Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support cdx 1.6 #288

Merged
merged 100 commits into from
Sep 14, 2024
Merged

support cdx 1.6 #288

merged 100 commits into from
Sep 14, 2024

Conversation

mtsfoni
Copy link
Contributor

@mtsfoni mtsfoni commented May 5, 2024

No description provided.

mtsfoni and others added 10 commits May 5, 2024 15:00
@mtsfoni
.
b536b12
@mtsfoni
inbetween: xml enums still need to be fixed but roundtrip tests work
c523d5f
@mtsfoni
fixed problems stemming from cdx 1.5 implementation
cfa84f1
@mtsfoni
DatasetChoices fix deserialization namespace problem
751d58b
@andreas-hilti
Merge branch 'main' into cdx1.6
12be76e 
Signed-off-by: andreas hilti <69210561+andreas-hilti@users.noreply.github.com>
@andreas-hilti
Adapt interop and merge tests
3af1a24 
Signed-off-by: andreas hilti <69210561+andreas-hilti@users.noreply.github.com>
@andreas-hilti
Adapt core tests
b7b46c0 
Signed-off-by: andreas hilti <69210561+andreas-hilti@users.noreply.github.com>
@andreas-hilti
Further adapt core tests
4484786 
Signed-off-by: andreas hilti <69210561+andreas-hilti@users.noreply.github.com>
@andreas-hilti
Add missing snapshots
0cb39b2 
Signed-off-by: andreas hilti <69210561+andreas-hilti@users.noreply.github.com>
@andreas-hilti
workaround for incorrect Protobuf Tools serialization
c3a4c70 
Signed-off-by: andreas hilti <69210561+andreas-hilti@users.noreply.github.com>
@andreas-hilti
Copy link
Contributor

@mtsfoni Do you have an understanding which features/changes still need to be added to support 1.6 (https://github.com/CycloneDX/specification/releases/tag/1.6)?
From what I can see your changes are mostly related to general revisioning and CBOM.
This means we are missing at least:

  • Attestation
  • Several smaller features (like tags, swhid, etc.)
  • Json and Protobuf tests

@mtsfoni
Copy link
Contributor Author

mtsfoni commented Aug 24, 2024

  • The CBOM part probably still needs adaption for JSON. It seems to be a good idea to start with JSON and add XML after - unfortunately I did it the other way. This will be my next step.

  • Attestation is missing.

  • Smaller Features might or might not be added, needs checking.

  • I added the test. But many tests were generated outputting an empty BOM, so before releasing the round-trip-test have to be reviewed, that in- and output are actually equal. (For example the Attestation tests)

I hope we managed to fix or at least work around the already existing problem enough now. Those quite threw me off, when I started implementing this months ago. Thank you for your help with those!

andreas-hilti and others added 7 commits August 25, 2024 00:14
@andreas-hilti
several fixes for JSON tests
cb75e45 
Signed-off-by: andreas hilti <69210561+andreas-hilti@users.noreply.github.com>
@andreas-hilti
add some snapshots
b2f9b73 
Signed-off-by: andreas hilti <69210561+andreas-hilti@users.noreply.github.com>
@andreas-hilti
fix JSON validation
553e39b 
Signed-off-by: andreas hilti <69210561+andreas-hilti@users.noreply.github.com>
@andreas-hilti
support multiple EvidenceIdentities
896b8c8 
Signed-off-by: andreas hilti <69210561+andreas-hilti@users.noreply.github.com>
@andreas-hilti
add protobuf support for CBOM
49c0e4a 
Signed-off-by: andreas hilti <69210561+andreas-hilti@users.noreply.github.com>
@andreas-hilti
add missing snapshots
3318301 
Signed-off-by: andreas hilti <69210561+andreas-hilti@users.noreply.github.com>
@mtsfoni
CipherSuites via XmlArray with XmlArrayItem
41c7a28
@mtsfoni
Copy link
Contributor Author

mtsfoni commented Aug 25, 2024

@andreas-hilti

On another note, why did you introduce additional fields like CipherSuite.Algorithms_XML?

I think, that was my first attempt to solve the extra nesting level of lists in xml.
It seems to also work with XmlArray/XmlArrayItem - I willl change it.

One issue which fails several of the tests is that Evidence.Identity can now also be an array of EvidenceIdentities.

Looking into that now.

@mtsfoni
Copy link
Contributor Author

mtsfoni commented Aug 25, 2024

Looks like you already fixed Evidence.Identity?

mtsfoni and others added 3 commits August 25, 2024 11:41
@mtsfoni
FixcryptoProperties.ObjectId for JSON
10f4051
@mtsfoni
OID now in Snapshots
5596be0
@andreas-hilti
support tags for components and services
0b62590 
Signed-off-by: andreas hilti <69210561+andreas-hilti@users.noreply.github.com>
@andreas-hilti
Copy link
Contributor

Looks like you already fixed Evidence.Identity?

Yes, at least I tried.

mtsfoni and others added 2 commits August 25, 2024 12:04
@mtsfoni
Generated Implementation for Declarations
890fc65
@andreas-hilti
fix style
241de12 
Signed-off-by: andreas hilti <69210561+andreas-hilti@users.noreply.github.com>
mtsfoni and others added 8 commits September 1, 2024 14:02
@mtsfoni
Merge branch 'cdx1.6' into cdx1.6_fix_datetime_serialization
e2aa21a 
Signed-off-by: Michael Tsfoni <80639729+mtsfoni@users.noreply.github.com>
@mtsfoni
Merge pull request #341 from andreas-hilti/cdx1.6_fix_datetime_serial…
66a9f08 
…ization

Fix protobuf serialization of DateTime
@mtsfoni
Merge pull request #342 from andreas-hilti/cdx1.6_fix_lifecycle
2755793 
Fix protobuf serialization of lifecycle
@mtsfoni
Merge pull request #344 from andreas-hilti/cdx1.6_fix_protobuf_tools
6909e5a 
Fix protobuf serialization of component and service tools
@mtsfoni
Merge pull request #345 from andreas-hilti/cdx1.6_fix_enums
1903c63 
Fix several enum serializations
@andreas-hilti
Fix xml serialization for obsolete elements
c03f0f6 
Signed-off-by: andreas hilti <69210561+andreas-hilti@users.noreply.github.com>
@mtsfoni
merge attestations and standards
31112e8 
Signed-off-by: MTsfoni <mibau89@gmail.com>
@mtsfoni
missing added file
f6ea47b 
Signed-off-by: MTsfoni <mibau89@gmail.com>
@mtsfoni
address some codacy warnings
aee779e 
Signed-off-by: MTsfoni <mibau89@gmail.com>
mtsfoni and others added 4 commits September 7, 2024 15:01
@mtsfoni
Address Codacy Issue
2da2b93
@mtsfoni
Merge pull request #347 from CycloneDX/cdx1.6_mergeAttestationAndStan…
c2587df 
…dards

merge attestations and standards
@mtsfoni
- Add missing license headers
a0e6363 
- move protobuf compatibility level to protobuf serializer
- split up files to be one class per file
@mtsfoni
Test for merging attestation and standards
d619fce 
Signed-off-by: MTsfoni <mibau89@gmail.com>
mtsfoni and others added 11 commits September 8, 2024 11:26
@mtsfoni
Merge pull request #343 from andreas-hilti/cdx1.6_deprecations
78a1f74 
Add deprecations for component.author and metadata.manufacture
@mtsfoni
Add new locations of relevant types to EnumerateAll...-functions
2100346 
Signed-off-by: MTsfoni <mibau89@gmail.com>
@mtsfoni
Merge branch 'cdx1.6' of https://github.com/CycloneDX/cyclonedx-dotne…
30455bb 
…t-library into cdx1.6
@mtsfoni
codacy
dbb4307 
Signed-off-by: MTsfoni <mibau89@gmail.com>
@andreas-hilti
Fix JSON serialization of Ikev2TransformTypes
5d0fd96 
Signed-off-by: andreas hilti <69210561+andreas-hilti@users.noreply.github.com>
@andreas-hilti
Cleanup
95fc397 
Signed-off-by: andreas hilti <69210561+andreas-hilti@users.noreply.github.com>
@andreas-hilti
Enhance Signature
c06a8c7 
Signed-off-by: andreas hilti <69210561+andreas-hilti@users.noreply.github.com>
@andreas-hilti
Support multisignature and signaturechain
787f82c 
Signed-off-by: andreas hilti <69210561+andreas-hilti@users.noreply.github.com>
@mtsfoni
Merge pull request #354 from andreas-hilti/cdx1.6_cleanup
1439ffa 
Cleanup
@mtsfoni
Merge pull request #355 from andreas-hilti/cdx1.6_ikev2transformtypes
027f183 
Fix JSON serialization of Ikev2TransformTypes
@mtsfoni
Merge pull request #356 from andreas-hilti/cdx1.6_signature
93484e7 
Enhance Signature
@mtsfoni mtsfoni marked this pull request as ready for review September 14, 2024 15:46
@mtsfoni mtsfoni merged commit d1eacc2 into main Sep 14, 2024
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andreas-hilti andreas-hilti andreas-hilti left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mtsfoni @andreas-hilti