Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add manufacturer and authors #171

Merged
merged 1 commit into from
May 29, 2024
Merged

feat: add manufacturer and authors #171

merged 1 commit into from
May 29, 2024

Conversation

snyk-tim
Copy link
Contributor

@snyk-tim snyk-tim commented May 20, 2024
edited
Loading

  • adds manufacturer field to Metadata and Component
  • adds authors field to Component
  • adds roundtrip testdata for above

@snyk-tim snyk-tim requested a review from a team as a code owner May 20, 2024 10:50
@snyk-tim snyk-tim force-pushed the feat/add-manufacturer-authors branch from 1cacdd9 to 1760245 Compare May 20, 2024 10:51
mcombuechen
mcombuechen reviewed May 21, 2024
View reviewed changes
Copy link
Contributor

@mcombuechen mcombuechen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to add logic to convert.go to achieve backwards compatibility for spec versions lower than 1.6? Also, would it make sense to convert a possibly present Component.Manufacturer to Component.Manufacture?

@nscuro
Copy link
Member

nscuro commented May 21, 2024

Also, would it make sense to convert a possibly present Component.Manufacturer to Component.Manufacture?

I have asked my fellow CycloneDX maintainers how to deal with the deprecated Metadata.Manufacture. It's a bit confusing that the deprecation notice recommends to use Component.Manufacturer instead when Metadata.Manufacturer exists as well...

@snyk-tim
Copy link
Contributor Author

I have asked my fellow CycloneDX maintainers how to deal with the deprecated Metadata.Manufacture.

Thank you

It's a bit confusing that the deprecation notice recommends to use Component.Manufacturer instead when Metadata.Manufacturer exists as well...

Yes I had the same thoughts. This follows the advice from the decouple metadata Spec PR where the message appears in the Changes summary and in each of the three schema files (XSD, JSON Schema and protobuf)

@jkowalleck
Copy link
Member

jkowalleck commented May 21, 2024
edited
Loading

regarding $.metadata.manufacture: this is - per description/spec - the value that describes the manufacturer of the root component.
It is deprecated in favor of the new $.metadata.component.manufacturer.

do not mistake the deprecated $.metadata.manufacture for the new $.metadata.manufacturer.
$.metadata.manufacturer is the manufacturer of the bom - similar to the new $.metadata.authors which is the author of the bom.

please read the spec/descriptions, do not simply make assumptions.

@snyk-tim snyk-tim force-pushed the feat/add-manufacturer-authors branch from b2dd8f4 to 2eb8d92 Compare May 22, 2024 11:12
@mcombuechen
Copy link
Contributor

@jkowalleck sorry, I take the blame for this one; my initial suggestion does not make any sense. I meant a conversion of $.metadata.manufacturer when converting to lower specs; but as you already pointed out, this does not make sense either.

@snyk-tim snyk-tim force-pushed the feat/add-manufacturer-authors branch from 2eb8d92 to 8a776f7 Compare May 28, 2024 08:59
@snyk-tim
Copy link
Contributor Author

👋 Hi, is there anything stopping this from being approved and to get it merged into the spec/1.6 branch? 🙏

@jkowalleck jkowalleck requested a review from mcombuechen May 28, 2024 11:30
nscuro
nscuro reviewed May 29, 2024
View reviewed changes
cyclonedx.go Outdated Show resolved Hide resolved
cyclonedx.go Outdated Show resolved Hide resolved
@snyk-tim
feat: add manufacturer and authors
b5d3595 
- adds manufacturer field to Metadata and Component
- adds authors field to Component
- adds roundtrip testdata for above

Signed-off-by: Tim Pickles <tim.pickles@snyk.io>
@snyk-tim snyk-tim force-pushed the feat/add-manufacturer-authors branch from 8a776f7 to b5d3595 Compare May 29, 2024 16:39
@nscuro nscuro added enhancement New feature or request spec/1.6 labels May 29, 2024
@nscuro nscuro merged commit 38c0c0b into CycloneDX:spec/1.6 May 29, 2024
3 checks passed
@mcombuechen mcombuechen deleted the feat/add-manufacturer-authors branch June 21, 2024 09:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nscuro nscuro nscuro approved these changes

@mcombuechen mcombuechen Awaiting requested review from mcombuechen

Assignees
No one assigned
Labels
enhancement New feature or request spec/1.6
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@snyk-tim @nscuro @jkowalleck @mcombuechen