Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: CycloneDX/cyclonedx-go
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.6.0
Choose a base ref
...
head repository: CycloneDX/cyclonedx-go
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v0.7.0
Choose a head ref
2 contributors

Commits on Jun 7, 2022

  1. build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 

    Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.1 to 1.7.2.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](stretchr/testify@v1.7.1...v1.7.2)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot
    dependabot[bot] authored Jun 7, 2022
    Copy the full SHA
    bff00ef View commit details

Commits on Jun 9, 2022

  1. Merge pull request #43 from CycloneDX/dependabot/go_modules/github.co… 

    …m/stretchr/testify-1.7.2

build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2
    @nscuro
    nscuro authored Jun 9, 2022
    Copy the full SHA
    6223cca View commit details

  2. build(deps): bump actions/setup-go from 3.1.0 to 3.2.0 

    Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@v3.1.0...v3.2.0)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot
    dependabot[bot] authored Jun 9, 2022
    Copy the full SHA
    f43660c View commit details

  3. Merge pull request #42 from CycloneDX/dependabot/github_actions/actio… 

    …ns/setup-go-3.2.0

build(deps): bump actions/setup-go from 3.1.0 to 3.2.0
    @nscuro
    nscuro authored Jun 9, 2022
    Copy the full SHA
    f55046c View commit details

  4. build(deps): bump goreleaser/goreleaser-action from 2 to 3 

    Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 2 to 3.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](goreleaser/goreleaser-action@v2...v3)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot
    dependabot[bot] authored Jun 9, 2022
    Copy the full SHA
    b83bbe8 View commit details

  5. Merge pull request #41 from CycloneDX/dependabot/github_actions/gorel… 

    …easer/goreleaser-action-3

build(deps): bump goreleaser/goreleaser-action from 2 to 3
    @nscuro
    nscuro authored Jun 9, 2022
    Copy the full SHA
    4482900 View commit details

Commits on Jun 21, 2022

  1. build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.4 

    Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.2 to 1.7.4.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](stretchr/testify@v1.7.2...v1.7.4)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot
    dependabot[bot] authored Jun 21, 2022
    Copy the full SHA
    fc11b56 View commit details

  2. Merge pull request #44 from CycloneDX/dependabot/go_modules/github.co… 

    …m/stretchr/testify-1.7.4

build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.4
    @nscuro
    nscuro authored Jun 21, 2022
    Copy the full SHA
    fbc2df4 View commit details

Commits on Jun 24, 2022

  1. build(deps): bump github.com/stretchr/testify from 1.7.4 to 1.7.5 

    Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.4 to 1.7.5.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](stretchr/testify@v1.7.4...v1.7.5)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot
    dependabot[bot] authored Jun 24, 2022
    Copy the full SHA
    f521d75 View commit details

  2. Merge pull request #45 from CycloneDX/dependabot/go_modules/github.co… 

    …m/stretchr/testify-1.7.5

build(deps): bump github.com/stretchr/testify from 1.7.4 to 1.7.5
    @nscuro
    nscuro authored Jun 24, 2022
    Copy the full SHA
    1d74b37 View commit details

Commits on Jun 30, 2022

  1. build(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0 

    Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.5 to 1.8.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](stretchr/testify@v1.7.5...v1.8.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot
    dependabot[bot] authored Jun 30, 2022
    Copy the full SHA
    d5d1ab6 View commit details

  2. Merge pull request #46 from CycloneDX/dependabot/go_modules/github.co… 

    …m/stretchr/testify-1.8.0

build(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0
    @nscuro
    nscuro authored Jun 30, 2022
    Copy the full SHA
    de6bc07 View commit details

Commits on Jul 11, 2022

  1. build(deps): bump apache/skywalking-eyes from 0.3.0 to 0.4.0 

    Bumps [apache/skywalking-eyes](https://github.com/apache/skywalking-eyes) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/apache/skywalking-eyes/releases)
- [Changelog](https://github.com/apache/skywalking-eyes/blob/main/CHANGES.md)
- [Commits](apache/skywalking-eyes@v0.3.0...v0.4.0)

---
updated-dependencies:
- dependency-name: apache/skywalking-eyes
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot
    dependabot[bot] authored Jul 11, 2022
    Copy the full SHA
    4dddf51 View commit details

Commits on Jul 13, 2022

  1. Merge pull request #47 from CycloneDX/dependabot/github_actions/apach… 

    …e/skywalking-eyes-0.4.0

build(deps): bump apache/skywalking-eyes from 0.3.0 to 0.4.0
    @nscuro
    nscuro authored Jul 13, 2022
    Copy the full SHA
    549cbad View commit details

  2. build(deps): bump actions/setup-go from 3.2.0 to 3.2.1 

    Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.2.0 to 3.2.1.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@v3.2.0...v3.2.1)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot
    dependabot[bot] authored Jul 13, 2022
    Copy the full SHA
    2458312 View commit details

  3. Merge pull request #48 from CycloneDX/dependabot/github_actions/actio… 

    …ns/setup-go-3.2.1

build(deps): bump actions/setup-go from 3.2.0 to 3.2.1
    @nscuro
    nscuro authored Jul 13, 2022
    Copy the full SHA
    0be3905 View commit details

Commits on Sep 14, 2022

  1. build(deps): bump github.com/bradleyjkemp/cupaloy/v2 from 2.7.0 to 2.8.0 

    Bumps [github.com/bradleyjkemp/cupaloy/v2](https://github.com/bradleyjkemp/cupaloy) from 2.7.0 to 2.8.0.
- [Release notes](https://github.com/bradleyjkemp/cupaloy/releases)
- [Commits](bradleyjkemp/cupaloy@v2.7.0...v2.8.0)

---
updated-dependencies:
- dependency-name: github.com/bradleyjkemp/cupaloy/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot
    dependabot[bot] authored Sep 14, 2022
    Copy the full SHA
    6eb6521 View commit details

Commits on Sep 18, 2022

  1. Merge pull request #50 from CycloneDX/dependabot/go_modules/github.co… 

    …m/bradleyjkemp/cupaloy/v2-2.8.0

build(deps): bump github.com/bradleyjkemp/cupaloy/v2 from 2.7.0 to 2.8.0
    @nscuro
    nscuro authored Sep 18, 2022
    Copy the full SHA
    cc4e703 View commit details

  2. build(deps): bump actions/setup-go from 3.2.1 to 3.3.0 

    Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.2.1 to 3.3.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@v3.2.1...v3.3.0)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot
    dependabot[bot] authored Sep 18, 2022
    Copy the full SHA
    760fae3 View commit details

  3. Merge pull request #49 from CycloneDX/dependabot/github_actions/actio… 

    …ns/setup-go-3.3.0

build(deps): bump actions/setup-go from 3.2.1 to 3.3.0
    @nscuro
    nscuro authored Sep 18, 2022
    Copy the full SHA
    c4cecac View commit details

Commits on Sep 25, 2022

  1. feat: add support for encoding to older spec versions (#51) 

    * feat: add support for encoding to older spec versions

Signed-off-by: nscuro <nscuro@protonmail.com>

* fix: ignore generated sources in license check

Signed-off-by: nscuro <nscuro@protonmail.com>

Signed-off-by: nscuro <nscuro@protonmail.com>
    @nscuro
    nscuro authored Sep 25, 2022
    Copy the full SHA
    2826fe2 View commit details

  2. refactor: separate custom marshalling logic from model 

    Signed-off-by: nscuro <nscuro@protonmail.com>
    @nscuro
    nscuro committed Sep 25, 2022
    Copy the full SHA
    0c2ebff View commit details

  3. Merge pull request #52 from CycloneDX/cosmetics 

    refactor: separate custom marshalling logic from model
    @nscuro
    nscuro authored Sep 25, 2022
    Copy the full SHA
    55bc8ad View commit details

  4. feat: raise baseline go version to 1.17 (#53) 

    * feat: raise baseline go version to 1.17

Signed-off-by: nscuro <nscuro@protonmail.com>

* fix: resolve linter issues

Signed-off-by: nscuro <nscuro@protonmail.com>

Signed-off-by: nscuro <nscuro@protonmail.com>
    @nscuro
    nscuro authored Sep 25, 2022
    Copy the full SHA
    7a2113a View commit details

Commits on Sep 26, 2022

  1. feat: update gitpod dockerfile 

    change tag to `latest`; update cyclonedx-cli to 0.24.0

Signed-off-by: nscuro <nscuro@protonmail.com>
    @nscuro
    nscuro committed Sep 26, 2022
    Copy the full SHA
    f97e04a View commit details

  2. Merge pull request #54 from CycloneDX/update-gitpod-dockerfile 

    feat: update gitpod dockerfile
    @nscuro
    nscuro authored Sep 26, 2022
    Copy the full SHA
    a683e0c View commit details

  3. refactor: refine spec version conversion to cover more cases 

    improves on #51

Signed-off-by: nscuro <nscuro@protonmail.com>
    @nscuro
    nscuro committed Sep 26, 2022
    Copy the full SHA
    5f10aea View commit details

  4. feat: set SpecVersion when decoding from xml 

    `SpecVersion` as a field is only used in the json format, but when working with `BOM` instances it is useful to know what spec version one is dealing with.

Signed-off-by: nscuro <nscuro@protonmail.com>
    @nscuro
    nscuro committed Sep 26, 2022
    Copy the full SHA
    1655b7d View commit details

  5. feat: add enum for official media types 

    Signed-off-by: nscuro <nscuro@protonmail.com>
    @nscuro
    nscuro committed Sep 26, 2022
    Copy the full SHA
    acb9322 View commit details

  6. Merge pull request #55 from CycloneDX/refine-conversion 

    refine conversion logic
    @nscuro
    nscuro authored Sep 26, 2022
    Copy the full SHA
    3390ca4 View commit details

  7. fix: prevent nesting of Dependency 

    BREAKING-CHANGE: the type of `Dependency.Dependencies` has changed from `*[]Dependency` to `*[]string`

fixes #36

Signed-off-by: nscuro <nscuro@protonmail.com>
    @nscuro
    nscuro committed Sep 26, 2022
    Copy the full SHA
    ea0d5b7 View commit details

  8. Merge pull request #56 from CycloneDX/issue-36 

    fix: prevent nesting of `Dependency`
    @nscuro
    nscuro authored Sep 26, 2022
    Copy the full SHA
    c2db05e View commit details

Commits on Sep 28, 2022

  1. feat: return error when parsing unknown spec versions 

    Signed-off-by: nscuro <nscuro@protonmail.com>
    @nscuro
    nscuro committed Sep 28, 2022
    Copy the full SHA
    7415143 View commit details

  2. docs: fix cyclonedx-go version in compatibility matrix 

    Signed-off-by: nscuro <nscuro@protonmail.com>
    @nscuro
    nscuro committed Sep 28, 2022
    Copy the full SHA
    8f8fadf View commit details

  3. docs: fix typos 

    Signed-off-by: nscuro <nscuro@protonmail.com>
    @nscuro
    nscuro committed Sep 28, 2022
    Copy the full SHA
    124f2be View commit details

  4. Merge pull request #57 from CycloneDX/tweaks 

    Tweaks
    @nscuro
    nscuro authored Sep 28, 2022
    Copy the full SHA
    39a1d8f View commit details
12 changes: 6 additions & 6 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
@@ -19,7 +19,7 @@ jobs:
- name: Checkout Repository
uses: actions/checkout@v3.0.2
- name: Check license headers
uses: apache/skywalking-eyes@v0.3.0
uses: apache/skywalking-eyes@v0.4.0
with:
config: .licenserc.yml

@@ -31,9 +31,9 @@ jobs:
- name: Checkout Repository
uses: actions/checkout@v3.0.2
- name: Setup Go
uses: actions/setup-go@v3.1.0
uses: actions/setup-go@v3.3.0
with:
go-version: "1.17"
go-version: "1.19"
check-latest: true
- name: Run golangci-lint
uses: golangci/golangci-lint-action@v3.2.0
@@ -47,12 +47,12 @@ jobs:
strategy:
matrix:
go:
- "1.15"
- "1.16"
- "1.17"
- "1.18"
- "1.19"
steps:
- name: Setup Go
uses: actions/setup-go@v3.1.0
uses: actions/setup-go@v3.3.0
with:
go-version: ${{ matrix.go }}
check-latest: true
6 changes: 3 additions & 3 deletions .github/workflows/goreleaser.yml
View file
Original file line number Diff line number Diff line change
@@ -19,16 +19,16 @@ jobs:
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@v3.1.0
uses: actions/setup-go@v3.3.0
with:
go-version: "1.17"
go-version: "1.19"
check-latest: true
- name: Install cyclonedx-gomod
uses: CycloneDX/gh-gomod-generate-sbom@v1
with:
version: v1
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v2
uses: goreleaser/goreleaser-action@v3
with:
version: latest
args: release --rm-dist
6 changes: 3 additions & 3 deletions .gitpod.Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
FROM gitpod/workspace-go:2022-02-04-10-54-10@sha256:8ea7684f6b1294c21065918880e6f31d16ac58b61361754b8d384b8e8f8279ae
FROM gitpod/workspace-go:latest

USER root

RUN \
wget -O "/usr/local/bin/cyclonedx" https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.22.0/cyclonedx-linux-x64 && \
echo "ae39404a9dc8b2e7be0a9559781ee9fe3492201d2629de139d702fd4535ffdd6 /usr/local/bin/cyclonedx" | sha256sum -c && \
wget -O "/usr/local/bin/cyclonedx" https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.24.0/cyclonedx-linux-x64 && \
echo "691cf7ed82ecce1f85e6d21bccd1ed2d7968e40eb6be7504b392c8b3a0943891 /usr/local/bin/cyclonedx" | sha256sum -c && \
chmod +x "/usr/local/bin/cyclonedx"

USER gitpod
11 changes: 6 additions & 5 deletions .licenserc.yml
View file
Original file line number Diff line number Diff line change
@@ -3,17 +3,18 @@ header:
spdx-id: Apache-2.0
copyright-owner: OWASP Foundation
paths-ignore:
- "**/*.md"
- "**/go.mod"
- "**/go.sum"
- "**/testdata/**"
- ".github/**"
- ".gitignore"
- ".gitpod.*"
- ".golangci.yml"
- ".goreleaser.yml"
- ".licenserc.yml"
- "**/*.md"
- "**/go.mod"
- "**/go.sum"
- "**/testdata/**"
- "CODEOWNERS"
- "LICENSE"
- "Makefile"
- "NOTICE"
- "NOTICE"
- "cyclonedx_string.go"
8 changes: 8 additions & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
@@ -10,5 +10,13 @@ clean:
go clean
.PHONY: clean

generate:
go generate
.PHONY: generate

lint:
golangci-lint run
.PHONY: lint

all: clean build test
.PHONY: all
13 changes: 8 additions & 5 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -28,15 +28,18 @@ Also, checkout the [`examples`](./example_test.go) to get an idea of how this li

| cyclonedx-go versions | Supported Go versions | Supported CycloneDX spec |
|:---------------------:|:---------------------:|:------------------------:|
| < v0.4.0 | 1.14+ | 1.2 |
| == v0.4.0 | 1.14+ | 1.3 |
| >= v0.5.0 | 1.15+ | 1.4 |
| < v0.4.0 | 1.14+ | 1.2 |
| == v0.4.0 | 1.14+ | 1.3 |
| >= v0.5.0, < v0.7.0 | 1.15+ | 1.4 |
| >= v0.7.0 | 1.17+ | 1.0-1.4 |

We're aiming to support all [officially supported](https://golang.org/doc/devel/release.html#policy) Go versions, plus
an additional older version.

This library will only support the latest version of the CycloneDX specification. While it's generally possible to
*read* BOMs of an older spec, *writing* will exclusively produce BOMs conforming to the latest supported spec.
Prior to v0.7.0, this library only supported the latest version of the CycloneDX specification. While it is generally
possible to *read* BOMs of an older spec, *writing* would exclusively produce BOMs conforming to the latest supported spec.

Starting with v0.7.0, writing BOMs conforming to all previous version of the spec is also possible.

## Copyright & License

Loading