Add support for CycloneDX 1.5 #2120

spiffcs · 2023-09-12T14:32:07Z

What would you like to be added:
With the onset of CycloneDX/cyclonedx-go#90 the current library we use for generating cyclone-dx SBOM now minimally supports 1.5. Syft should still generate 1.4 as the default stable version, but should give the option for users to generate 1.5 with syft -o cyclone-dx@1.5 node:latest - Syft should also take this opportunity to allow users to generate versions back to v1.0 given that https://github.com/CycloneDX/cyclonedx-go/blob/83031d6697bd6d8b20bce2a0326347a0ea7691c7/encode.go#L31-L34 can now accept a version supplied by the user.

Why is this needed:
Keeping syft up to date with latest SBOM specification standards

Additional context:
N/A

The text was updated successfully, but these errors were encountered:

spiffcs added the enhancement New feature or request label Sep 12, 2023

spiffcs self-assigned this Sep 12, 2023

spiffcs linked a pull request Sep 12, 2023 that will close this issue

feat: add cyclonedx schema version selection #2123

Merged

3 tasks

spiffcs closed this as completed in #2123 Sep 13, 2023

wagoodman changed the title ~~Cyclone-DX 1.5~~ Add support for CycloneDX 1.5 Sep 20, 2023

chenrui333 mentioned this issue Sep 21, 2023

syft 0.91.0 Homebrew/homebrew-core#144424

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add support for CycloneDX 1.5 #2120

Add support for CycloneDX 1.5 #2120

spiffcs commented Sep 12, 2023

Add support for CycloneDX 1.5 #2120

Add support for CycloneDX 1.5 #2120

Comments

spiffcs commented Sep 12, 2023