cyclonedx-ruby-gem icon indicating copy to clipboard operation
cyclonedx-ruby-gem copied to clipboard
verified publisher icon CycloneDX

✨ Core v1.7 Enablement

Open pboling opened this issue 2 months ago • 4 comments

# 📍 NOTE What
1️⃣ #38 is first Modernize gem structure
2️⃣ Then see #37 next Upgrade to v1.7 spec <=== You are here
3️⃣ Then see #39 Add --validate feature
4️⃣ Then see #40 Add --include-metadata feature

  • Add spec version selection end-to-end with a new --spec-version flag (default 1.7).
  • Update JSON and XML outputs to honor the selected spec version.
  • Update fixtures, help text, tests, and docs.

NOTE:

  • Additional fields like bom-ref, publisher, metadata.tools, dependencies are optional and can be added incrementally.

Files:

  • lib/bom_helpers.rb:
    • Added SUPPORTED_SPEC_VERSIONS, cyclonedx_xml_namespace helper. build_bom now accepts spec_version and routes to:
      • build_json_bom(gems, spec_version) sets specVersion to the provided version.
      • build_bom_xml(gems, spec_version) sets xmlns to http://cyclonedx.org/schema/bom/.
  • lib/bom_builder.rb:
    • Added --spec-version with validation; default is 1.7.
    • Pass @spec_version into build_bom(@gems, @bom_output_format, @spec_version).

pboling avatar Oct 26 '25 00:10 pboling

#38 was merged.

@pboling would you mind rebasing/updating this PR?

jkowalleck avatar Nov 05 '25 11:11 jkowalleck

Will do today!

pboling avatar Nov 05 '25 20:11 pboling

@jkowalleck rebase complete

pboling avatar Nov 06 '25 11:11 pboling

@jkowalleck It seems like I should be able to get to the Codacy report somehow but I'm not sure where to find the link to it from the CI results.

pboling avatar Nov 06 '25 12:11 pboling