Skip to content

Commit

Permalink
Parse CycloneDX Legal information (#1985)
Browse files Browse the repository at this point in the history 
* update cdx parser to capture license information

Signed-off-by: pxp928 <parth.psu@gmail.com>

* complete update for cdx legal parser and update unit tests

Signed-off-by: pxp928 <parth.psu@gmail.com>

* make updates based on comments, add missing options for license for CDX and fix unit tests

Signed-off-by: pxp928 <parth.psu@gmail.com>

---------

Signed-off-by: pxp928 <parth.psu@gmail.com>
  • Loading branch information
@pxp928
pxp928 authored Jul 16, 2024
1 parent a4c36b1 commit 9d51e44
Show file tree
Hide file tree
Showing 11 changed files with 805 additions and 58 deletions.
269 changes: 269 additions & 0 deletions internal/testing/testdata/exampledata/small-legal-cyclonedx.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,269 @@
{
"bomFormat" : "CycloneDX",
"specVersion" : "1.4",
"serialNumber" : "urn:uuid:0697952e-9848-4785-95bf-f81ff9731682",
"version" : 1,
"metadata" : {
"timestamp" : "2022-11-09T11:14:31Z",
"tools" : [
{
"vendor" : "OWASP Foundation",
"name" : "CycloneDX Maven plugin",
"version" : "2.7.1",
"hashes" : [
{
"alg" : "SHA3-512",
"content" : "72ea0ed8faa3cc4493db96d0223094842e7153890b091ff364040ad3ad89363157fc9d1bd852262124aec83134f0c19aa4fd0fa482031d38a76d74dfd36b7964"
}
]
}
],
"component" : {
"group" : "org.acme",
"name" : "getting-started",
"version" : "1.0.0-SNAPSHOT",
"licenses": [
{
"license": {
"id": "GPL-2.0"
}
},
{
"license": {
"id": "LGPL-3.0-or-later"
}
}
],
"hashes" : [
{
"alg" : "SHA3-512",
"content" : "85240ed8faa3cc4493db96d0223094842e7153890b091ff364040ad3ad89363157fc9d1bd852262124aec83134f0c19aa4fd0fa482031d38a76d74dfd36b7964"
}
],
"purl" : "pkg:maven/org.acme/getting-started@1.0.0-SNAPSHOT?type=jar",
"type" : "library",
"bom-ref" : "pkg:maven/org.acme/getting-started@1.0.0-SNAPSHOT?type=jar"
}
},
"components" : [
{
"publisher" : "JBoss by Red Hat",
"group" : "io.quarkus",
"name" : "quarkus-resteasy-reactive",
"version" : "2.13.4.Final",
"description" : "A JAX-RS implementation utilizing build time processing and Vert.x. This extension is not compatible with the quarkus-resteasy extension, or any of the extensions that depend on it.",
"scope" : "optional",
"hashes" : [
{
"alg" : "MD5",
"content" : "bf39044af8c6ba66fc3beb034bc82ae8"
},
{
"alg" : "SHA3-512",
"content" : "615e56bdfeb591af8b5fdeadf019f8fa729643232d7e0768674411a7d959bb00e12e114280a6949f871514e1a86e01e0033372a0a826d15720050d7cffb80e69"
}
],
"licenses" : [
{
"license" : {
"id" : "Apache-2.0"
}
}
],
"purl" : "pkg:maven/io.quarkus/quarkus-resteasy-reactive@2.13.4.Final?type=jar",
"externalReferences" : [
{
"type" : "distribution",
"url" : "https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/"
},
{
"type" : "issue-tracker",
"url" : "https://github.com/quarkusio/quarkus/issues/"
},
{
"type" : "vcs",
"url" : "https://github.com/quarkusio/quarkus"
},
{
"type" : "website",
"url" : "http://www.jboss.org"
},
{
"type" : "mailing-list",
"url" : "http://lists.jboss.org/pipermail/jboss-user/"
}
],
"type" : "library",
"bom-ref" : "pkg:maven/io.quarkus/quarkus-resteasy-reactive@2.13.4.Final?type=jar"
},
{
"publisher" : "SmallRye",
"group" : "io.smallrye.reactive",
"name" : "smallrye-mutiny-vertx-uri-template",
"version" : "2.27.0",
"description" : "SmallRye Build Parent POM",
"hashes" : [
{
"alg" : "MD5",
"content" : "8756663af131035a2090d83f5f1b4054"
}
],
"licenses" : [
{
"expression" : "Apache-2.0 AND (MIT OR GPL-2.0-only)"
}
],
"purl" : "pkg:maven/io.smallrye.reactive/smallrye-mutiny-vertx-uri-template@2.27.0?type=jar",
"externalReferences" : [
{
"type" : "website",
"url" : "https://wwww.smallrye.io"
},
{
"type" : "issue-tracker",
"url" : "https://github.com/smallrye/smallrye-mutiny-vertx-bindings/issues"
},
{
"type" : "vcs",
"url" : "https://github.com/smallrye/smallrye-mutiny-vertx-bindings"
},
{
"type" : "distribution",
"url" : "https://oss.sonatype.org/service/local/staging/deploy/maven2/"
}
],
"type" : "library",
"bom-ref" : "pkg:maven/io.smallrye.reactive/smallrye-mutiny-vertx-uri-template@2.27.0?type=jar"
},
{
"publisher" : "JBoss by Red Hat",
"group" : "io.quarkus",
"name" : "quarkus-resteasy-reactive-common",
"version" : "2.13.4.Final",
"description" : "Common runtime parts of Quarkus RESTEasy Reactive",
"hashes" : [
{
"alg" : "SHA3-512",
"content" : "54ffa51cb2fb25e70871e4b69489814ebb3d23d4f958e83ef1f811c00a8753c6c30c5bbc1b48b6427357eb70e5c35c7b357f5252e246fbfa00b90ee22ad095e1"
}
],
"licenses" : [
{
"license": {
"id": "Apache-2.0"
}
},
{
"license": {
"name": "Custom license",
"text": {
"content": "This is the text of the custom license I wrote"
}
}
}
],
"purl" : "pkg:maven/io.quarkus/quarkus-resteasy-reactive-common@2.13.4.Final?type=jar",
"externalReferences" : [
{
"type" : "mailing-list",
"url" : "http://lists.jboss.org/pipermail/jboss-user/"
}
],
"type" : "library",
"bom-ref" : "pkg:maven/io.quarkus/quarkus-resteasy-reactive-common@2.13.4.Final?type=jar"
},
{
"publisher" : "JBoss by Red Hat",
"group" : "io.quarkus",
"name" : "netbase",
"version" : ".3",
"description" : "Common runtime parts of Quarkus RESTEasy Reactive",
"hashes" : [
{
"alg" : "SHA3-512",
"content" : "87gna51cb2fb25e70871e4b69489814ebb3d23d4f958e83ef1f811c00a8753c6c30c5bbc1b48b6427357eb70e5c35c7b357f5252e246fbfa00b90ee22ad095e1"
}
],
"licenses" : [
{
"license": {
"id": "Apache-2.0"
}
},
{
"license": {
"name": "Custom license",
"text": {
"content": "This is the text of the custom license I wrote"
}
}
}
],
"purl" : "pkg:deb/debian/netbase@6.3?arch=all\u0026distro=debian-11",
"externalReferences" : [
{
"type" : "mailing-list",
"url" : "http://lists.jboss.org/pipermail/jboss-user/"
}
],
"type" : "library",
"bom-ref" : "pkg:deb/debian/netbase@6.3?arch=all\u0026distro=debian-11\u0026package-id=913906225fd3778b"
},
{
"publisher" : "Eclipse Foundation",
"group" : "org.eclipse.microprofile.context-propagation",
"name" : "microprofile-context-propagation-api",
"version" : "1.2",
"description" : "MicroProfile Context Propagation :: API",
"hashes" : [
{
"alg" : "SHA-256",
"content" : "1576e21f3bf9cc3a3092e7cd40e9c9fef70532223af98a9218c1c9c885a71251"
}
],
"licenses" : [
{
"license": {
"name": "Custom license",
"bom-ref" : "LicenseRef-a7fb6b15"
}
}
],
"purl" : "pkg:maven/org.eclipse.microprofile.context-propagation/microprofile-context-propagation-api@1.2?type=jar",
"externalReferences" : [
{
"type" : "website",
"url" : "http://www.eclipse.org/"
},
{
"type" : "distribution",
"url" : "https://oss.sonatype.org/service/local/staging/deploy/maven2/"
},
{
"type" : "issue-tracker",
"url" : "https://github.com/eclipse/microprofile-context-propagation/issues"
},
{
"type" : "vcs",
"url" : "https://github.com/eclipse/microprofile-context-propagation"
}
],
"type" : "library",
"bom-ref" : "pkg:maven/org.eclipse.microprofile.context-propagation/microprofile-context-propagation-api@1.2?type=jar"
}
],
"dependencies" : [
{
"ref" : "pkg:maven/org.acme/getting-started@1.0.0-SNAPSHOT?type=jar",
"dependsOn" : [
"pkg:maven/io.quarkus/quarkus-resteasy-reactive@2.13.4.Final?type=jar"
]
},
{
"ref" : "pkg:maven/io.quarkus/quarkus-resteasy-reactive@2.13.4.Final?type=jar",
"dependsOn" : [
"pkg:maven/io.quarkus/quarkus-resteasy-reactive-common@2.13.4.Final?type=jar"
]
}
]
}
Loading

0 comments on commit 9d51e44

Please sign in to comment.