Docs: Update Readme to reflect supported Cyclone DX Spec

Open ashearin opened this issue 2 years ago • 1 comments

What happened:

Docs list supported Cyclonedx Spec as 1.4

cyclonedx: An XML report conforming to the CycloneDX 1.4 specification.

cyclonedx-json: A JSON report conforming to the CycloneDX 1.4 specification.

However running grype --output cyclonedx-json bom.json results in a 1.5 Spec bom

{
  "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.5",
  "serialNumber": "urn:uuid:d2c467ef-933e-4e96-a85c-4b21b23a604e",
  "version": 1,
  "metadata": {
    "timestamp": "2024-03-19T15:36:01-06:00",
    "tools": {
      "components": [
        {
          "type": "application",
          "author": "anchore",
          "name": "grype",
          "version": "0.74.7"
        }
      ]
    }
  },
...

What you expected to happen:

Docs would reflect current supported CycloneDX Specification (1.5)

Environment:

Output of grype version: "0.74.7"
OS (e.g: cat /etc/os-release or similar): MacOS

Mar 19 '24 21:03 ashearin

Thanks for the report, @ashearin! We'll get the docs updated soon.

Mar 21 '24 20:03 tgerla