diff --git a/schema/cyclonedx/bd.xsd b/schema/cyclonedx/bd.xsd
deleted file mode 100644
index 013f550eb..000000000
--- a/schema/cyclonedx/bd.xsd
+++ /dev/null
@@ -1,183 +0,0 @@
-
-
-
-
-
-
- CycloneDX BOM Descriptor Extension
- https://cyclonedx.org/ext/bom-descriptor
- Apache License, Version 2.0
-
- Steve Springett
-
-
-
-
-
-
-
-
-
-
- The date and time (timestamp) when the document was created.
-
-
-
-
- The tool used to create the BOM.
-
-
-
-
- The person(s) who created the BOM. Authors are common in BOMs created through
- manual processes. BOMs created through automated means may not have authors.
-
-
-
-
-
-
-
-
-
- The component that the BOM describes.
-
-
-
-
- The organization that manufactured the component that the BOM describes.
-
-
-
-
- The organization that supplied the component that the BOM describes. The
- supplier may often be the manufacture, but may also be a distributor or repackager.
-
-
-
-
-
- User-defined attributes may be used on this element as long as they
- do not have the same name as an existing attribute used by the schema.
-
-
-
-
-
-
-
-
- The name of the organization
-
-
-
-
- The URL of the organization. Multiple URLs are allowed.
-
-
-
-
- A contact person at the organization. Multiple contacts are allowed.
-
-
-
-
-
- User-defined attributes may be used on this element as long as they
- do not have the same name as an existing attribute used by the schema.
-
-
-
-
-
-
- Specifies a tool (manual or automated).
-
-
-
-
- The vendor of the tool used to create the BOM.
-
-
-
-
- The name of the tool used to create the BOM.
-
-
-
-
- The version of the tool used to create the BOM.
-
-
-
-
-
-
-
-
-
-
-
-
- User-defined attributes may be used on this element as long as they
- do not have the same name as an existing attribute used by the schema.
-
-
-
-
-
-
-
-
- The name of the person
-
-
-
-
- The email address of the person. Multiple email addresses are allowed.
-
-
-
-
- The phone number of the person. Multiple phone numbers are allowed.
-
-
-
-
-
- User-defined attributes may be used on this element as long as they
- do not have the same name as an existing attribute used by the schema.
-
-
-
-
-
-
- Provides additional information about a BOM.
-
-
-
-
diff --git a/syft/presenter/cyclonedx/bom-extension.go b/syft/presenter/cyclonedx/bom-descriptor.go
similarity index 64%
rename from syft/presenter/cyclonedx/bom-extension.go
rename to syft/presenter/cyclonedx/bom-descriptor.go
index 7f99de637..ce9cf48af 100644
--- a/syft/presenter/cyclonedx/bom-extension.go
+++ b/syft/presenter/cyclonedx/bom-descriptor.go
@@ -11,25 +11,25 @@ import (
// BomDescriptor represents all metadata surrounding the BOM report (such as when the BOM was made, with which tool, and the item being cataloged).
type BomDescriptor struct {
- XMLName xml.Name `xml:"bd:metadata"`
- Timestamp string `xml:"bd:timestamp,omitempty"` // The date and time (timestamp) when the document was created
- Tool *BdTool `xml:"bd:tool"` // The tool used to create the BOM.
- Component *BdComponent `xml:"bd:component"` // The component that the BOM describes.
+ XMLName xml.Name `xml:"metadata"`
+ Timestamp string `xml:"timestamp,omitempty"` // The date and time (timestamp) when the document was created
+ Tools []BdTool `xml:"tools>tool"` // The tool used to create the BOM.
+ Component *BdComponent `xml:"component"` // The component that the BOM describes.
}
// BdTool represents the tool that created the BOM report.
type BdTool struct {
- XMLName xml.Name `xml:"bd:tool"`
- Vendor string `xml:"bd:vendor,omitempty"` // The vendor of the tool used to create the BOM.
- Name string `xml:"bd:name,omitempty"` // The name of the tool used to create the BOM.
- Version string `xml:"bd:version,omitempty"` // The version of the tool used to create the BOM.
+ XMLName xml.Name `xml:"tool"`
+ Vendor string `xml:"vendor,omitempty"` // The vendor of the tool used to create the BOM.
+ Name string `xml:"name,omitempty"` // The name of the tool used to create the BOM.
+ Version string `xml:"version,omitempty"` // The version of the tool used to create the BOM.
// TODO: hashes, author, manufacture, supplier
// TODO: add user-defined fields for the remaining build/version parameters
}
// BdComponent represents the software/package being cataloged.
type BdComponent struct {
- XMLName xml.Name `xml:"bd:component"`
+ XMLName xml.Name `xml:"component"`
Component
}
@@ -38,10 +38,12 @@ func NewBomDescriptor(name, version string, srcMetadata source.Metadata) *BomDes
descriptor := BomDescriptor{
XMLName: xml.Name{},
Timestamp: time.Now().Format(time.RFC3339),
- Tool: &BdTool{
- Vendor: "anchore",
- Name: name,
- Version: version,
+ Tools: []BdTool{
+ {
+ Vendor: "anchore",
+ Name: name,
+ Version: version,
+ },
},
}
diff --git a/syft/presenter/cyclonedx/document.go b/syft/presenter/cyclonedx/document.go
index dcd8c0181..8791d3f9c 100644
--- a/syft/presenter/cyclonedx/document.go
+++ b/syft/presenter/cyclonedx/document.go
@@ -16,11 +16,10 @@ import (
type Document struct {
XMLName xml.Name `xml:"bom"`
XMLNs string `xml:"xmlns,attr"`
- XMLNsBd string `xml:"xmlns:bd,attr"`
Version int `xml:"version,attr"`
SerialNumber string `xml:"serialNumber,attr"`
+ BomDescriptor *BomDescriptor `xml:"metadata"` // The BOM descriptor extension
Components []Component `xml:"components>component"` // The BOM contents
- BomDescriptor *BomDescriptor `xml:"bd:metadata"` // The BOM descriptor extension
}
// NewDocumentFromCatalog returns a CycloneDX Document object populated with the catalog contents.
@@ -29,7 +28,6 @@ func NewDocument(catalog *pkg.Catalog, srcMetadata source.Metadata) Document {
doc := Document{
XMLNs: "http://cyclonedx.org/schema/bom/1.2",
- XMLNsBd: "http://cyclonedx.org/schema/ext/bom-descriptor/1.0",
Version: 1,
SerialNumber: uuid.New().URN(),
BomDescriptor: NewBomDescriptor(internal.ApplicationName, versionInfo.Version, srcMetadata),
diff --git a/syft/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxDirsPresenter.golden b/syft/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxDirsPresenter.golden
index 1a1374137..a6200b9b6 100644
--- a/syft/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxDirsPresenter.golden
+++ b/syft/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxDirsPresenter.golden
@@ -1,5 +1,19 @@
-
+
+
+ 2020-12-01T22:19:00-05:00
+
+
+ anchore
+ syft
+ [not provided]
+
+
+
+ /some/path
+
+
+
package1
@@ -18,16 +32,4 @@
-
- 2020-11-19T10:11:26-05:00
-
- anchore
- syft
- [not provided]
-
-
- /some/path
-
-
-
diff --git a/syft/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxImgsPresenter.golden b/syft/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxImgsPresenter.golden
index 719281d59..9740019be 100644
--- a/syft/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxImgsPresenter.golden
+++ b/syft/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxImgsPresenter.golden
@@ -1,5 +1,19 @@
-
+
+
+ 2020-12-01T22:19:00-05:00
+
+
+ anchore
+ syft
+ [not provided]
+
+
+
+ user-image-input
+ sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368
+
+
package1
@@ -20,16 +34,4 @@
the-purl-2
-
- 2020-11-19T10:11:26-05:00
-
- anchore
- syft
- [not provided]
-
-
- user-image-input
- sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368
-
-