feat: add extended support for Definitions #713
Conversation
hakandilek
force-pushed
the
feat/bom.definitions-full
branch
2 times, most recently
from
19ea024
to
2d420c9
Compare
hakandilek
force-pushed
the
feat/bom.definitions-full
branch
2 times, most recently
from
18f2630
to
8145a51
Compare
hakandilek
force-pushed
the
feat/bom.definitions-full
branch
from
8145a51
to
b362feb
Compare
| An optional identifier which can be used to reference the requirement elsewhere in the BOM. | ||
| Every bom-ref MUST be unique within the BOM. | ||
|
|
||
| If a value was not provided in the constructor, a UUIDv4 will have been assigned. |
There was a problem hiding this comment.
If a value was not provided in the constructor, a UUIDv4 will have been assigned.
has this been tested?
There was a problem hiding this comment.
Now introduced some additional tests for this in cyclonedx/model/definition.py
There was a problem hiding this comment.
but still, there is not UUIDv4 assigned.
There was a problem hiding this comment.
just remove this line and you are good.
(just like it was removed in other places: #733)
There was a problem hiding this comment.
I mean, if you actually intended to have these bom-refs being non-null on rendering, like we do for components, then you should hook into BomRefDiscriminator.from_bom()
There was a problem hiding this comment.
Ah ok, I see now your point.
I think assigning a non-required field automatically would cause a lot more problems in the downstream later on. I also do not have a scenario how to reference/use a bom-ref of a requirement elsewhere within the BOM. I'll just remove the lines.
There was a problem hiding this comment.
also do not have a scenario how to reference/use a bom-ref of a requirement elsewhere within the BOM.
Here is one: $.declarations.attestations[].map[].requirement - https://cyclonedx.org/docs/1.6/json/#declarations_attestations_items_map_items_requirement
The bom-ref to the requirement being attested to.
PS: This is in fact a very good reason to auto-populate this specific bom-refs on rendering. The same why we auto-populate bom-refs of components & services, as they could be used in a dependency tree.
for CycloneDX#697 Signed-off-by: Hakan Dilek <hakandilek@gmail.com>
Signed-off-by: Hakan Dilek <hakandilek@gmail.com>
Signed-off-by: Hakan Dilek <hakandilek@gmail.com>
hakandilek
force-pushed
the
feat/bom.definitions-full
branch
from
b362feb
to
1816586
Compare
This PR builds on top of #701 to create extended elements for the
bom.definitions.standardslike:depends on: #701
is part of: #696