sbom-utility
sbom-utility copied to clipboard
Support for both the v1.5 component evidence `identity` and the v1.6 array of `componentIdentityEvidence`
TODO: figure out how to support both the v1.5 "Identity" type (a singleton of an anonymous type) vs. the v1.6 "identity" which is an array of named type (i.e., componentIdentityEvidence):
type CDXComponentEvidence struct {
Licenses *[]CDXLicense `json:"licenses,omitempty" cdx:"added:1.3"`
Copyright *[]CDXCopyright `json:"copyright,omitempty" cdx:"added:1.3"`
Identity interface{} `json:"identity,omitempty" cdx:"added:1.5,changed:1.6"`
...
}
where these struct types would be referenced:
type CDXComponentIdentityEvidence struct {
Field string `json:"field,omitempty" cdx:"added:1.5"`
Confidence float64 `json:"confidence,omitempty" cdx:"added:1.5"`
Methods *[]CDXMethod `json:"methods,omitempty" cdx:"added:1.5"`
Tools *[]string `json:"tools,omitempty" cdx:"added:1.5"`
}
// v1.5: added
type CDXMethod struct {
Technique string `json:"technique,omitempty" cdx:"added:1.5"`
Confidence float64 `json:"confidence,omitempty" cdx:"added:1.5"`
Value string `json:"value,omitempty" cdx:"added:1.5"`
}