cyclonedx-ruby-gem icon indicating copy to clipboard operation
cyclonedx-ruby-gem copied to clipboard
verified publisher icon CycloneDX

✨ --include-metadata (metadata.tools) & --enrich-components

Open pboling opened this issue 2 months ago • 0 comments

# 📍 NOTE What
1️⃣ Please see #38 first Modernize gem structure
2️⃣ Then see #37 next Upgrade to v1.7 spec
3️⃣ Then see #39 Add --validate feature
4️⃣ Then this one Add --include-metadata feature <=== You are here

CLI and wiring

  • --include-metadata
    • When provided, metadata.tools identifies this producer:   - vendor: CycloneDX   - name: cyclonedx-ruby   - version: the gem’s version
    • Emitted for both JSON and XML, and only when the selected spec supports metadata (>= 1.2).
  • --enrich-components
    • Updated Cyclonedx::BomBuilder to add:
      • CLI: --enrich-components to opt-in enrichment.
      • Pass include_enrichment to build_bom(...).
    • Note: This does not alter default outputs; enrichment only applies with the flag.
  • Help and README updated.

JSON and XML emission

  • Updated Cyclonedx::BomHelpers:
    • build_bom supports include_enrichment and passes it to both JSON and XML builders.
    • build_json_bom adds bom-ref and publisher via BomComponent when include_enrichment: true.
    • build_bom_xml adds:
      • bom-ref attribute on using purl.
      • first_author if authors are present (first item split on commas/ampersands).
    • Added a small _get helper to read properties from either Hash or OpenStruct-like objects.

Component shape

  • Updated Cyclonedx::BomComponent:
    • Added optional keyword parameter include_enrichment: false to hash_val.
    • When true, include:
      • "bom-ref": purl (if present)
      • "publisher": first author (if present)
    • Made property access robust across Hash/OpenStruct.
    • Ensured hashes is an array with an object { alg, content } as expected by existing specs.

Tests

  • features/metadata_tools.feature (integration)
  • spec/cyclonedx/metadata_tools_spec.rb (unit, offline-safe)
  • Added spec/cyclonedx/component_enrichment_spec.rb:
    • Verifies JSON has bom-ref and publisher when include_enrichment: true and omits them otherwise.
    • Verifies XML has bom-ref attribute and when include_enrichment: true and omits otherwise.

Signed-off-by: Peter H. Boling [email protected]

pboling avatar Oct 26 '25 08:10 pboling