Merge pull request #126 from CycloneDX/tweaks

Minor tweaks and housekeeping
CycloneDX · Feb 11, 2022 · ae735b5 · ae735b5
2 parents 1fbb8be + 6b38b1a
commit ae735b5
Show file tree

Hide file tree

Showing 26 changed files with 150 additions and 1,553 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -4,13 +4,11 @@ on:
   push:
     branches:
       - main
-      - develop
     paths-ignore:
       - examples/**
   pull_request:
     branches:
       - main
-      - develop
     paths-ignore:
       - examples/**
   schedule:

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -1,26 +1,12 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
 name: "CodeQL"
 
 on:
   push:
     branches:
       - main
-      - develop
   pull_request:
-    # The branches below must be a subset of the branches above
     branches:
       - main
-      - develop
   schedule:
     - cron: '39 15 * * 5'
 
@@ -33,43 +19,17 @@ jobs:
       contents: read
       security-events: write
 
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'go' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
-        # Learn more:
-        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
-
     steps:
     - name: Checkout repository
       uses: actions/checkout@v2
 
-    # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v1
       with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+        languages: "go"
 
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
       uses: github/codeql-action/autobuild@v1
 
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
-
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v1
diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml
@@ -3,7 +3,7 @@ name: goreleaser
 on:
   push:
     tags:
-      - '*'
+      - 'v*'
 
 jobs:
   goreleaser:

diff --git a/.gitpod.Dockerfile b/.gitpod.Dockerfile
@@ -1,4 +1,4 @@
-FROM gitpod/workspace-go:2022-02-04-10-54-10@sha256:8ea7684f6b1294c21065918880e6f31d16ac58b61361754b8d384b8e8f8279ae
+FROM gitpod/workspace-go:latest
 
 USER root
 

diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -102,7 +102,7 @@ changelog:
   use: github
   sort: asc
   groups:
-    - title: Enhancements
+    - title: Features
       regexp: "^.*feat[(\\w)]*:+.*$"
       order: 0
     - title: Fixes
@@ -119,4 +119,4 @@ changelog:
   filters:
     exclude:
       - '^test:'
-      - '^Merge '
+      - '^Merge '
diff --git a/CHANGELOG.md b/CHANGELOG.md
diff --git a/Dockerfile.examples b/Dockerfile.examples
@@ -20,22 +20,23 @@ RUN useradd -m --uid 1000 cdx
 # Install CycloneDX CLI
 RUN apt update && \
     apt install -y libicu-dev && \
-    wget -q -O /usr/local/bin/cyclonedx https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.18.0/cyclonedx-linux-x64 && \
-    echo "6b387448d3660147fed9f60a74feadf2d165c6275e2915a22193a1350d5f9436 /usr/local/bin/cyclonedx" | sha256sum -c && \
+    wget -q -O /usr/local/bin/cyclonedx https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.22.0/cyclonedx-linux-x64 && \
+    echo "ae39404a9dc8b2e7be0a9559781ee9fe3492201d2629de139d702fd4535ffdd6 /usr/local/bin/cyclonedx" | sha256sum -c && \
     chmod +x /usr/local/bin/cyclonedx
 
 # Create generation script
 RUN echo "#!/bin/bash\n\n\
+set -x \n\
 cyclonedx-gomod app -json -output /examples/app_minikube-v1.23.1.bom.json -licenses -main cmd/minikube /home/cdx/minikube \n\
 cyclonedx-gomod app -json -output /examples/app_minikube-v1.23.1_with-packages.bom.json -licenses -packages -main cmd/minikube /home/cdx/minikube \n\
 cyclonedx-gomod app -json -output /examples/app_minikube-v1.23.1_with-files.bom.json -licenses -packages -files -main cmd/minikube /home/cdx/minikube \n\
 cyclonedx-gomod mod -json -output /examples/mod_minikube-v1.23.1.bom.json -licenses /home/cdx/minikube \n\
 cyclonedx-gomod bin -json -output /examples/bin_minikube-v1.23.1.bom.json -licenses -version v1.23.1 /home/cdx/minikube-linux-amd64 \n\
-cyclonedx validate --input-file /examples/app_minikube-v1.23.1.bom.json --input-format json_v1_3 --fail-on-errors \n\
-cyclonedx validate --input-file /examples/app_minikube-v1.23.1_with-packages.bom.json --input-format json_v1_3 --fail-on-errors \n\
-cyclonedx validate --input-file /examples/app_minikube-v1.23.1_with-files.bom.json --input-format json_v1_3 --fail-on-errors \n\
-cyclonedx validate --input-file /examples/mod_minikube-v1.23.1.bom.json --input-format json_v1_3 --fail-on-errors \n\
-cyclonedx validate --input-file /examples/bin_minikube-v1.23.1.bom.json --input-format json_v1_3 --fail-on-errors \n\
+cyclonedx validate --input-file /examples/app_minikube-v1.23.1.bom.json --input-format json --input-version v1_4 --fail-on-errors \n\
+cyclonedx validate --input-file /examples/app_minikube-v1.23.1_with-packages.bom.json --input-format json --input-version v1_4 --fail-on-errors \n\
+cyclonedx validate --input-file /examples/app_minikube-v1.23.1_with-files.bom.json --input-format json --input-version v1_4 --fail-on-errors \n\
+cyclonedx validate --input-file /examples/mod_minikube-v1.23.1.bom.json --input-format json --input-version v1_4 --fail-on-errors \n\
+cyclonedx validate --input-file /examples/bin_minikube-v1.23.1.bom.json --input-format json --input-version v1_4 --fail-on-errors \n\
 " > /home/cdx/generate-examples.sh
 
 # Install cyclonedx-gomod

diff --git a/examples/app_minikube-v1.23.1.bom.json b/examples/app_minikube-v1.23.1.bom.json
@@ -1,35 +1,45 @@
 {
   "bomFormat": "CycloneDX",
-  "specVersion": "1.3",
-  "serialNumber": "urn:uuid:5d701082-2429-4547-88e4-d8fa2e79708b",
+  "specVersion": "1.4",
+  "serialNumber": "urn:uuid:b29ac4c7-4d05-4b87-bfa5-f887c60c8b41",
   "version": 1,
   "metadata": {
-    "timestamp": "2022-01-26T12:44:01Z",
+    "timestamp": "2022-02-11T15:51:18Z",
     "tools": [
       {
         "vendor": "CycloneDX",
         "name": "cyclonedx-gomod",
-        "version": "v0.0.0-20220126133025-f73551881789",
+        "version": "v0.0.0-20220211164550-4255da92db09",
         "hashes": [
           {
             "alg": "MD5",
-            "content": "6e5d5cc1f21db2040663c63155df8d57"
+            "content": "121a56cd685b03d70df1c7086e56e242"
           },
           {
             "alg": "SHA-1",
-            "content": "d65c58f99679b1e8fb5cbc2a4651139d818dd6e4"
+            "content": "6a3f516da7e258e73e6d712636253969cede1160"
           },
           {
             "alg": "SHA-256",
-            "content": "cfcc399ba50f7f422f01ec3279f60b32f4390130cc8bb8c8f34e47c2ec5a5fe8"
+            "content": "32fda80c9882092e1b767d3b1bfbf323b5d21d09376ef86c2b7facc639af5285"
           },
           {
             "alg": "SHA-384",
-            "content": "49b7816217079adb33042dd81ec4e997666223d2536d2e34235d7c103cfa783ef5969777988eafd5a79302f3a73e74b1"
+            "content": "3db4f0b63926754be34c7ea32dfc75781d6f6ce7ec7e5c2299703032ba6221115bf17fd36092a6f832c001611d2efbda"
           },
           {
             "alg": "SHA-512",
-            "content": "7013bacfc966b77585491ba217864e4a5cb943603f9fe9d85932f55bb70d120e520937f99daf33d1a4f6c918f5e9c23b63225249342167800705aa997032b402"
+            "content": "746d71a12901626285f8601115d884ebbbad5abac79466c98938279f28a53ab5c53c24a7e77162fd831c67989edcd4e04f8f3c9f9bdef89d88f30fa3d4c8e2b5"
+          }
+        ],
+        "externalReferences": [
+          {
+            "url": "https://github.com/CycloneDX/cyclonedx-gomod",
+            "type": "vcs"
+          },
+          {
+            "url": "https://cyclonedx.org",
+            "type": "website"
           }
         ]
       }
@@ -55,7 +65,7 @@
         },
         {
           "name": "cdx:gomod:build:env:GOVERSION",
-          "value": "go1.17.5"
+          "value": "go1.17.7"
         }
       ],
       "evidence": {

diff --git a/examples/app_minikube-v1.23.1_with-files.bom.json b/examples/app_minikube-v1.23.1_with-files.bom.json
@@ -1,35 +1,45 @@
 {
   "bomFormat": "CycloneDX",
-  "specVersion": "1.3",
-  "serialNumber": "urn:uuid:74c8d82b-6036-42ed-8ecd-52441263eb45",
+  "specVersion": "1.4",
+  "serialNumber": "urn:uuid:a084ed87-d5a7-4213-9e8a-1a49c2631e32",
   "version": 1,
   "metadata": {
-    "timestamp": "2022-01-26T12:44:16Z",
+    "timestamp": "2022-02-11T15:51:30Z",
     "tools": [
       {
         "vendor": "CycloneDX",
         "name": "cyclonedx-gomod",
-        "version": "v0.0.0-20220126133025-f73551881789",
+        "version": "v0.0.0-20220211164550-4255da92db09",
         "hashes": [
           {
             "alg": "MD5",
-            "content": "6e5d5cc1f21db2040663c63155df8d57"
+            "content": "121a56cd685b03d70df1c7086e56e242"
           },
           {
             "alg": "SHA-1",
-            "content": "d65c58f99679b1e8fb5cbc2a4651139d818dd6e4"
+            "content": "6a3f516da7e258e73e6d712636253969cede1160"
           },
           {
             "alg": "SHA-256",
-            "content": "cfcc399ba50f7f422f01ec3279f60b32f4390130cc8bb8c8f34e47c2ec5a5fe8"
+            "content": "32fda80c9882092e1b767d3b1bfbf323b5d21d09376ef86c2b7facc639af5285"
           },
           {
             "alg": "SHA-384",
-            "content": "49b7816217079adb33042dd81ec4e997666223d2536d2e34235d7c103cfa783ef5969777988eafd5a79302f3a73e74b1"
+            "content": "3db4f0b63926754be34c7ea32dfc75781d6f6ce7ec7e5c2299703032ba6221115bf17fd36092a6f832c001611d2efbda"
           },
           {
             "alg": "SHA-512",
-            "content": "7013bacfc966b77585491ba217864e4a5cb943603f9fe9d85932f55bb70d120e520937f99daf33d1a4f6c918f5e9c23b63225249342167800705aa997032b402"
+            "content": "746d71a12901626285f8601115d884ebbbad5abac79466c98938279f28a53ab5c53c24a7e77162fd831c67989edcd4e04f8f3c9f9bdef89d88f30fa3d4c8e2b5"
+          }
+        ],
+        "externalReferences": [
+          {
+            "url": "https://github.com/CycloneDX/cyclonedx-gomod",
+            "type": "vcs"
+          },
+          {
+            "url": "https://cyclonedx.org",
+            "type": "website"
           }
         ]
       }
@@ -55,7 +65,7 @@
         },
         {
           "name": "cdx:gomod:build:env:GOVERSION",
-          "value": "go1.17.5"
+          "value": "go1.17.7"
         }
       ],
       "components": [