Make CyclondeDX SBOM processing language agnostic

Right now the CycloneDX SBOM processor [this line](https://github.com/oracle/macaron/blob/32f2f6d01763f867b7092faccc5e29b0970c0802/src/macaron/dependency_analyzer/cyclonedx.py#L170) that `group` field exists for a software component.

```python
key = f"{component.get('group')}:{component.get('name')}"
```

While this works for Maven packages, it might not work for other packages, such as Python, which do not have `group`s. We could use the `purl` field as the identifier. But because `purl` is also optional, we should use the other fields alternatively to account for that.

We need to make the  CycloneDX SBOM processor language agnostic and use the official [CycloneDX library](https://github.com/CycloneDX/cyclonedx-python-lib) to validate and deserialize BOM files. See the TODO item [here](https://github.com/oracle/macaron/blob/32f2f6d01763f867b7092faccc5e29b0970c0802/src/macaron/dependency_analyzer/cyclonedx.py#L44).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Make CyclondeDX SBOM processing language agnostic #464

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Make CyclondeDX SBOM processing language agnostic #464

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions