cyclonedx-python-lib icon indicating copy to clipboard operation
cyclonedx-python-lib copied to clipboard

Published 20 hours ago verified publisher icon CycloneDX

feat!: Add component and services for tools

Open jkugler opened this issue 1 year ago • 26 comments

CycloneDX spec 1.5 deprecated an array of tools in bom.metadata and instead prefers object with an array of components and an array of services.

This PR implements that.

This works de-serializing a Syft SBOM with a tool section like so:

  "metadata": {
    "timestamp": "2024-06-10T13:06:52-08:00",
    "tools": {
      "components": [
        {
          "type": "application",
          "author": "anchore",
          "name": "syft",
          "version": "1.4.1"
        }
      ]
    },
    "component": {
      "bom-ref": "08329a07b4eb8eac",
      "type": "file",
      "name": "./"
    }
  },

Next up: docs, XML (de)serialization code, and tests.

fixes #561

jkugler avatar Jun 18 '24 00:06 jkugler