Skip to content

Support for CycloneDX schema version 1.4 #108

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 59 commits into from
Jan 13, 2022
Merged

Support for CycloneDX schema version 1.4 #108

merged 59 commits into from
Jan 13, 2022

Conversation

madpah
Copy link
Collaborator

@madpah madpah commented Dec 22, 2021

Work is in progress.

@madpah
added draft 1.4 schema documents as of 10-Nov-2021
aabb3a1 
Signed-off-by: Paul Horton <[email protected]>
@madpah
skeleton updates to define Schema Version 1.4
a1c3401 
Signed-off-by: Paul Horton <[email protected]>
@madpah
update to latest draft 1.4 XML XSD
27d1c4f 
Signed-off-by: Paul Horton <[email protected]>
@madpah
Merge branch 'main' into feat/67-schema-version-1.4-xml
6d28d98
@madpah
Merge branch 'main' into feat/67-schema-version-1.4-xml
c06b273
@madpah
- Added XML Schema validation for XML tests
2a94a1e 
- Updated spdx.xsd to latest in 1.4-draft
- Corrected 1.0 output as `bom.component.modified` is REQUIRED is 1.0

Signed-off-by: Paul Horton <[email protected]>
@madpah
- Made Component version optional for schema version 1.4
09a14a0 
Signed-off-by: Paul Horton <[email protected]>
@madpah
- New model objects for ReleaseNotes and associated sub-types
7e6db9a 
- New `XsUri` object to enable some validation for strings that are expected to conform to xs:anyURI type
- Bunch of tests covering new models
- New exceptions that will be thrown if invalid data is passed into model classes

Signed-off-by: Paul Horton <[email protected]>
@madpah madpah added this to the CycloneDX-Schema-1.4-Support milestone Dec 22, 2021
@madpah
added lxml as dev dependency
49a6738 
Signed-off-by: Paul Horton <[email protected]>
@madpah
- Added XML schema validation to all tests in test_output_xml.py wi…
f0403b7 
…th fixes as required

- Added support for optional `component.version` in 1.4 (for XML)

Signed-off-by: Paul Horton <[email protected]>
jkowalleck
jkowalleck reviewed Dec 23, 2021
View reviewed changes
@madpah
added jsonschema validation to unit tests
4be4004 
Signed-off-by: Paul Horton <[email protected]>
@madpah
fixed typos
4a05fe0 
Signed-off-by: Paul Horton <[email protected]>
sonatype-lift[bot]
sonatype-lift bot reviewed Dec 23, 2021
View reviewed changes
sonatype-lift[bot]
sonatype-lift bot reviewed Dec 23, 2021
View reviewed changes
sonatype-lift[bot]
sonatype-lift bot reviewed Dec 23, 2021
View reviewed changes
sonatype-lift[bot]
sonatype-lift bot reviewed Dec 23, 2021
View reviewed changes
sonatype-lift[bot]
sonatype-lift bot reviewed Dec 23, 2021
View reviewed changes
sonatype-lift[bot]
sonatype-lift bot reviewed Dec 23, 2021
View reviewed changes
sonatype-lift[bot]
sonatype-lift bot reviewed Dec 23, 2021
View reviewed changes
sonatype-lift[bot]
sonatype-lift bot reviewed Dec 23, 2021
View reviewed changes
sonatype-lift[bot]
sonatype-lift bot reviewed Dec 23, 2021
View reviewed changes
sonatype-lift[bot]
sonatype-lift bot reviewed Dec 23, 2021
View reviewed changes
jkowalleck
jkowalleck reviewed Dec 24, 2021
View reviewed changes
@madpah
Copy link
Collaborator Author

madpah commented Jan 7, 2022

This PR is now considered stable and will be merged to create release 1.0.0 next week (week commencing 10th Jan 2022), subject to CycloneDX Specification 1.4 being released on https://cyclonedx.org.

jkowalleck
jkowalleck requested changes Jan 8, 2022
View reviewed changes
Copy link
Member

@jkowalleck jkowalleck left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

part of review done.

main issues i see:

  • purl handling is pretty error prone. if there waas an actual need to generate a PURL from the model, then there should be a factory flass that generates a purl from the model.
    putting a oneliner in the component-model is not enough.
    there a lot of details when it comes to generate a purl - the PURL-spec is huge and has lots of details the model does not even have properties for. this is why the model has these nasty __purl_... properties.
    i would argue that the purl implementation here is in a proper state.

EDIT / PS :
got all sorted out. nothing to do anymore.

@madpah
Copy link
Collaborator Author

madpah commented Jan 9, 2022

part of review done.

main issues i see:

  • purl handling is pretty error prone. if there waas an actual need to generate a PURL from the model, then there should be a factory flass that generates a purl from the model.
    putting a oneliner in the component-model is not enough.
    there a lot of details when it comes to generate a purl - the PURL-spec is huge and has lots of details the model does not even have properties for. this is why the model has these nasty __purl_... properties.
    i would argue that the purl implementation here is in a proper state.

Agree that purl is now message and should be simplified.

However, I recall now why I went back to where it's at: PackageURL is a NamedTuple and JSON serialisation therefore automatically serialises this class to an array - it cannot be overridden as tuple types are coded in the base JSON Serialiser to become Arrays.

Thoughts?

madpah added 4 commits January 10, 2022 10:36
@madpah
feat: Relocate Parsers to cyclonedx-python (#132)
3cb7745 
BREAKING CHANGE: Concrete parsers relocated to `cyclonedx-python`.

* Exception was incorrectly in parser and should have been in model

Signed-off-by: Paul Horton <[email protected]>

* resolved issues in Unit Tests

Signed-off-by: Paul Horton <[email protected]>
@madpah
doc: added changelog
cd05f79 
Signed-off-by: Paul Horton <[email protected]>
@madpah
doc: moved Python-specific parser docs to cyclonedx-python
2ed766c 
Signed-off-by: Paul Horton <[email protected]>
@madpah
doc: removed python-specific parser docs
285c872 
Signed-off-by: Paul Horton <[email protected]>
@madpah madpah requested a review from jkowalleck January 10, 2022 13:02
@madpah madpah mentioned this pull request Jan 10, 2022
Closed
sonatype-lift[bot]
sonatype-lift bot reviewed Jan 10, 2022
View reviewed changes
sonatype-lift[bot]
sonatype-lift bot reviewed Jan 10, 2022
View reviewed changes
@jkowalleck @madpah
doc: describe anaconda release process (#111)
f01be8a 
* DOCS: anaconda-release

Signed-off-by: Jan Kowalleck <[email protected]>

* Corrected links

Co-authored-by: Paul Horton <[email protected]>
jkowalleck
jkowalleck approved these changes Jan 12, 2022
View reviewed changes
@madpah madpah merged commit 7fb6da9 into main Jan 13, 2022
madpah added a commit that referenced this pull request Jan 13, 2022
@madpah
Revert "Support for CycloneDX schema version 1.4 (#108)"
9436253 
This reverts commit 7fb6da9.
@madpah madpah deleted the feat/schema-version-1.4 branch January 13, 2022 09:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sonatype-lift sonatype-lift[bot] sonatype-lift[bot] left review comments

@jkowalleck jkowalleck jkowalleck approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request schema 1.4
Projects
None yet
Milestone
1.0.0
Development

Successfully merging this pull request may close these issues.
2 participants
@madpah @jkowalleck