-
-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat!: v8.0.0 #665
feat!: v8.0.0 #665
Conversation
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Coverage summary from CodacySee diff coverage on Codacy
Coverage variation details
Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: Diff coverage details
Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: See your quality gate settings Change summary preferencesCodacy stopped sending the deprecated coverage status on June 5th, 2024. Learn more |
CycloneDX spec 1.5 deprecated an array of tools in bom.metadata and instead prefers object with an array of components and an array of services. This PR implements that. This works de-serializing a Syft SBOM with a tool section like so: ``` "metadata": { "timestamp": "2024-06-10T13:06:52-08:00", "tools": { "components": [ { "type": "application", "author": "anchore", "name": "syft", "version": "1.4.1" } ] }, "component": { "bom-ref": "08329a07b4eb8eac", "type": "file", "name": "./" } }, ``` Next up: docs, XML (de)serialization code, and tests. fixes #561 --------- Signed-off-by: Joshua Kugler <tek30584@adobe.com> Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com>
fixes #673 Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
fixes #594 Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
reworked `ThisTool` for #635 --------- Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
QA for #649 --------- Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
fixes #681 --------- Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Signed-off-by: semantic-release <semantic-release@bot.local> Co-authored-by: semantic-release <semantic-release@bot.local>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkugler, |
downstream integration succeeded, as of CycloneDX/cyclonedx-python#796 will publish a release candidate, soon |
Automatically generated by python-semantic-release Signed-off-by: semantic-release <semantic-release@bot.local>
Release candidate 1 is available as of https://pypi.org/project/cyclonedx-python-lib/8.0.0rc1/ |
Item class of repository is to be called in singular(`Tool`). Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Automatically generated by python-semantic-release Signed-off-by: semantic-release <semantic-release@bot.local>
Release candidate 2 is available as of https://pypi.org/project/cyclonedx-python-lib/8.0.0rc2/ |
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
was released via https://github.com/CycloneDX/cyclonedx-python-lib/releases/tag/v8.0.0 |
BREAKING Changes
cyclonedx.mode.ThisTool
, utilizecyclonedx.builder.this.this_tool()
instead.cyclonedx.model.Tool
tocyclonedx.model.tool.Tool
.cyclonedx.mode.bom.BomMetaData.tools
is of typecyclonedx.model.tool.ToolRepository
now, wasSortedSet[cyclonedx.model.Tool]
.The getter will act accordingly; the setter might act in a backwards-compatible way.
cyclonedx.mode.vulnerability.Vulnerability.tools
is of typecyclonedx.model.tool.ToolRepository
now, wasSortedSet[cyclonedx.model.Tool]
.The getter will act accordingly; the setter might act in a backwards-compatible way.
cyclonedx.model.license.LicenseExpression()
accepts optional argumentacknowledgement
only as key-word argument, no longer as positional argument.Changes
cyclonedx.model.bom.BomMetaData
also accepts an instance ofcyclonedx.model.tool.ToolRepository
for argumenttools
.cyclonedx.model.bom.BomMetaData
no longer adds this very library as a tool.Downstream users SHOULD add it manually, like
my-bom.metadata.tools.components.add(cyclonedx.builder.this.this_component())
.Fixes
Added
Enabled Metadata Tools representation and serialization in accordance with CycloneDX 1.5
cyclonedx.model.tool.ToolRepository
.cyclonedx.builder.this.this_component()
-- representation of this very python library as aComponent
.cyclonedx.builder.this.this_tool()
-- representation of this very python library as aTool
.cyclonedx.model.tool.Tool.from_component()
.Dependencies
py-serializable>=1.1.1,<2
, was>=1.1.0,<2
.Docs & Migration Paths
rendered docs preview: https://cyclonedx-python-library.readthedocs.io/en/8.0.0-dev/
fixes #561
fixes #594
fixes #673
includes #595
includes #635
includes #649
includes #674
includes #682
includes #684
includes #686
includes #687