sbom-utility icon indicating copy to clipboard operation
sbom-utility copied to clipboard

Published 20 hours ago verified publisher icon CycloneDX

Support for both the v1.5 component evidence `identity` and the v1.6 array of `componentIdentityEvidence`

Open mrutkows opened this issue 2 months ago • 2 comments

TODO: figure out how to support both the v1.5 "Identity" type (a singleton of an anonymous type) vs. the v1.6 "identity" which is an array of named type (i.e., componentIdentityEvidence):

type CDXComponentEvidence struct {
	Licenses  *[]CDXLicense   `json:"licenses,omitempty" cdx:"added:1.3"`
	Copyright *[]CDXCopyright `json:"copyright,omitempty" cdx:"added:1.3"`
	Identity  interface{}     `json:"identity,omitempty" cdx:"added:1.5,changed:1.6"`
...
}

where these struct types would be referenced:

type CDXComponentIdentityEvidence struct {
	Field      string       `json:"field,omitempty" cdx:"added:1.5"`
	Confidence float64      `json:"confidence,omitempty" cdx:"added:1.5"`
	Methods    *[]CDXMethod `json:"methods,omitempty" cdx:"added:1.5"`
	Tools      *[]string    `json:"tools,omitempty" cdx:"added:1.5"`
}

// v1.5: added
type CDXMethod struct {
	Technique  string  `json:"technique,omitempty" cdx:"added:1.5"`
	Confidence float64 `json:"confidence,omitempty" cdx:"added:1.5"`
	Value      string  `json:"value,omitempty" cdx:"added:1.5"`
}

mrutkows avatar May 08 '24 21:05 mrutkows