Skip to content

Commit

Permalink
Merge pull request #106 from CycloneDX/spec-v1.5-licensing
Browse files Browse the repository at this point in the history
feat(spec1-5): add licensing, license properties, and license bom-ref
  • Loading branch information
nscuro authored Jun 27, 2023
2 parents 1631719 + 67a7567 commit 4912cd5
Show file tree
Hide file tree
Showing 10 changed files with 339 additions and 4 deletions.
11 changes: 11 additions & 0 deletions convert.go
Original file line number Diff line number Diff line change
Expand Up @@ -196,6 +196,17 @@ func convertLicenses(licenses *Licenses, specVersion SpecVersion) {
*licenses = converted
}
}

if specVersion < SpecVersion1_5 {
for i := range *licenses {
choice := &(*licenses)[i]
if choice.License != nil {
choice.License.BOMRef = ""
choice.License.Licensing = nil
choice.License.Properties = nil
}
}
}
}

// serviceConverter modifies a Service such that it adheres to a given SpecVersion.
Expand Down
48 changes: 44 additions & 4 deletions cyclonedx.go
Original file line number Diff line number Diff line change
Expand Up @@ -332,10 +332,13 @@ const (
)

type License struct {
ID string `json:"id,omitempty" xml:"id,omitempty"`
Name string `json:"name,omitempty" xml:"name,omitempty"`
Text *AttachedText `json:"text,omitempty" xml:"text,omitempty"`
URL string `json:"url,omitempty" xml:"url,omitempty"`
BOMRef string `json:"bom-ref,omitempty" xml:"bom-ref,attr,omitempty"`
ID string `json:"id,omitempty" xml:"id,omitempty"`
Name string `json:"name,omitempty" xml:"name,omitempty"`
Text *AttachedText `json:"text,omitempty" xml:"text,omitempty"`
URL string `json:"url,omitempty" xml:"url,omitempty"`
Licensing *Licensing `json:"licensing,omitempty" xml:"licensing,omitempty"`
Properties *[]Property `json:"properties,omitempty" xml:"properties>property,omitempty"`
}

type Licenses []LicenseChoice
Expand All @@ -345,6 +348,38 @@ type LicenseChoice struct {
Expression string `json:"expression,omitempty" xml:"-"`
}

type LicenseType string

const (
LicenseTypeAcademic LicenseType = "academic"
LicenseTypeAppliance LicenseType = "appliance"
LicenseTypeClientAccess LicenseType = "client-access"
LicenseTypeConcurrentUser LicenseType = "concurrent-user"
LicenseTypeCorePoints LicenseType = "core-points"
LicenseTypeCustomMetric LicenseType = "custom-metric"
LicenseTypeDevice LicenseType = "device"
LicenseTypeEvaluation LicenseType = "evaluation"
LicenseTypeNamedUser LicenseType = "named-user"
LicenseTypeNodeLocked LicenseType = "node-locked"
LicenseTypeOEM LicenseType = "oem"
LicenseTypeOther LicenseType = "other"
LicenseTypePerpetual LicenseType = "perpetual"
LicenseTypeProcessorPoints LicenseType = "processor-points"
LicenseTypeSubscription LicenseType = "subscription"
LicenseTypeUser LicenseType = "user"
)

type Licensing struct {
AltIDs *[]string `json:"altIds,omitempty" xml:"altIds>altId,omitempty"`
Licensor *OrganizationalEntityOrContact `json:"licensor,omitempty" xml:"licensor,omitempty"`
Licensee *OrganizationalEntityOrContact `json:"licensee,omitempty" xml:"licensee,omitempty"`
Purchaser *OrganizationalEntityOrContact `json:"purchaser,omitempty" xml:"purchaser,omitempty"`
PurchaseOrder string `json:"purchaseOrder,omitempty" xml:"purchaseOrder,omitempty"`
LicenseTypes *[]LicenseType `json:"licenseTypes,omitempty" xml:"licenseTypes>licenseType,omitempty"`
LastRenewal string `json:"lastRenewal,omitempty" xml:"lastRenewal,omitempty"`
Expiration string `json:"expiration,omitempty" xml:"expiration,omitempty"`
}

// MediaType defines the official media types for CycloneDX BOMs.
// See https://cyclonedx.org/specification/overview/#registered-media-types
type MediaType int
Expand Down Expand Up @@ -391,6 +426,11 @@ type OrganizationalEntity struct {
Contact *[]OrganizationalContact `json:"contact,omitempty" xml:"contact,omitempty"`
}

type OrganizationalEntityOrContact struct {
Organization *OrganizationalEntity `json:"organization,omitempty" xml:"organization,omitempty"`
Individual *OrganizationalContact `json:"individual,omitempty" xml:"individual,omitempty"`
}

type Patch struct {
Diff *Diff `json:"diff,omitempty" xml:"diff,omitempty"`
Resolves *[]Issue `json:"resolves,omitempty" xml:"resolves>issue,omitempty"`
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"components": [
{
"type": "library",
"publisher": "Acme Inc",
"group": "com.acme",
"name": "cryptographic-provider",
"version": "2.2.0",
"licenses": [
{
"license": {
"bom-ref": "acme-license-1",
"name": "Acme Commercial License",
"licensing": {
"altIds": [
"acme",
"acme-license"
],
"licensor": {
"organization": {
"name": "Acme Inc",
"contact": [
{
"name": "Acme Licensing Fulfillment",
"email": "licensing@example.com"
}
]
}
},
"licensee": {
"organization": {
"name": "Example Co."
}
},
"purchaser": {
"individual": {
"name": "Samantha Wright",
"email": "samantha.wright@gmail.com",
"phone": "800-555-1212"
}
},
"purchaseOrder": "PO-12345",
"licenseTypes": [
"appliance"
],
"lastRenewal": "2022-04-13T20:20:39+00:00",
"expiration": "2023-04-13T20:20:39+00:00"
}
}
}
]
}
]
}

Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,31 @@
"type": "library",
"name": "acme-library",
"version": "1.0.0",
"licenses": [
{
"license": {
"id": "Apache-2.0",
"properties": [
{
"name": "Foo",
"value": "Bar"
},
{
"name": "Foo",
"value": "You"
},
{
"name": "Foo",
"value": "Two"
},
{
"name": "Bar",
"value": "Foo"
}
]
}
}
],
"properties": [
{
"name": "Foo",
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
<?xml version="1.0" encoding="UTF-8"?>
<bom xmlns="http://cyclonedx.org/schema/bom/1.5" serialNumber="urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" version="1">
<components>
<component type="library">
<publisher>Acme Inc</publisher>
<group>com.acme</group>
<name>cryptographic-provider</name>
<version>2.2.0</version>
<licenses>
<license bom-ref="acme-license-1">
<name>Acme Commercial License</name>
<licensing>
<altIds>
<altId>acme</altId>
<altId>acme-license</altId>
</altIds>
<licensor>
<organization>
<name>Acme Inc</name>
<contact>
<name>Acme Licensing Fulfillment</name>
<email>licensing@example.com</email>
</contact>
</organization>
</licensor>
<licensee>
<organization>
<name>Example Co.</name>
</organization>
</licensee>
<purchaser>
<individual>
<name>Samantha Wright</name>
<email>samantha.wright@gmail.com</email>
<phone>800-555-1212</phone>
</individual>
</purchaser>
<purchaseOrder>PO-12345</purchaseOrder>
<licenseTypes>
<licenseType>appliance</licenseType>
</licenseTypes>
<lastRenewal>2022-04-13T20:20:39+00:00</lastRenewal>
<expiration>2023-04-13T20:20:39+00:00</expiration>
</licensing>
</license>
</licenses>
</component>
</components>
</bom>
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,17 @@
<component type="library">
<name>acme-library</name>
<version>1.0.0</version>
<licenses>
<license>
<id>Apache-2.0</id>
<properties>
<property name="Foo">Bar</property>
<property name="Foo">You</property>
<property name="Foo">Two</property>
<property name="Bar">Foo</property>
</properties>
</license>
</licenses>
<properties>
<property name="Foo">Bar</property>
<property name="Bar">Foo</property>
Expand Down
55 changes: 55 additions & 0 deletions testdata/valid-license-licensing.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"components": [
{
"type": "library",
"publisher": "Acme Inc",
"group": "com.acme",
"name": "cryptographic-provider",
"version": "2.2.0",
"licenses": [
{
"license": {
"bom-ref": "acme-license-1",
"name": "Acme Commercial License",
"licensing": {
"altIds": [
"acme", "acme-license"
],
"licensor": {
"organization": {
"name": "Acme Inc",
"contact": [
{
"name": "Acme Licensing Fulfillment",
"email": "licensing@example.com"
}
]
}
},
"licensee": {
"organization": {
"name": "Example Co."
}
},
"purchaser": {
"individual": {
"name": "Samantha Wright",
"email": "samantha.wright@gmail.com",
"phone": "800-555-1212"
}
},
"purchaseOrder": "PO-12345",
"licenseTypes": ["appliance"],
"lastRenewal": "2022-04-13T20:20:39+00:00",
"expiration": "2023-04-13T20:20:39+00:00"
}
}
}
]
}
]
}
49 changes: 49 additions & 0 deletions testdata/valid-license-licensing.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
?xml version="1.0"?>
<bom serialNumber="urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" version="1" xmlns="http://cyclonedx.org/schema/bom/1.5">
<components>
<component type="library">
<publisher>Acme Inc</publisher>
<group>com.acme</group>
<name>cryptographic-provider</name>
<version>2.2.0</version>
<licenses>
<license bom-ref="acme-license-1">
<name>Acme Commercial License</name>
<licensing>
<altIds>
<altId>acme</altId>
<altId>acme-license</altId>
</altIds>
<licensor>
<organization>
<name>Acme Inc</name>
<contact>
<name>Acme Licensing Fulfillment</name>
<email>licensing@example.com</email>
</contact>
</organization>
</licensor>
<licensee>
<organization>
<name>Example Co.</name>
</organization>
</licensee>
<purchaser>
<individual>
<name>Samantha Wright</name>
<email>samantha.wright@gmail.com</email>
<phone>800-555-1212</phone>
</individual>
</purchaser>
<purchaseOrder>PO-12345</purchaseOrder>
<licenseTypes>
<licenseType>appliance</licenseType>
</licenseTypes>
<lastRenewal>2022-04-13T20:20:39+00:00</lastRenewal>
<expiration>2023-04-13T20:20:39+00:00</expiration>
</licensing>
</license>
</licenses>
</component>
</components>
</bom>
25 changes: 25 additions & 0 deletions testdata/valid-properties.json
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,31 @@
"type": "library",
"name": "acme-library",
"version": "1.0.0",
"licenses": [
{
"license": {
"id": "Apache-2.0",
"properties": [
{
"name": "Foo",
"value": "Bar"
},
{
"name": "Foo",
"value": "You"
},
{
"name": "Foo",
"value": "Two"
},
{
"name": "Bar",
"value": "Foo"
}
]
}
}
],
"properties": [
{
"name": "Foo",
Expand Down
Loading

0 comments on commit 4912cd5

Please sign in to comment.