diff --git a/go.mod b/go.mod index eeb9e3c2..2806fbf3 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/Masterminds/semver/v3 v3.2.0 github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501 - github.com/anchore/syft v0.68.0 + github.com/anchore/syft v0.68.1 github.com/apex/log v1.9.0 github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 github.com/gabriel-vasile/mimetype v1.4.1 @@ -16,7 +16,7 @@ require ( github.com/pelletier/go-toml v1.9.5 github.com/sclevine/spec v1.4.0 github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e - github.com/spdx/tools-golang v0.3.1-0.20221108182156-8a01147e6342 + github.com/spdx/tools-golang v0.4.0 github.com/stretchr/testify v1.8.1 github.com/ulikunitz/xz v0.5.11 ) diff --git a/go.sum b/go.sum index 6254ca31..64f1e33c 100644 --- a/go.sum +++ b/go.sum @@ -420,11 +420,10 @@ github.com/DataDog/zstd v1.4.5/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t github.com/GoogleCloudPlatform/docker-credential-gcr v2.0.5+incompatible/go.mod h1:BB1eHdMLYEFuFdBlRMb0N7YGVdM5s6Pt0njxgvfbGGs= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= -github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g= github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= -github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8= -github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk= +github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA= +github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= @@ -483,8 +482,8 @@ github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501 h1:AV7qjwM github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4= github.com/anchore/stereoscope v0.0.0-20221208011002-c5ff155d72f1 h1:DXUAm/H9chRTEzMfkFyduBIcCiJyFXhCmv3zH3C0HGs= github.com/anchore/stereoscope v0.0.0-20221208011002-c5ff155d72f1/go.mod h1:/zjVnu2Jdl7xQCUtASegzeEg+IHKrM7SyMqdao3e+Nc= -github.com/anchore/syft v0.68.0 h1:B9yY5WIFhBILdKJdcYH0Z001HSPu5kAI6+4KqOLvGyk= -github.com/anchore/syft v0.68.0/go.mod h1:siboayVnsGNMxbqfM+4YLDsVajIl8Bg61MawJxg1sV0= +github.com/anchore/syft v0.68.1 h1:lXRSy51cCwOhlXyFYJppiHuOx+Aj59l9vIr9QwRXwXQ= +github.com/anchore/syft v0.68.1/go.mod h1:8V+ty9yieYYjEL3wQkcQC1EfEy+yM+VXLnkqpXie1FQ= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y= github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY= @@ -745,8 +744,9 @@ github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4Kfc github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.10+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.12+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v20.10.20+incompatible h1:kH9tx6XO+359d+iAkumyKDc5Q1kOwPuAUaeri48nD6E= github.com/docker/docker v20.10.20+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v20.10.23+incompatible h1:1ZQUUYAdh+oylOT85aA2ZcfRp22jmLhoaEcVEfK8dyA= +github.com/docker/docker v20.10.23+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= @@ -767,8 +767,9 @@ github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 h1:iFaUwBSo5Svw6L github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5/go.mod h1:qssHWj60/X5sZFNxpG4HBPDHVqxNm4DfnCKgrbZOT+s= github.com/dsnet/golib v0.0.0-20171103203638-1ea166775780/go.mod h1:Lj+Z9rebOhdfkVLjJ8T6VcRQv3SXugXy999NBtR9aFY= github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= +github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= +github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= @@ -928,8 +929,8 @@ github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0= github.com/google/go-containerregistry v0.7.0/go.mod h1:2zaoelrL0d08gGbpdP3LqyUuBmhWbpD6IOe2s9nLS2k= -github.com/google/go-containerregistry v0.12.1 h1:W1mzdNUTx4Zla4JaixCRLhORcR7G6KxE5hHl5fkPsp8= -github.com/google/go-containerregistry v0.12.1/go.mod h1:sdIK+oHQO7B93xI8UweYdl887YhuIwg9vz8BSLH3+8k= +github.com/google/go-containerregistry v0.13.0 h1:y1C7Z3e149OJbOPDBxLYR8ITPz8dTKqQwjErKVHJC8k= +github.com/google/go-containerregistry v0.13.0/go.mod h1:J9FQ+eSS4a1aC2GNZxvNpbWhgp0487v+cgiilB4FqDo= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -1050,9 +1051,8 @@ github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKEN github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= github.com/hashicorp/serf v0.10.1/go.mod h1:yL2t6BqATOLGc5HF7qbFkTfXoPIY0WZdWHfEvMqbG+4= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= -github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw= -github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= +github.com/huandu/xstrings v1.3.3 h1:/Gcsuc1x8JVbJ9/rlye4xZnVAbEkGauT8lbebqcQws4= +github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/iancoleman/orderedmap v0.0.0-20190318233801-ac98e3ecb4b0/go.mod h1:N0Wam8K1arqPXNWjMo21EXnBPOPp36vB07FNRdD2geA= github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= @@ -1445,8 +1445,8 @@ github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4k github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb/go.mod h1:uKWaldnbMnjsSAXRurWqqrdyZen1R7kxl8TkmWk2OyM= -github.com/spdx/tools-golang v0.3.1-0.20221108182156-8a01147e6342 h1:6uvaOTv4GeRqQV6O1/znbpziqhctMRLTy3OGeZrNMic= -github.com/spdx/tools-golang v0.3.1-0.20221108182156-8a01147e6342/go.mod h1:VHzvNsKAfAGqs4ZvwRL+7a0dNsL20s7lGui4K9C0xQM= +github.com/spdx/tools-golang v0.4.0 h1:jdhnW8zYelURCbYTphiviFKZkWu51in0E4A1KT2csP0= +github.com/spdx/tools-golang v0.4.0/go.mod h1:VHzvNsKAfAGqs4ZvwRL+7a0dNsL20s7lGui4K9C0xQM= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4= @@ -1658,7 +1658,6 @@ golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -1672,8 +1671,9 @@ golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= +golang.org/x/crypto v0.3.0 h1:a06MkbcxBrEFc0w0QIZWXrH/9cCX6KJyWbBOIwAn+7A= +golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= diff --git a/sbom/formatted_reader_test.go b/sbom/formatted_reader_test.go index 4afc7ad8..0f388542 100644 --- a/sbom/formatted_reader_test.go +++ b/sbom/formatted_reader_test.go @@ -119,8 +119,8 @@ func testFormattedReader(t *testing.T, context spec.G, it spec.S) { // Ensures pretty printing Expect(buffer.String()).To(ContainSubstring(`{ - "Reviews": null, - "SPDXID": "SPDXRef-DOCUMENT"`)) + "SPDXID": "SPDXRef-DOCUMENT", + "creationInfo": {`)) var spdxOutput spdxOutput @@ -137,7 +137,7 @@ func testFormattedReader(t *testing.T, context spec.G, it spec.S) { Expect(spdxOutput.Packages[5].Name).To(Equal("wrappy"), buffer.String()) // Ensure documentNamespace and creationInfo.created have reproducible values - Expect(spdxOutput.DocumentNamespace).To(Equal("https://paketo.io/packit/dir/testdata-d359f27c-86a7-5551-b971-9c7afd003959"), buffer.String()) + Expect(spdxOutput.DocumentNamespace).To(Equal("https://paketo.io/packit/dir/testdata-e3c5c6c0-975c-50ad-ba89-6c690c58f329"), buffer.String()) Expect(spdxOutput.CreationInfo.Created).To(BeZero(), buffer.String()) rerunBuffer := bytes.NewBuffer(nil) @@ -186,7 +186,7 @@ func testFormattedReader(t *testing.T, context spec.G, it spec.S) { Expect(spdxOutput.Packages[5].Name).To(Equal("wrappy"), buffer.String()) // Ensure documentNamespace and creationInfo.created have reproducible values - Expect(spdxOutput.DocumentNamespace).To(Equal("https://paketo.io/packit/dir/testdata-c6ae45ee-2cee-584a-b637-9de3c8486856"), buffer.String()) + Expect(spdxOutput.DocumentNamespace).To(Equal("https://paketo.io/packit/dir/testdata-69392e4a-5484-50ba-babd-d21c6d13d9a3"), buffer.String()) Expect(spdxOutput.CreationInfo.Created).To(Equal(time.Unix(1659551872, 0).UTC()), buffer.String()) rerunBuffer := bytes.NewBuffer(nil) diff --git a/sbom/internal/formats/spdx22/encoder_test.go b/sbom/internal/formats/spdx22/encoder_test.go index 3e06d0c4..a80910f0 100644 --- a/sbom/internal/formats/spdx22/encoder_test.go +++ b/sbom/internal/formats/spdx22/encoder_test.go @@ -45,14 +45,13 @@ func TestSPDXRelationshipOrder(t *testing.T) { spdxJsonRedactor, ) } - func spdxJsonRedactor(s []byte) []byte { // each SBOM reports the time it was generated, which is not useful during snapshot testing - s = regexp.MustCompile(`"created":\s+"[^"]*",?`).ReplaceAll(s, []byte("")) + s = regexp.MustCompile(`"created":\s+"[^"]*"`).ReplaceAll(s, []byte(`"created":""`)) // each SBOM reports a unique documentNamespace when generated, this is not useful for snapshot testing - s = regexp.MustCompile(`"documentNamespace":\s+"[^"]*",?`).ReplaceAll(s, []byte("")) + s = regexp.MustCompile(`"documentNamespace":\s+"[^"]*"`).ReplaceAll(s, []byte(`"documentNamespace":""`)) // the license list will be updated periodically, the value here should not be directly tested in snapshot tests - return regexp.MustCompile(`"licenseListVersion":\s+"[^"]*",?`).ReplaceAll(s, []byte("")) + return regexp.MustCompile(`"licenseListVersion":\s+"[^"]*"`).ReplaceAll(s, []byte(`"licenseListVersion":""`)) } diff --git a/sbom/internal/formats/spdx22/test-fixtures/snapshot/TestSPDXJSONDirectoryEncoder.golden b/sbom/internal/formats/spdx22/test-fixtures/snapshot/TestSPDXJSONDirectoryEncoder.golden index b3698319..fa1c3a44 100644 --- a/sbom/internal/formats/spdx22/test-fixtures/snapshot/TestSPDXJSONDirectoryEncoder.golden +++ b/sbom/internal/formats/spdx22/test-fixtures/snapshot/TestSPDXJSONDirectoryEncoder.golden @@ -1,96 +1,76 @@ { - "spdxVersion": "SPDX-2.2", - "dataLicense": "CC0-1.0", - "SPDXID": "SPDXRef-DOCUMENT", - "name": "/some/path", - "documentNamespace": "https://anchore.com/syft/dir/some/path-3005bc26-568d-4d19-80c1-c954ac36b7f8", - "creationInfo": { - "licenseListVersion": "3.16", - "creators": [ - "Organization: Anchore, Inc", - "Tool: syft-v0.42.0-bogus" - ], - "created": "2023-01-12T20:22:07Z", - "comment": "" - }, - "packages": [ + "spdxVersion": "SPDX-2.2", + "dataLicense": "CC0-1.0", + "SPDXID": "SPDXRef-DOCUMENT", + "name": "/some/path", + "documentNamespace": "https://anchore.com/syft/dir/some/path-0567e7df-bcf5-4ee0-8565-ca4f9ecc7f0d", + "creationInfo": { + "licenseListVersion": "3.16", + "creators": [ + "Organization: Anchore, Inc", + "Tool: syft-v0.42.0-bogus" + ], + "created": "2023-01-26T15:28:14Z" + }, + "packages": [ + { + "name": "package-1", + "SPDXID": "SPDXRef-Package-python-package-1-1b1d0be59ac59d2c", + "versionInfo": "1.0.1", + "downloadLocation": "NOASSERTION", + "packageVerificationCode": { + "packageVerificationCodeValue": "" + }, + "sourceInfo": "acquired package info from installed python package manifest file: /some/path/pkg1", + "licenseConcluded": "MIT", + "licenseInfoFromFiles": null, + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ { - "IsUnpackaged": false, - "name": "package-1", - "SPDXID": "SPDXRef-Package-python-package-1-1b1d0be59ac59d2c", - "versionInfo": "1.0.1", - "downloadLocation": "NOASSERTION", - "IsFilesAnalyzedTagPresent": true, - "packageVerificationCode": { - "packageVerificationCodeValue": "" - }, - "checksums": null, - "sourceInfo": "acquired package info from installed python package manifest file: /some/path/pkg1", - "licenseConcluded": "MIT", - "licenseInfoFromFiles": null, - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*", - "comment": "" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "a-purl-2", - "comment": "" - } - ], - "Files": null, - "annotations": null + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*" }, { - "IsUnpackaged": false, - "name": "package-2", - "SPDXID": "SPDXRef-Package-deb-package-2-db4abfe497c180d3", - "versionInfo": "2.0.1", - "downloadLocation": "NOASSERTION", - "IsFilesAnalyzedTagPresent": true, - "packageVerificationCode": { - "packageVerificationCodeValue": "" - }, - "checksums": null, - "sourceInfo": "acquired package info from DPKG DB: /some/path/pkg1", - "licenseConcluded": "NONE", - "licenseInfoFromFiles": null, - "licenseDeclared": "NONE", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*", - "comment": "" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:deb/debian/package-2@2.0.1", - "comment": "" - } - ], - "Files": null, - "annotations": null + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "a-purl-2" } - ], - "files": null, - "hasExtractedLicensingInfos": null, - "relationships": [ + ] + }, + { + "name": "package-2", + "SPDXID": "SPDXRef-Package-deb-package-2-db4abfe497c180d3", + "versionInfo": "2.0.1", + "downloadLocation": "NOASSERTION", + "packageVerificationCode": { + "packageVerificationCodeValue": "" + }, + "sourceInfo": "acquired package info from DPKG DB: /some/path/pkg1", + "licenseConcluded": "NONE", + "licenseInfoFromFiles": null, + "licenseDeclared": "NONE", + "copyrightText": "NOASSERTION", + "externalRefs": [ { - "spdxElementId": "SPDXRef-DOCUMENT", - "relatedSpdxElement": "SPDXRef-DOCUMENT", - "relationshipType": "DESCRIBES" + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:deb/debian/package-2@2.0.1" } - ], - "annotations": null, - "snippets": null, - "Reviews": null + ] + } + ], + "relationships": [ + { + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-DOCUMENT", + "relationshipType": "DESCRIBES" + } + ] } diff --git a/sbom/internal/formats/spdx22/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden b/sbom/internal/formats/spdx22/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden index db68e57b..614db67b 100644 --- a/sbom/internal/formats/spdx22/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden +++ b/sbom/internal/formats/spdx22/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden @@ -3,28 +3,24 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "user-image-input", - "documentNamespace": "https://anchore.com/syft/image/user-image-input-c725d1a0-94bc-4c99-92ac-250ce6b80a1c", + "documentNamespace": "https://anchore.com/syft/image/user-image-input-1aca09fa-755d-453d-9bdf-481b438f386b", "creationInfo": { "licenseListVersion": "3.16", "creators": [ "Organization: Anchore, Inc", "Tool: syft-v0.42.0-bogus" ], - "created": "2023-01-12T20:40:56Z", - "comment": "" + "created": "2023-01-26T15:31:27Z" }, "packages": [ { - "IsUnpackaged": false, "name": "package-1", "SPDXID": "SPDXRef-Package-python-package-1-66ba429119b8bec6", "versionInfo": "1.0.1", "downloadLocation": "NOASSERTION", - "IsFilesAnalyzedTagPresent": true, "packageVerificationCode": { "packageVerificationCodeValue": "" }, - "checksums": null, "sourceInfo": "acquired package info from installed python package manifest file: /somefile-1.txt", "licenseConcluded": "MIT", "licenseInfoFromFiles": null, @@ -34,30 +30,23 @@ { "referenceCategory": "SECURITY", "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:*:some:package:1:*:*:*:*:*:*:*", - "comment": "" + "referenceLocator": "cpe:2.3:*:some:package:1:*:*:*:*:*:*:*" }, { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "a-purl-1", - "comment": "" + "referenceLocator": "a-purl-1" } - ], - "Files": null, - "annotations": null + ] }, { - "IsUnpackaged": false, "name": "package-2", "SPDXID": "SPDXRef-Package-deb-package-2-958443e2d9304af4", "versionInfo": "2.0.1", "downloadLocation": "NOASSERTION", - "IsFilesAnalyzedTagPresent": true, "packageVerificationCode": { "packageVerificationCodeValue": "" }, - "checksums": null, "sourceInfo": "acquired package info from DPKG DB: /somefile-2.txt", "licenseConcluded": "NONE", "licenseInfoFromFiles": null, @@ -67,30 +56,21 @@ { "referenceCategory": "SECURITY", "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*", - "comment": "" + "referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*" }, { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:deb/debian/package-2@2.0.1", - "comment": "" + "referenceLocator": "pkg:deb/debian/package-2@2.0.1" } - ], - "Files": null, - "annotations": null + ] } ], - "files": null, - "hasExtractedLicensingInfos": null, "relationships": [ { "spdxElementId": "SPDXRef-DOCUMENT", "relatedSpdxElement": "SPDXRef-DOCUMENT", "relationshipType": "DESCRIBES" } - ], - "annotations": null, - "snippets": null, - "Reviews": null + ] } diff --git a/sbom/internal/formats/spdx22/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden b/sbom/internal/formats/spdx22/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden index aefeba69..5b444d6d 100644 --- a/sbom/internal/formats/spdx22/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden +++ b/sbom/internal/formats/spdx22/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden @@ -3,28 +3,24 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "user-image-input", - "documentNamespace": "https://anchore.com/syft/image/user-image-input-96922b5d-0ec8-47ec-9aa6-d4fbb53286a5", + "documentNamespace": "https://anchore.com/syft/image/user-image-input-6c400694-c3e4-46f9-a7e7-9e826c9ced8b", "creationInfo": { "licenseListVersion": "3.16", "creators": [ "Organization: Anchore, Inc", "Tool: syft-v0.42.0-bogus" ], - "created": "2023-01-12T20:42:55Z", - "comment": "" + "created": "2023-01-26T15:33:01Z" }, "packages": [ { - "IsUnpackaged": false, "name": "package-1", "SPDXID": "SPDXRef-Package-python-package-1-66ba429119b8bec6", "versionInfo": "1.0.1", "downloadLocation": "NOASSERTION", - "IsFilesAnalyzedTagPresent": true, "packageVerificationCode": { "packageVerificationCodeValue": "" }, - "checksums": null, "sourceInfo": "acquired package info from installed python package manifest file: /somefile-1.txt", "licenseConcluded": "MIT", "licenseInfoFromFiles": null, @@ -34,30 +30,23 @@ { "referenceCategory": "SECURITY", "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:*:some:package:1:*:*:*:*:*:*:*", - "comment": "" + "referenceLocator": "cpe:2.3:*:some:package:1:*:*:*:*:*:*:*" }, { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "a-purl-1", - "comment": "" + "referenceLocator": "a-purl-1" } - ], - "Files": null, - "annotations": null + ] }, { - "IsUnpackaged": false, "name": "package-2", "SPDXID": "SPDXRef-Package-deb-package-2-958443e2d9304af4", "versionInfo": "2.0.1", "downloadLocation": "NOASSERTION", - "IsFilesAnalyzedTagPresent": true, "packageVerificationCode": { "packageVerificationCodeValue": "" }, - "checksums": null, "sourceInfo": "acquired package info from DPKG DB: /somefile-2.txt", "licenseConcluded": "NONE", "licenseInfoFromFiles": null, @@ -67,18 +56,14 @@ { "referenceCategory": "SECURITY", "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*", - "comment": "" + "referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*" }, { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:deb/debian/package-2@2.0.1", - "comment": "" + "referenceLocator": "pkg:deb/debian/package-2@2.0.1" } - ], - "Files": null, - "annotations": null + ] } ], "files": [ @@ -179,7 +164,6 @@ "copyrightText": "" } ], - "hasExtractedLicensingInfos": null, "relationships": [ { "spdxElementId": "SPDXRef-Package-python-package-1-66ba429119b8bec6", @@ -216,8 +200,5 @@ "relatedSpdxElement": "SPDXRef-DOCUMENT", "relationshipType": "DESCRIBES" } - ], - "annotations": null, - "snippets": null, - "Reviews": null + ] }