diff --git a/internal/formats/common/cyclonedxhelpers/component.go b/internal/formats/common/cyclonedxhelpers/component.go index 0815fff16337..cb89a3d31f66 100644 --- a/internal/formats/common/cyclonedxhelpers/component.go +++ b/internal/formats/common/cyclonedxhelpers/component.go @@ -25,6 +25,11 @@ func encodeComponent(p pkg.Package) cyclonedx.Component { properties = &props } + bomRef := p.PURL + if bomRef == "" { + p.SetID() + bomRef = string(p.ID()) + } return cyclonedx.Component{ Type: cyclonedx.ComponentTypeLibrary, Name: p.Name, @@ -38,6 +43,7 @@ func encodeComponent(p pkg.Package) cyclonedx.Component { Description: encodeDescription(p), ExternalReferences: encodeExternalReferences(p), Properties: properties, + BOMRef: bomRef, } } diff --git a/internal/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden b/internal/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden index 3063fdd1c8c8..f63dbff7f343 100644 --- a/internal/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden +++ b/internal/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden @@ -1,10 +1,10 @@ { "bomFormat": "CycloneDX", "specVersion": "1.4", - "serialNumber": "urn:uuid:498e659b-0758-4a7f-816e-91bee18df634", + "serialNumber": "urn:uuid:10cb848d-d2c2-481a-85b1-02e6cd2be1e4", "version": 1, "metadata": { - "timestamp": "2022-03-08T12:30:39Z", + "timestamp": "2022-03-24T00:34:22+05:30", "tools": [ { "vendor": "anchore", @@ -20,6 +20,7 @@ }, "components": [ { + "bom-ref": "a-purl-2", "type": "library", "name": "package-1", "version": "1.0.1", @@ -56,6 +57,7 @@ ] }, { + "bom-ref": "a-purl-2", "type": "library", "name": "package-2", "version": "2.0.1", diff --git a/internal/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden b/internal/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden index 62f5871eb4dd..aace0656a667 100644 --- a/internal/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden +++ b/internal/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden @@ -1,10 +1,10 @@ { "bomFormat": "CycloneDX", "specVersion": "1.4", - "serialNumber": "urn:uuid:342c3d2c-d26e-47b6-94d6-92fbf41da945", + "serialNumber": "urn:uuid:0690a9b7-a942-4448-a54c-f9dbab774488", "version": 1, "metadata": { - "timestamp": "2022-03-08T12:30:39Z", + "timestamp": "2022-03-24T00:34:22+05:30", "tools": [ { "vendor": "anchore", @@ -21,6 +21,7 @@ }, "components": [ { + "bom-ref": "a-purl-1", "type": "library", "name": "package-1", "version": "1.0.1", @@ -61,6 +62,7 @@ ] }, { + "bom-ref": "a-purl-2", "type": "library", "name": "package-2", "version": "2.0.1", diff --git a/internal/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden b/internal/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden index 3e416a26e269..44945e8fd8dc 100644 --- a/internal/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden +++ b/internal/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden @@ -1,7 +1,7 @@ - + - 2022-03-08T12:30:33Z + 2022-03-24T00:34:41+05:30 anchore @@ -14,7 +14,7 @@ - + package-1 1.0.1 @@ -32,7 +32,7 @@ /some/path/pkg1 - + package-2 2.0.1 cpe:2.3:*:some:package:2:*:*:*:*:*:*:* diff --git a/internal/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden b/internal/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden index 5d1b9dae4174..8d9c52efffb1 100644 --- a/internal/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden +++ b/internal/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden @@ -1,7 +1,7 @@ - + - 2022-03-08T12:30:33Z + 2022-03-24T00:34:41+05:30 anchore @@ -15,7 +15,7 @@ - + package-1 1.0.1 @@ -34,7 +34,7 @@ /somefile-1.txt - + package-2 2.0.1 cpe:2.3:*:some:package:2:*:*:*:*:*:*:*