-
-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feat: Support CBOM (1.6 specification) (#140) #142
Conversation
Bumps gitpod/workspace-go from `9118b93` to `8b9a0f6`. --- updated-dependencies: - dependency-name: gitpod/workspace-go dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Petzys <87223648+Petzys@users.noreply.github.com>
Signed-off-by: Petzys <87223648+Petzys@users.noreply.github.com>
Signed-off-by: Petzys <87223648+Petzys@users.noreply.github.com>
cyclonedx.go
Outdated
AssetTypeRelatedCryptoMaterial AssetType = "related-crypto-material" | ||
) | ||
|
||
type Primitive string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some of these types have rather generic names (e.g. Primitive
, Mode
). We need to pay attention that we won't cause naming collisions as the spec grows. Consider prefixing some of these types so they're "pseudo-namespaced". For example CryptoPrimitive
instead of Primitive
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yup, I see your point and I agree. I think Crypto
works as a prefix. I will work on that.
Signed-off-by: Petzys <87223648+Petzys@users.noreply.github.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.1 to 4.1.5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@b4ffde6...44c2b7a) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 4.0.0 to 6.0.1. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@3cfe3a4...a4f60bb) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…ngci/golangci-lint-action-6.0.1 build(deps): bump golangci/golangci-lint-action from 4.0.0 to 6.0.1
…ons/checkout-4.1.5 build(deps): bump actions/checkout from 4.1.1 to 4.1.5
…pace-go-8b9a0f6 build(deps): bump gitpod/workspace-go from `9118b93` to `8b9a0f6`
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@0c52d54...cdcb360) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…ons/setup-go-5.0.1 build(deps): bump actions/setup-go from 5.0.0 to 5.0.1
Closes #140. Signed-off-by: Maximilian Combüchen <max.combuchen@snyk.io>
This PR is outdated and was continued in #165. Closed. |
🚧 WIP 🚧
This PR is meant to implement the CBOM specification from specification 1.6. It might be extended to include to full scope of 1.6.
As I mainly use this module to decode JSON BOMs, I might or might not continue development on this PR. Contributions of any kind are highly appreciated.
Partly addresses #140.