cyclonedx-ruby-gem
cyclonedx-ruby-gem copied to clipboard
CycloneDX
✨ --validate
| # | 📍 NOTE | What | |
|---|---|---|---|
| 1️⃣ | Please see #38 first | Modernize gem structure | |
| 2️⃣ | Then see #37 next | Upgrade to v1.7 spec | |
| 3️⃣ | Then continue here | Add --validate feature | <=== You are here |
| 4️⃣ | Then see #40 | Add --include-metadata feature |
CLI and validation
- Added --validate and --validate-file flags in Cyclonedx::BomBuilder.
- After writing the BOM, if --validate is set, validate JSON via JSON Schema and XML via XSD with local files under schema/.
- Added logic to validate an existing file with --validate --validate-file
, inferring format from extension unless --format is provided. - In validate-only mode, project path isn’t required.
Validation helpers
- Added Cyclonedx::BomHelpers.validate_bom_content(content, format, spec_version) which:
- For JSON: uses json_schemer to validate against bom-
.schema.json. - For XML: uses Nokogiri::XML::Schema with bom-
.xsd.
- For JSON: uses json_schemer to validate against bom-
- Uses local schemas at schema/ and surfaces compact error messages; returns non-zero exit on failure.
Dependencies
- Added json_schemer (~> 2.2) to cyclonedx-ruby.gemspec.
- Required json_schemer in lib/cyclonedx/ruby.rb.
Cucumber tests
- Updated features/help.feature to show the new flags.
- Added features/validate.feature:
- Validate XML BOM succeeds.
- Validate JSON BOM succeeds.
- Validate fails for invalid XML BOM (corrupts namespace and expects exit 1).
Small extras
- Infer format from file extension when using --validate-file and no --format provided.
Signed-off-by: Peter H. Boling [email protected]
