Add CBOM model

Question

Add CBOM model

mcombuechen opened this issue 2 months ago · comments

Maximilian Combüchen commented 2 months ago

This issue is to track ~~#142~~ #165, the addition of the CBOM model from CycloneDX spec version 1.6.

See:

https://cyclonedx.org/docs/1.6/json/#components_items_cryptoProperties
https://cyclonedx.org/guides/OWASP_CycloneDX-Authoritative-Guide-to-CBOM-en.pdf

Nicolas-Peiffer · Answer 1 · Thu May 16 2024 22:19:01 GMT+0800 (China Standard Time)

Hi there, with @louison77 we were testing your code from https://github.com/Petzys/cyclonedx-go (this particular commit 988f215) that we found from your previous PR #142 .

Before that we were in fact testing branch spec/1.6, but we replaced it with your own PR: this is an extract of our go.mod

require (
        github.com/CycloneDX/cyclonedx-go v0.8.1-0.20240508101843-e0e9c670e161
)

replace github.com/CycloneDX/cyclonedx-go v0.8.1-0.20240508101843-e0e9c670e161 => github.com/Petzys/cyclonedx-go v0.0.0-20240425125758-988f2157b048

We are testing this for a PoC that we will soon open source. We had good results so far generating CBOM artifacts in both JSON and XML.

We will try your new PR (#165) soon. And once we have the green light to open-source our PoC, we can keep in touch if you are interested.

Niklas · Answer 2 · Thu May 30 2024 04:34:58 GMT+0800 (China Standard Time)

Implemented in #165