Add 1.6 to supported cyclonedx spec versions.

- Resolves anchore#2974 Signed-off-by: Rajan Agaskar <ragaskar@gmail.com>
ragaskar · Jun 20, 2024 · c995449 · c995449
1 parent 246df97
commit c995449
Show file tree

Hide file tree

Showing 4 changed files with 125 additions and 0 deletions.
diff --git a/syft/format/cyclonedxjson/test-fixtures/identify/1.6.json b/syft/format/cyclonedxjson/test-fixtures/identify/1.6.json
@@ -0,0 +1,59 @@
+{
+  "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.6",
+  "serialNumber": "urn:uuid:5208fea9-73dd-4624-b596-69fddccdb9e7",
+  "version": 1,
+  "metadata": {
+    "timestamp": "2023-09-29T12:02:02-04:00",
+    "tools": [
+      {
+        "vendor": "anchore",
+        "name": "syft",
+        "version": "[not provided]"
+      }
+    ],
+    "component": {
+      "bom-ref": "a0ff99a6af10f11f",
+      "type": "file",
+      "name": "go.mod",
+      "version": "sha256:sha256:dc333f342905248a52e424d8dfd061251d01867d01a4f9d7397144a775ff9ebd"
+    }
+  },
+  "components": [
+    {
+      "bom-ref": "pkg:golang/github.com/wagoodman/go-partybus@v0.0.0-20230516145632-8ccac152c651?package-id=2ff71a67fb024c86",
+      "type": "library",
+      "name": "github.com/wagoodman/go-partybus",
+      "version": "v0.0.0-20230516145632-8ccac152c651",
+      "cpe": "cpe:2.3:a:wagoodman:go-partybus:v0.0.0-20230516145632-8ccac152c651:*:*:*:*:*:*:*",
+      "purl": "pkg:golang/github.com/wagoodman/go-partybus@v0.0.0-20230516145632-8ccac152c651",
+      "properties": [
+        {
+          "name": "syft:package:foundBy",
+          "value": "go-module-file-cataloger"
+        },
+        {
+          "name": "syft:package:language",
+          "value": "go"
+        },
+        {
+          "name": "syft:package:metadataType",
+          "value": "GolangModMetadata"
+        },
+        {
+          "name": "syft:package:type",
+          "value": "go-module"
+        },
+        {
+          "name": "syft:cpe23",
+          "value": "cpe:2.3:a:wagoodman:go_partybus:v0.0.0-20230516145632-8ccac152c651:*:*:*:*:*:*:*"
+        },
+        {
+          "name": "syft:location:0:path",
+          "value": "/go.mod"
+        }
+      ]
+    }
+  ]
+}
diff --git a/syft/format/cyclonedxjson/test-fixtures/identify/micronaut-1.6.json b/syft/format/cyclonedxjson/test-fixtures/identify/micronaut-1.6.json
@@ -0,0 +1,28 @@
+{
+    "bomFormat": "CycloneDX",
+    "specVersion": "1.6",
+    "version": 1,
+    "components": [
+        {
+            "type": "library",
+            "group": "io.netty",
+            "name": "netty-codec-http2",
+            "version": "4.1.73.Final",
+            "properties": [
+                {
+                    "name": "syft:cpe23",
+                    "value": "cpe:2.3:a:codec:codec:4.1.73.Final:*:*:*:*:*:*:*"
+                },
+                {
+                    "name": "syft:cpe23",
+                    "value": "cpe:2.3:a:codec:netty-codec-http2:4.1.73.Final:*:*:*:*:*:*:*"
+                },
+                {
+                    "name": "syft:cpe23",
+                    "value": "cpe:2.3:a:codec:netty_codec_http2:4.1.73.Final:*:*:*:*:*:*:*"
+                }
+            ]
+        }
+    ],
+    "serialNumber": "urn:uuid:3eb5ec7a-cb05-4339-b873-e27b1c1efaba"
+}
diff --git a/syft/format/cyclonedxxml/test-fixtures/identify/1.6.xml b/syft/format/cyclonedxxml/test-fixtures/identify/1.6.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<bom xmlns="http://cyclonedx.org/schema/bom/1.6" serialNumber="urn:uuid:098e8516-ecd5-4130-9d5f-c32ba1ddb0dd" version="1">
+  <metadata>
+    <timestamp>2023-09-29T11:48:10-04:00</timestamp>
+    <tools>
+      <tool>
+        <vendor>anchore</vendor>
+        <name>syft</name>
+        <version>[not provided]</version>
+      </tool>
+    </tools>
+    <component bom-ref="a0ff99a6af10f11f" type="file">
+      <name>go.mod</name>
+      <version>sha256:sha256:dc333f342905248a52e424d8dfd061251d01867d01a4f9d7397144a775ff9ebd</version>
+    </component>
+  </metadata>
+  <components>
+    <component bom-ref="pkg:golang/github.com/wagoodman/go-partybus@v0.0.0-20230516145632-8ccac152c651?package-id=2ff71a67fb024c86" type="library">
+      <name>github.com/wagoodman/go-partybus</name>
+      <version>v0.0.0-20230516145632-8ccac152c651</version>
+      <cpe>cpe:2.3:a:wagoodman:go-partybus:v0.0.0-20230516145632-8ccac152c651:*:*:*:*:*:*:*</cpe>
+      <purl>pkg:golang/github.com/wagoodman/go-partybus@v0.0.0-20230516145632-8ccac152c651</purl>
+      <properties>
+        <property name="syft:package:foundBy">go-module-file-cataloger</property>
+        <property name="syft:package:language">go</property>
+        <property name="syft:package:metadataType">GolangModMetadata</property>
+        <property name="syft:package:type">go-module</property>
+        <property name="syft:cpe23">cpe:2.3:a:wagoodman:go_partybus:v0.0.0-20230516145632-8ccac152c651:*:*:*:*:*:*:*</property>
+        <property name="syft:location:0:path">/go.mod</property>
+      </properties>
+    </component>
+  </components>
+</bom>
diff --git a/syft/format/internal/cyclonedxutil/versions.go b/syft/format/internal/cyclonedxutil/versions.go
@@ -19,6 +19,7 @@ func SupportedVersions(id sbom.FormatID) []string {
 		"1.3",
 		"1.4",
 		"1.5",
+		"1.6",
 	}
 
 	if id != JSONFormatID {
@@ -43,6 +44,8 @@ func SpecVersionFromString(v string) (cyclonedx.SpecVersion, error) {
 		return cyclonedx.SpecVersion1_4, nil
 	case "1.5":
 		return cyclonedx.SpecVersion1_5, nil
+	case "1.6":
+		return cyclonedx.SpecVersion1_6, nil
 	}
 	return -1, fmt.Errorf("unsupported CycloneDX version %q", v)
 }
@@ -61,6 +64,8 @@ func VersionFromSpecVersion(spec cyclonedx.SpecVersion) string {
 		return "1.4"
 	case cyclonedx.SpecVersion1_5:
 		return "1.5"
+	case cyclonedx.SpecVersion1_6:
+		return "1.6"
 	}
 	return ""
 }