:reproducible`

Open jkowalleck opened this issue 10 months ago • 0 comments

Is your feature request related to a problem? Please describe.

If a BOM was generated as reproducible, this should be easily visible from the BOM. Therefore, https://github.com/CycloneDX/cyclonedx-property-taxonomy/pull/70 exists

Describe the solution you'd like

Property cdx:reproducible is added under metadata.properties. Value is true, if BOM was build in reproducible mode, else value is false.

Describe alternatives you've considered

Property cdx:reproducible could also be added under global properties, which exists since CDX1.5. This global space does not exist as long as metadata.properties, which exists since CDX1.3. For a better compatibility version-downwards, let's use the area that exists longer.

Additional context

Idea: use the metadata.properties, because the metadata also houses the timestamp of document creation.

jkowalleck avatar Aug 20 '23 07:08 jkowalleck