diff --git a/plugins/reporters/cyclonedx/src/funTest/assets/cyclonedx-reporter-expected-result-with-findings.json b/plugins/reporters/cyclonedx/src/funTest/assets/cyclonedx-reporter-expected-result-with-findings.json index 6738690397eb..b5ff2a77a5e7 100644 --- a/plugins/reporters/cyclonedx/src/funTest/assets/cyclonedx-reporter-expected-result-with-findings.json +++ b/plugins/reporters/cyclonedx/src/funTest/assets/cyclonedx-reporter-expected-result-with-findings.json @@ -3,6 +3,15 @@ "specVersion": "1.4", "serialNumber": "urn:uuid:01234567-0123-0123-0123-01234567", "version": 1, + "metadata": { + "timestamp": "1970-01-01T00:00:00Z", + "tools": [ + { + "name": "OSS Review Toolkit", + "version": "deadbeef" + } + ] + }, "components": [ { "group": "@ort", diff --git a/plugins/reporters/cyclonedx/src/funTest/assets/cyclonedx-reporter-expected-result-without-findings.json b/plugins/reporters/cyclonedx/src/funTest/assets/cyclonedx-reporter-expected-result-without-findings.json index 00c4c31c8e6c..d60602bd59e9 100644 --- a/plugins/reporters/cyclonedx/src/funTest/assets/cyclonedx-reporter-expected-result-without-findings.json +++ b/plugins/reporters/cyclonedx/src/funTest/assets/cyclonedx-reporter-expected-result-without-findings.json @@ -3,6 +3,15 @@ "specVersion": "1.4", "serialNumber": "urn:uuid:01234567-0123-0123-0123-01234567", "version": 1, + "metadata": { + "timestamp": "1970-01-01T00:00:00Z", + "tools": [ + { + "name": "OSS Review Toolkit", + "version": "deadbeef" + } + ] + }, "externalReferences": [ { "type": "website", diff --git a/plugins/reporters/cyclonedx/src/funTest/assets/cyclonedx-reporter-expected-result.json b/plugins/reporters/cyclonedx/src/funTest/assets/cyclonedx-reporter-expected-result.json index e9a9f807b7a7..f8e994c61787 100644 --- a/plugins/reporters/cyclonedx/src/funTest/assets/cyclonedx-reporter-expected-result.json +++ b/plugins/reporters/cyclonedx/src/funTest/assets/cyclonedx-reporter-expected-result.json @@ -3,6 +3,15 @@ "specVersion": "1.4", "serialNumber": "urn:uuid:01234567-0123-0123-0123-01234567", "version": 1, + "metadata": { + "timestamp": "1970-01-01T00:00:00Z", + "tools": [ + { + "name": "OSS Review Toolkit", + "version": "deadbeef" + } + ] + }, "components": [ { "group": "@ort", diff --git a/plugins/reporters/cyclonedx/src/funTest/assets/cyclonedx-reporter-expected-result.xml b/plugins/reporters/cyclonedx/src/funTest/assets/cyclonedx-reporter-expected-result.xml index 0c9c28634c37..a16427871920 100644 --- a/plugins/reporters/cyclonedx/src/funTest/assets/cyclonedx-reporter-expected-result.xml +++ b/plugins/reporters/cyclonedx/src/funTest/assets/cyclonedx-reporter-expected-result.xml @@ -1,5 +1,14 @@ + + 1970-01-01T00:00:00Z + + + OSS Review Toolkit + deadbeef + + + @ort diff --git a/plugins/reporters/cyclonedx/src/funTest/kotlin/CycloneDxReporterFunTest.kt b/plugins/reporters/cyclonedx/src/funTest/kotlin/CycloneDxReporterFunTest.kt index 36364295d285..35e972649e60 100644 --- a/plugins/reporters/cyclonedx/src/funTest/kotlin/CycloneDxReporterFunTest.kt +++ b/plugins/reporters/cyclonedx/src/funTest/kotlin/CycloneDxReporterFunTest.kt @@ -174,5 +174,13 @@ private fun String.patchCycloneDxResult(): String { .replaceFirst( """urn:uuid:[a-f0-9]{8}(?:-[a-f0-9]{4}){4}[a-f0-9]{8}""".toRegex(), "urn:uuid:01234567-0123-0123-0123-01234567" + ) + .replaceFirst( + """(timestamp[>"](\s*:\s*")?)\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z""".toRegex(), + "$11970-01-01T00:00:00Z" + ) + .replaceFirst( + """(version[>"](\s*:\s*")?)[\w.-]+""".toRegex(), + "$1deadbeef" ) + substring(headerEnd) } diff --git a/plugins/reporters/cyclonedx/src/main/kotlin/CycloneDxReporter.kt b/plugins/reporters/cyclonedx/src/main/kotlin/CycloneDxReporter.kt index a8a7ccd813c2..8e65239a19d3 100644 --- a/plugins/reporters/cyclonedx/src/main/kotlin/CycloneDxReporter.kt +++ b/plugins/reporters/cyclonedx/src/main/kotlin/CycloneDxReporter.kt @@ -21,6 +21,7 @@ package org.ossreviewtoolkit.plugins.reporters.cyclonedx import java.io.File import java.util.Base64 +import java.util.Date import java.util.SortedSet import java.util.UUID @@ -34,6 +35,8 @@ import org.cyclonedx.model.ExternalReference import org.cyclonedx.model.Hash import org.cyclonedx.model.License import org.cyclonedx.model.LicenseChoice +import org.cyclonedx.model.Metadata +import org.cyclonedx.model.Tool import org.ossreviewtoolkit.model.FileFormat import org.ossreviewtoolkit.model.LicenseSource @@ -44,6 +47,8 @@ import org.ossreviewtoolkit.model.utils.toPurl import org.ossreviewtoolkit.reporter.Reporter import org.ossreviewtoolkit.reporter.ReporterInput import org.ossreviewtoolkit.utils.common.isFalse +import org.ossreviewtoolkit.utils.ort.Environment +import org.ossreviewtoolkit.utils.ort.ORT_FULL_NAME import org.ossreviewtoolkit.utils.ort.ORT_NAME import org.ossreviewtoolkit.utils.spdx.SpdxLicense @@ -148,9 +153,20 @@ class CycloneDxReporter : Reporter { ?.mapTo(mutableSetOf()) { FileFormat.valueOf(it.uppercase()) } ?: setOf(FileFormat.XML) + val metadata = Metadata().apply { + timestamp = Date() + tools = listOf( + Tool().apply { + name = ORT_FULL_NAME + version = Environment.ORT_VERSION + } + ) + } + if (createSingleBom) { val bom = Bom().apply { serialNumber = "urn:uuid:${UUID.randomUUID()}" + this.metadata = metadata components = mutableListOf() } @@ -187,6 +203,7 @@ class CycloneDxReporter : Reporter { projects.forEach { project -> val bom = Bom().apply { serialNumber = "urn:uuid:${UUID.randomUUID()}" + this.metadata = metadata components = mutableListOf() }