oss/syft

mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00

History

Find Java package versions in additional manifest sections (#673 )

* Add failing test for missing versions

Signed-off-by: Dan Luhring <dan+github@luhrings.com>

* Look through all named sections for version

Signed-off-by: Dan Luhring <dan+github@luhrings.com>

* Consistent installation of yajsv

Signed-off-by: Dan Luhring <dan+github@luhrings.com>

* Adjust output text for test assertion

Signed-off-by: Dan Luhring <dan+github@luhrings.com>

2021-12-13 15:39:42 -05:00

.gitignore

add cyclone-json output format (#635 )

2021-12-03 17:06:23 -08:00

bom-1.3.schema.json

add cyclone-json output format (#635 )

2021-12-03 17:06:23 -08:00

cyclonedx.xsd

add cyclone-json output format (#635 )

2021-12-03 17:06:23 -08:00

Makefile

Find Java package versions in additional manifest sections (#673 )

2021-12-13 15:39:42 -05:00

README.md

add bom descriptor schema + test against xml schemas in pipeline (#163 )

2020-08-27 19:12:45 -04:00

spdx.xsd

add cyclone-json output format (#635 )

2021-12-03 17:06:23 -08:00

README.md

CycloneDX Schemas

syft generates a CycloneDX BOm output. We want to be able to validate the CycloneDX schemas (and dependent schemas) against generated syft output. The best way to do this is with xmllint, however, this tool does not know how to deal with references from HTTP, only the local filesystem. For this reason we've included a copy of all schemas needed to validate syft output, modified to reference local copies of dependent schemas.