Bumped CycloneDX Core Java and changes necessary to support it. Updat…

…ed dependencies and description.
glefloch · Apr 1, 2021 · dfa122b · dfa122b
1 parent c8bedad
commit dfa122b
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 13 deletions.
diff --git a/build.gradle b/build.gradle
@@ -8,13 +8,10 @@ plugins {
 repositories {
     jcenter()
     mavenCentral()
-    maven {
-        url 'https://jitpack.io'
-    }
 }
 
 dependencies {
-    compile(group: 'org.cyclonedx', name: 'cyclonedx-core-java', version: '3.0.5') {
+    compile(group: 'org.cyclonedx', name: 'cyclonedx-core-java', version: '4.1.0') {
         // gradle-api already includes an slf4j binding
         exclude group: 'org.apache.logging.log4j', module: 'log4j-slf4j-impl'
     }
@@ -24,7 +21,7 @@ dependencies {
 }
 
 group = 'com.cyclonedx'
-version = '1.2.1'
+version = '1.2.2-SNAPSHOT'
 
 sourceCompatibility = JavaVersion.VERSION_1_8
 targetCompatibility = JavaVersion.VERSION_1_8
@@ -36,11 +33,11 @@ tasks.withType(JavaCompile) {
 pluginBundle {
     website = 'http://cyclonedx.org'
     vcsUrl = 'https://github.com/CycloneDX/cyclonedx-gradle-plugin.git'
-    tags = [ 'cyclonedx', 'dependency', 'dependencies', 'owasp', 'bom' ]
+    tags = [ 'cyclonedx', 'dependency', 'dependencies', 'owasp', 'inventory', 'bom', 'sbom' ]
     plugins {
         cycloneDxPlugin {
             displayName = 'CycloneDX BOM Generator'
-            description = 'The CycloneDX Gradle plugin creates an aggregate of all direct and transitive dependencies of a project and creates a valid CycloneDX bill-of-materials document from the results. CycloneDX is a lightweight BOM specification that is easily created, human readable, and simple to parse.'
+            description = 'The CycloneDX Gradle plugin creates an aggregate of all direct and transitive dependencies of a project and creates a valid CycloneDX Software Bill of Materials (SBOM).'
         }
     }
 }

diff --git a/pom.xml b/pom.xml
@@ -26,7 +26,7 @@
     <version>1.2.2-SNAPSHOT</version>
 
     <name>CycloneDX Gradle Plugin</name>
-    <description>The CycloneDX Gradle plugin creates an aggregate of all direct and transitive dependencies of a project and creates a valid CycloneDX bill-of-materials document from the results. CycloneDX is a lightweight BOM specification that is easily created, human readable, and simple to parse.</description>
+    <description>The CycloneDX Gradle plugin creates an aggregate of all direct and transitive dependencies of a project and creates a valid CycloneDX Software Bill of Materials (SBOM).</description>
     <url>https://github.com/CycloneDX/cyclonedx-gradle-plugin</url>
     <inceptionYear>2017</inceptionYear>
     <organization>
@@ -67,7 +67,7 @@
         <maven.javadoc.plugin.version>3.1.1</maven.javadoc.plugin.version>
         <maven.source.plugin.version>3.2.1</maven.source.plugin.version>
         <maven.jar.plugin.version>3.0.2</maven.jar.plugin.version>
-        <maven.cyclonedx.plugin.version>2.0.3</maven.cyclonedx.plugin.version>
+        <maven.cyclonedx.plugin.version>2.4.0</maven.cyclonedx.plugin.version>
         <maven.github.release.plugin.version>1.4.0</maven.github.release.plugin.version>
     </properties>
 
@@ -103,7 +103,14 @@
         <dependency>
             <groupId>org.cyclonedx</groupId>
             <artifactId>cyclonedx-core-java</artifactId>
-            <version>3.0.5</version>
+            <version>4.1.0</version>
+        </dependency>
+        <!-- This is already a dependency of CycloneDX Java Core, but due to some Maven configurations,
+        an older version may be resolved instead which may lead to sha3 methods not being available. -->
+        <dependency>
+            <groupId>commons-codec</groupId>
+            <artifactId>commons-codec</artifactId>
+            <version>1.15</version>
         </dependency>
         <dependency>
             <groupId>commons-codec</groupId>

diff --git a/src/main/java/org/cyclonedx/gradle/CycloneDxTask.java b/src/main/java/org/cyclonedx/gradle/CycloneDxTask.java
@@ -24,6 +24,7 @@
 import org.apache.maven.project.MavenProject;
 import org.cyclonedx.BomGeneratorFactory;
 import org.cyclonedx.CycloneDxSchema;
+import org.cyclonedx.exception.GeneratorException;
 import org.cyclonedx.generators.json.BomJsonGenerator;
 import org.cyclonedx.generators.xml.BomXmlGenerator;
 import org.cyclonedx.model.Bom;
@@ -364,13 +365,13 @@ protected void writeBom(Metadata metadata, Set<Component> components) throws Gra
             if (schemaVersion().getVersion() >= 1.2) {
                 writeJSONBom(schemaVersion, bom);
             }
-        } catch (ParserConfigurationException | TransformerException | IOException e) {
+        } catch (GeneratorException | ParserConfigurationException | TransformerException | IOException e) {
             throw new GradleException("An error occurred executing " + this.getClass().getName(), e);
         }
     }
 
     private void writeXMLBom(final CycloneDxSchema.Version schemaVersion, final Bom bom)
-            throws ParserConfigurationException, TransformerException, IOException {
+            throws GeneratorException, ParserConfigurationException, TransformerException, IOException {
         final BomXmlGenerator bomGenerator = BomGeneratorFactory.createXml(schemaVersion, bom);
         bomGenerator.generate();
         final String bomString = bomGenerator.toXmlString();
@@ -391,7 +392,6 @@ private void writeXMLBom(final CycloneDxSchema.Version schemaVersion, final Bom
 
     private void writeJSONBom(final CycloneDxSchema.Version schemaVersion, final Bom bom) throws IOException {
         final BomJsonGenerator bomGenerator = BomGeneratorFactory.createJson(schemaVersion, bom);
-        bomGenerator.generate();
         final String bomString = bomGenerator.toJsonString();
         final File bomFile = new File(buildDir, "reports/bom.json");
         getLogger().info(MESSAGE_WRITING_BOM_JSON);