-
-
Notifications
You must be signed in to change notification settings - Fork 60
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #413 from CycloneDX/issue408_externalReference
Fix Issue with Serialization for ExternalReferences at Bom Level
- Loading branch information
Showing
5 changed files
with
169 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
60 changes: 60 additions & 0 deletions
60
src/test/resources/regression/issue408-external-reference.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
{ | ||
"bomFormat" : "CycloneDX", | ||
"specVersion" : "1.6", | ||
"serialNumber" : "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", | ||
"version" : 1, | ||
"components" : [ | ||
{ | ||
"group" : "org.example", | ||
"name" : "mylibrary", | ||
"version" : "1.0.0", | ||
"externalReferences" : [ | ||
{ | ||
"type" : "advisories", | ||
"url" : "https://example.org/security/feed/csaf", | ||
"comment" : "Security advisories from the vendor" | ||
}, | ||
{ | ||
"type" : "bom", | ||
"url" : "https://example.org/support/sbom/portal-server/1.0.0", | ||
"comment" : "An external SBOM that describes what this component includes", | ||
"hashes" : [ | ||
{ | ||
"alg" : "SHA-256", | ||
"content" : "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" | ||
} | ||
] | ||
}, | ||
{ | ||
"type" : "documentation", | ||
"url" : "https://example.org/support/documentation/portal-server/1.0.0", | ||
"comment" : "Vendor provided documentation for the product" | ||
} | ||
], | ||
"type" : "library" | ||
} | ||
], | ||
"externalReferences" : [ | ||
{ | ||
"type" : "advisories", | ||
"url" : "https://example.org/security/feed/csaf", | ||
"comment" : "Security advisories from the vendor" | ||
}, | ||
{ | ||
"type" : "bom", | ||
"url" : "https://example.org/support/sbom/portal-server/1.0.0", | ||
"comment" : "An external SBOM that describes what this component includes", | ||
"hashes" : [ | ||
{ | ||
"alg" : "SHA-256", | ||
"content" : "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" | ||
} | ||
] | ||
}, | ||
{ | ||
"type" : "documentation", | ||
"url" : "https://example.org/support/documentation/portal-server/1.0.0", | ||
"comment" : "Vendor provided documentation for the product" | ||
} | ||
] | ||
} |
44 changes: 44 additions & 0 deletions
44
src/test/resources/regression/issue408-external-reference.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
<?xml version="1.0"?> | ||
<bom serialNumber="urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" version="1" xmlns="http://cyclonedx.org/schema/bom/1.3"> | ||
<components> | ||
<component type="library"> | ||
<group>org.example</group> | ||
<name>mylibrary</name> | ||
<version>1.0.0</version> | ||
<externalReferences> | ||
<reference type="advisories"> | ||
<url>https://example.org/security/feed/csaf</url> | ||
<comment>Security advisories from the vendor</comment> | ||
</reference> | ||
<reference type="bom"> | ||
<url>https://example.org/support/sbom/portal-server/1.0.0</url> | ||
<comment>An external SBOM that describes what this component includes</comment> | ||
<hashes> | ||
<hash alg="SHA-256">f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b</hash> | ||
</hashes> | ||
</reference> | ||
<reference type="documentation"> | ||
<url>https://example.org/support/documentation/portal-server/1.0.0</url> | ||
<comment>Vendor provided documentation for the product</comment> | ||
</reference> | ||
</externalReferences> | ||
</component> | ||
</components> | ||
<externalReferences> | ||
<reference type="advisories"> | ||
<url>https://example.org/security/feed/csaf</url> | ||
<comment>Security advisories from the vendor</comment> | ||
</reference> | ||
<reference type="bom"> | ||
<url>https://example.org/support/sbom/portal-server/1.0.0</url> | ||
<comment>An external SBOM that describes what this component includes</comment> | ||
<hashes> | ||
<hash alg="SHA-256">f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b</hash> | ||
</hashes> | ||
</reference> | ||
<reference type="documentation"> | ||
<url>https://example.org/support/documentation/portal-server/1.0.0</url> | ||
<comment>Vendor provided documentation for the product</comment> | ||
</reference> | ||
</externalReferences> | ||
</bom> |