Skip to content

Commit

Permalink
Ensure that all cyclonedx components have bom-refs
Browse files Browse the repository at this point in the history 
Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net>
  • Loading branch information
@sambhav
sambhav committed Mar 23, 2022
1 parent c0b547b commit 8ec2e3f
Show file tree
Hide file tree
Showing 5 changed files with 22 additions and 12 deletions.
6 changes: 6 additions & 0 deletions internal/formats/common/cyclonedxhelpers/component.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,11 @@ func encodeComponent(p pkg.Package) cyclonedx.Component {
properties = &props
}

bomRef := p.PURL
if bomRef == "" {
p.SetID()
bomRef = string(p.ID())
}
return cyclonedx.Component{
Type: cyclonedx.ComponentTypeLibrary,
Name: p.Name,
Expand All @@ -38,6 +43,7 @@ func encodeComponent(p pkg.Package) cyclonedx.Component {
Description: encodeDescription(p),
ExternalReferences: encodeExternalReferences(p),
Properties: properties,
BOMRef: bomRef,
}
}

Expand Down
6 changes: 4 additions & 2 deletions internal/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.4",
"serialNumber": "urn:uuid:498e659b-0758-4a7f-816e-91bee18df634",
"serialNumber": "urn:uuid:10cb848d-d2c2-481a-85b1-02e6cd2be1e4",
"version": 1,
"metadata": {
"timestamp": "2022-03-08T12:30:39Z",
"timestamp": "2022-03-24T00:34:22+05:30",
"tools": [
{
"vendor": "anchore",
Expand All @@ -20,6 +20,7 @@
},
"components": [
{
"bom-ref": "a-purl-2",
"type": "library",
"name": "package-1",
"version": "1.0.1",
Expand Down Expand Up @@ -56,6 +57,7 @@
]
},
{
"bom-ref": "a-purl-2",
"type": "library",
"name": "package-2",
"version": "2.0.1",
Expand Down
6 changes: 4 additions & 2 deletions internal/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.4",
"serialNumber": "urn:uuid:342c3d2c-d26e-47b6-94d6-92fbf41da945",
"serialNumber": "urn:uuid:0690a9b7-a942-4448-a54c-f9dbab774488",
"version": 1,
"metadata": {
"timestamp": "2022-03-08T12:30:39Z",
"timestamp": "2022-03-24T00:34:22+05:30",
"tools": [
{
"vendor": "anchore",
Expand All @@ -21,6 +21,7 @@
},
"components": [
{
"bom-ref": "a-purl-1",
"type": "library",
"name": "package-1",
"version": "1.0.1",
Expand Down Expand Up @@ -61,6 +62,7 @@
]
},
{
"bom-ref": "a-purl-2",
"type": "library",
"name": "package-2",
"version": "2.0.1",
Expand Down
8 changes: 4 additions & 4 deletions internal/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:892f8304-0142-45b1-b411-cade3c53057f" version="1">
<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:07938998-6a6a-4183-be92-282c39928722" version="1">
<metadata>
<timestamp>2022-03-08T12:30:33Z</timestamp>
<timestamp>2022-03-24T00:34:41+05:30</timestamp>
<tools>
<tool>
<vendor>anchore</vendor>
Expand All @@ -14,7 +14,7 @@
</component>
</metadata>
<components>
<component type="library">
<component bom-ref="a-purl-2" type="library">
<name>package-1</name>
<version>1.0.1</version>
<licenses>
Expand All @@ -32,7 +32,7 @@
<property name="syft:location:0:path">/some/path/pkg1</property>
</properties>
</component>
<component type="library">
<component bom-ref="a-purl-2" type="library">
<name>package-2</name>
<version>2.0.1</version>
<cpe>cpe:2.3:*:some:package:2:*:*:*:*:*:*:*</cpe>
Expand Down
8 changes: 4 additions & 4 deletions internal/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:5fa94827-eb85-4f32-a62d-76fb6e89a2dd" version="1">
<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:86339a8e-5f3b-480b-94c7-346e1c7fcf62" version="1">
<metadata>
<timestamp>2022-03-08T12:30:33Z</timestamp>
<timestamp>2022-03-24T00:34:41+05:30</timestamp>
<tools>
<tool>
<vendor>anchore</vendor>
Expand All @@ -15,7 +15,7 @@
</component>
</metadata>
<components>
<component type="library">
<component bom-ref="a-purl-1" type="library">
<name>package-1</name>
<version>1.0.1</version>
<licenses>
Expand All @@ -34,7 +34,7 @@
<property name="syft:location:0:path">/somefile-1.txt</property>
</properties>
</component>
<component type="library">
<component bom-ref="a-purl-2" type="library">
<name>package-2</name>
<version>2.0.1</version>
<cpe>cpe:2.3:*:some:package:2:*:*:*:*:*:*:*</cpe>
Expand Down

0 comments on commit 8ec2e3f

Please sign in to comment.