diff --git a/convert.go b/convert.go index 6acec2f..f3bbb68 100644 --- a/convert.go +++ b/convert.go @@ -145,6 +145,11 @@ func componentConverter(specVersion SpecVersion) func(*Component) { } } + if specVersion < SpecVersion1_6 { + c.SWHID = nil + c.OmniborID = nil + } + if !specVersion.supportsComponentType(c.Type) { c.Type = ComponentTypeApplication } diff --git a/cyclonedx.go b/cyclonedx.go index 9afabe0..c223e93 100644 --- a/cyclonedx.go +++ b/cyclonedx.go @@ -95,10 +95,10 @@ type BOM struct { func NewBOM() *BOM { return &BOM{ - JSONSchema: jsonSchemas[SpecVersion1_5], - XMLNS: xmlNamespaces[SpecVersion1_5], + JSONSchema: jsonSchemas[SpecVersion1_6], + XMLNS: xmlNamespaces[SpecVersion1_6], BOMFormat: BOMFormat, - SpecVersion: SpecVersion1_5, + SpecVersion: SpecVersion1_6, Version: 1, } } @@ -173,6 +173,8 @@ type Component struct { Copyright string `json:"copyright,omitempty" xml:"copyright,omitempty"` CPE string `json:"cpe,omitempty" xml:"cpe,omitempty"` PackageURL string `json:"purl,omitempty" xml:"purl,omitempty"` + OmniborID *[]string `json:"omniborId,omitempty" xml:"omniborId,omitempty"` + SWHID *[]string `json:"swhid,omitempty" xml:"swhid,omitempty"` SWID *SWID `json:"swid,omitempty" xml:"swid,omitempty"` Modified *bool `json:"modified,omitempty" xml:"modified,omitempty"` Pedigree *Pedigree `json:"pedigree,omitempty" xml:"pedigree,omitempty"` @@ -325,13 +327,15 @@ type EvidenceIdentity struct { type EvidenceIdentityFieldType string const ( - EvidenceIdentityFieldTypeCPE EvidenceIdentityFieldType = "cpe" - EvidenceIdentityFieldTypeGroup EvidenceIdentityFieldType = "group" - EvidenceIdentityFieldTypeHash EvidenceIdentityFieldType = "hash" - EvidenceIdentityFieldTypeName EvidenceIdentityFieldType = "name" - EvidenceIdentityFieldTypePURL EvidenceIdentityFieldType = "purl" - EvidenceIdentityFieldTypeSWID EvidenceIdentityFieldType = "swid" - EvidenceIdentityFieldTypeVersion EvidenceIdentityFieldType = "version" + EvidenceIdentityFieldTypeCPE EvidenceIdentityFieldType = "cpe" + EvidenceIdentityFieldTypeGroup EvidenceIdentityFieldType = "group" + EvidenceIdentityFieldTypeHash EvidenceIdentityFieldType = "hash" + EvidenceIdentityFieldTypeName EvidenceIdentityFieldType = "name" + EvidenceIdentityFieldTypePURL EvidenceIdentityFieldType = "purl" + EvidenceIdentityFieldTypeOmniborID EvidenceIdentityFieldType = "omniborId" + EvidenceIdentityFieldTypeSWHID EvidenceIdentityFieldType = "swhid" + EvidenceIdentityFieldTypeSWID EvidenceIdentityFieldType = "swid" + EvidenceIdentityFieldTypeVersion EvidenceIdentityFieldType = "version" ) type EvidenceIdentityMethod struct { diff --git a/cyclonedx_json.go b/cyclonedx_json.go index 1530510..8faa679 100644 --- a/cyclonedx_json.go +++ b/cyclonedx_json.go @@ -124,6 +124,8 @@ func (sv *SpecVersion) UnmarshalJSON(bytes []byte) error { *sv = SpecVersion1_4 case SpecVersion1_5.String(): *sv = SpecVersion1_5 + case SpecVersion1_6.String(): + *sv = SpecVersion1_6 default: return ErrInvalidSpecVersion } @@ -192,4 +194,5 @@ var jsonSchemas = map[SpecVersion]string{ SpecVersion1_3: "http://cyclonedx.org/schema/bom-1.3.schema.json", SpecVersion1_4: "http://cyclonedx.org/schema/bom-1.4.schema.json", SpecVersion1_5: "http://cyclonedx.org/schema/bom-1.5.schema.json", + SpecVersion1_6: "http://cyclonedx.org/schema/bom-1.6.schema.json", } diff --git a/cyclonedx_xml.go b/cyclonedx_xml.go index 32eb80c..5624879 100644 --- a/cyclonedx_xml.go +++ b/cyclonedx_xml.go @@ -292,6 +292,8 @@ func (sv *SpecVersion) UnmarshalXML(d *xml.Decoder, start xml.StartElement) erro *sv = SpecVersion1_4 case SpecVersion1_5.String(): *sv = SpecVersion1_5 + case SpecVersion1_6.String(): + *sv = SpecVersion1_6 default: return ErrInvalidSpecVersion } @@ -411,4 +413,5 @@ var xmlNamespaces = map[SpecVersion]string{ SpecVersion1_3: "http://cyclonedx.org/schema/bom/1.3", SpecVersion1_4: "http://cyclonedx.org/schema/bom/1.4", SpecVersion1_5: "http://cyclonedx.org/schema/bom/1.5", + SpecVersion1_6: "http://cyclonedx.org/schema/bom/1.6", } diff --git a/encode_test.go b/encode_test.go index d099f15..c65bd29 100644 --- a/encode_test.go +++ b/encode_test.go @@ -50,9 +50,9 @@ func TestJsonBOMEncoder_SetPretty(t *testing.T) { require.NoError(t, encoder.Encode(bom)) assert.Equal(t, `{ - "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "version": 1, "metadata": { "authors": [ @@ -83,9 +83,9 @@ func TestJsonBOMEncoder_SetEscapeHTML_true(t *testing.T) { require.NoError(t, encoder.Encode(bom)) assert.Equal(t, `{ - "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "version": 1, "metadata": { "authors": [ @@ -116,9 +116,9 @@ func TestJsonBOMEncoder_SetEscapeHTML_false(t *testing.T) { require.NoError(t, encoder.Encode(bom)) assert.Equal(t, `{ - "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "version": 1, "metadata": { "authors": [ @@ -158,7 +158,7 @@ func TestXmlBOMEncoder_SetPretty(t *testing.T) { require.NoError(t, encoder.Encode(bom)) assert.Equal(t, ` - + @@ -186,7 +186,7 @@ func TestJsonBOMEncoder_EncodeVersion(t *testing.T) { require.ErrorContains(t, err, "not supported") }) - for _, version := range []SpecVersion{SpecVersion1_2, SpecVersion1_3, SpecVersion1_4, SpecVersion1_5} { + for _, version := range []SpecVersion{SpecVersion1_2, SpecVersion1_3, SpecVersion1_4, SpecVersion1_5, SpecVersion1_6} { t.Run(version.String(), func(t *testing.T) { // Read original BOM JSON inputFile, err := os.Open("./testdata/valid-bom.json") @@ -216,7 +216,7 @@ func TestJsonBOMEncoder_EncodeVersion(t *testing.T) { } func TestXmlBOMEncoder_EncodeVersion(t *testing.T) { - for _, version := range []SpecVersion{SpecVersion1_0, SpecVersion1_1, SpecVersion1_2, SpecVersion1_3, SpecVersion1_4, SpecVersion1_5} { + for _, version := range []SpecVersion{SpecVersion1_0, SpecVersion1_1, SpecVersion1_2, SpecVersion1_3, SpecVersion1_4, SpecVersion1_5, SpecVersion1_6} { t.Run(version.String(), func(t *testing.T) { // Read original BOM JSON inputFile, err := os.Open("./testdata/valid-bom.xml") diff --git a/example_test.go b/example_test.go index efe2dcd..e8f7d8b 100644 --- a/example_test.go +++ b/example_test.go @@ -89,7 +89,7 @@ func Example_encode() { // Output: // - // + // // // // ACME Application diff --git a/roundtrip_test.go b/roundtrip_test.go index 8fa9dc7..64c8e92 100644 --- a/roundtrip_test.go +++ b/roundtrip_test.go @@ -52,7 +52,7 @@ func TestRoundTripJSON(t *testing.T) { require.NoError(t, err) // Sanity checks: BOM has to be valid - assertValidBOM(t, buf.Bytes(), BOMFileFormatJSON, SpecVersion1_5) + assertValidBOM(t, buf.Bytes(), BOMFileFormatJSON, SpecVersion1_6) // Compare with snapshot assert.NoError(t, snapShooter.SnapshotMulti(filepath.Base(bomFilePath), buf.String())) @@ -85,7 +85,7 @@ func TestRoundTripXML(t *testing.T) { require.NoError(t, err) // Sanity check: BOM has to be valid - assertValidBOM(t, buf.Bytes(), BOMFileFormatXML, SpecVersion1_5) + assertValidBOM(t, buf.Bytes(), BOMFileFormatXML, SpecVersion1_6) // Compare with snapshot assert.NoError(t, snapShooter.SnapshotMulti(filepath.Base(bomFilePath), buf.String())) diff --git a/schema/bom-1.6.xsd b/schema/bom-1.6.xsd index 5119056..23dc620 100644 --- a/schema/bom-1.6.xsd +++ b/schema/bom-1.6.xsd @@ -24,7 +24,7 @@ limitations under the License. vc:maxVersion="1.1" version="1.6.0"> - + diff --git a/testdata/snapshots/cyclonedx-go-TestJsonBOMEncoder_EncodeVersion-func3-1.6.bom.json b/testdata/snapshots/cyclonedx-go-TestJsonBOMEncoder_EncodeVersion-func3-1.6.bom.json new file mode 100644 index 0000000..925418a --- /dev/null +++ b/testdata/snapshots/cyclonedx-go-TestJsonBOMEncoder_EncodeVersion-func3-1.6.bom.json @@ -0,0 +1,200 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "timestamp": "2020-04-13T20:20:39+00:00", + "tools": { + "components": [ + { + "type": "application", + "group": "Awesome Vendor", + "name": "Awesome Tool", + "version": "9.1.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "25ed8e31b995bb927966616df2a42b979a2717f0" + }, + { + "alg": "SHA-256", + "content": "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" + } + ] + } + ], + "services": [ + { + "provider": { + "name": "Acme Org", + "url": [ + "https://example.com" + ] + }, + "group": "com.example", + "name": "Acme Signing Server", + "description": "Signs artifacts", + "endpoints": [ + "https://example.com/sign", + "https://example.com/verify", + "https://example.com/tsa" + ] + } + ] + }, + "authors": [ + { + "name": "Samantha Wright", + "email": "samantha.wright@example.com", + "phone": "800-555-1212" + } + ], + "component": { + "type": "application", + "author": "Acme Super Heros", + "name": "Acme Application", + "version": "9.1.1", + "swid": { + "text": { + "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==", + "contentType": "text/xml", + "encoding": "base64" + }, + "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", + "name": "Acme Application", + "version": "9.1.1" + } + }, + "manufacture": { + "name": "Acme, Inc.", + "url": [ + "https://example.com" + ], + "contact": [ + { + "name": "Acme Professional Services", + "email": "professional.services@example.com" + } + ] + }, + "supplier": { + "name": "Acme, Inc.", + "url": [ + "https://example.com" + ], + "contact": [ + { + "name": "Acme Distribution", + "email": "distribution@example.com" + } + ] + } + }, + "components": [ + { + "bom-ref": "pkg:npm/acme/component@1.0.0", + "type": "library", + "publisher": "Acme Inc", + "group": "com.acme", + "name": "tomcat-catalina", + "version": "9.0.14", + "hashes": [ + { + "alg": "MD5", + "content": "3942447fac867ae5cdb3229b658f4d48" + }, + { + "alg": "SHA-1", + "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" + }, + { + "alg": "SHA-256", + "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" + }, + { + "alg": "SHA-512", + "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "text": { + "content": "CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4=", + "contentType": "text/plain", + "encoding": "base64" + }, + "url": "https://www.apache.org/licenses/LICENSE-2.0.txt" + } + } + ], + "purl": "pkg:npm/acme/component@1.0.0", + "pedigree": { + "ancestors": [ + { + "type": "library", + "publisher": "Acme Inc", + "group": "com.acme", + "name": "tomcat-catalina", + "version": "9.0.14" + }, + { + "type": "library", + "publisher": "Acme Inc", + "group": "com.acme", + "name": "tomcat-catalina", + "version": "9.0.14" + } + ], + "commits": [ + { + "uid": "7638417db6d59f3c431d3e1f261cc637155684cd", + "url": "https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd", + "author": { + "timestamp": "2018-11-13T20:20:39+00:00", + "name": "me", + "email": "me@acme.org" + } + } + ] + } + }, + { + "type": "library", + "supplier": { + "name": "Example, Inc.", + "url": [ + "https://example.com", + "https://example.net" + ], + "contact": [ + { + "name": "Example Support AMER Distribution", + "email": "support@example.com", + "phone": "800-555-1212" + }, + { + "name": "Example Support APAC", + "email": "support@apac.example.com" + } + ] + }, + "author": "Example Super Heros", + "group": "org.example", + "name": "mylibrary", + "version": "1.0.0" + } + ], + "dependencies": [ + { + "ref": "pkg:npm/acme/component@1.0.0", + "dependsOn": [ + "pkg:npm/acme/component@1.0.0" + ] + } + ] +} + diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-annotation.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-annotation.json index 8c36da8..d7e7c85 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-annotation.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-annotation.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-assembly.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-assembly.json index 7824237..7e5a354 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-assembly.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-assembly.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-bom.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-bom.json index f233380..9a6ca6a 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-bom.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-bom.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-hashes.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-hashes.json index 527577e..472d825 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-hashes.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-hashes.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-omniborId.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-omniborId.json new file mode 100644 index 0000000..a59525c --- /dev/null +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-omniborId.json @@ -0,0 +1,18 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "application", + "author": "Acme Super Heros", + "name": "Acme Application", + "version": "9.1.1", + "omniborId": [ + "gitoid:blob:sha1:a94a8fe5ccb19ba61c4c0873d391e987982fbbd3" + ] + } + ] +} + diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-ref.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-ref.json index 99307aa..bc70bc6 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-ref.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-ref.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-swhid.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-swhid.json new file mode 100644 index 0000000..1125341 --- /dev/null +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-swhid.json @@ -0,0 +1,18 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "application", + "author": "Acme Super Heros", + "name": "Acme Application", + "version": "9.1.1", + "swhid": [ + "swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2" + ] + } + ] +} + diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-swid-full.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-swid-full.json index 33b727a..11111a5 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-swid-full.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-swid-full.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-swid.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-swid.json index 37565aa..38c1927 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-swid.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-swid.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-types.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-types.json index 29abae2..48b8915 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-types.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-types.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-compositions.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-compositions.json index ca75376..6fe5957 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-compositions.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-compositions.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-dependency.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-dependency.json index 67a6f51..211eb32 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-dependency.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-dependency.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-empty-components.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-empty-components.json index 58678b8..7ffedf1 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-empty-components.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-empty-components.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [] diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-evidence.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-evidence.json index d59f71f..5e64c04 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-evidence.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-evidence.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-external-reference.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-external-reference.json index a54a326..bf45439 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-external-reference.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-external-reference.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-formulation.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-formulation.json index 64cba16..16a719e 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-formulation.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-formulation.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-license-expression.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-license-expression.json index cbda94a..5cc6829 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-license-expression.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-license-expression.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-license-id.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-license-id.json index 0f508a5..c784695 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-license-id.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-license-id.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-license-licensing.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-license-licensing.json index b220db7..57007b0 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-license-licensing.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-license-licensing.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-license-name.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-license-name.json index fede9a3..7ac9759 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-license-name.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-license-name.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-lifecycle.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-lifecycle.json index bafa7ab..2958fc2 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-lifecycle.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-lifecycle.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-machine-learning.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-machine-learning.json index 2c00ec5..6fddbe1 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-machine-learning.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-machine-learning.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-author.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-author.json index c83f25b..b2c6e32 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-author.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-author.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-license.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-license.json index b6f925c..8bcb9b2 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-license.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-license.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-manufacture.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-manufacture.json index 1922730..2b15cca 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-manufacture.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-manufacture.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-supplier.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-supplier.json index e10022e..d9a7806 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-supplier.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-supplier.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-timestamp.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-timestamp.json index 4c53dd3..6083a69 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-timestamp.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-timestamp.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-tool-deprecated.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-tool-deprecated.json index f31655f..ccc1aba 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-tool-deprecated.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-tool-deprecated.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-tool.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-tool.json index bc4535b..a3a4cae 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-tool.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-tool.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-minimal-viable.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-minimal-viable.json index 31d47d1..232d12b 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-minimal-viable.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-minimal-viable.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-patch.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-patch.json index 5b00b79..45a0f5e 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-patch.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-patch.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-properties.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-properties.json index 5130bae..8d5d16b 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-properties.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-properties.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-release-notes.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-release-notes.json index 792ad55..9badeb2 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-release-notes.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-release-notes.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-service-empty-objects.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-service-empty-objects.json index a2357bb..596cce0 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-service-empty-objects.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-service-empty-objects.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "services": [ diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-service.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-service.json index 5f0a4c2..6f9549c 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-service.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-service.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-vulnerability.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-vulnerability.json index d496ddb..d13edde 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-vulnerability.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-vulnerability.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-annotation.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-annotation.xml index 67b1e83..383a934 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-annotation.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-annotation.xml @@ -1,5 +1,5 @@ - + Component A diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-assembly.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-assembly.xml index 0e674bb..f0beffe 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-assembly.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-assembly.xml @@ -1,5 +1,5 @@ - + acme-library-a diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-bom.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-bom.xml index 4c53cf6..f83bb18 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-bom.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-bom.xml @@ -1,5 +1,5 @@ - + 2020-04-07T07:01:00Z diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-component-hashes.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-component-hashes.xml index bd7af4e..60c6fcd 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-component-hashes.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-component-hashes.xml @@ -1,5 +1,5 @@ - + acme-example diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-component-omniborId.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-component-omniborId.xml new file mode 100644 index 0000000..7096153 --- /dev/null +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-component-omniborId.xml @@ -0,0 +1,12 @@ + + + + + Acme Super Heros + Acme Application + 9.1.1 + gitoid:blob:sha1:a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 + gitoid:blob:sha256:9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 + + + diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-component-ref.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-component-ref.xml index 8d04ed3..fefe10d 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-component-ref.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-component-ref.xml @@ -1,5 +1,5 @@ - + acme-library diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-component-swhid.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-component-swhid.xml new file mode 100644 index 0000000..167dae1 --- /dev/null +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-component-swhid.xml @@ -0,0 +1,12 @@ + + + + + Acme Super Heros + Acme Application + 9.1.1 + swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2 + swh:1:cnt:618152ea559a168bbcbb5e294a9ed024d3859793 + + + diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-component-swid-full.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-component-swid-full.xml index 07459dd..70d0508 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-component-swid-full.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-component-swid-full.xml @@ -1,5 +1,5 @@ - + Acme Super Heros diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-component-swid.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-component-swid.xml index e3a308c..ce46055 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-component-swid.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-component-swid.xml @@ -1,5 +1,5 @@ - + Acme Super Heros diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-component-types.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-component-types.xml index 3b9ce9b..1d4f293 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-component-types.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-component-types.xml @@ -1,5 +1,5 @@ - + application-a diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-compositions.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-compositions.xml index 34baab1..0d8f4fb 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-compositions.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-compositions.xml @@ -1,5 +1,5 @@ - + Acme Application diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-dependency.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-dependency.xml index 8c7c54c..ab25d72 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-dependency.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-dependency.xml @@ -1,5 +1,5 @@ - + acme-library-a diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-empty-components.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-empty-components.xml index 7ea6dda..b411b69 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-empty-components.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-empty-components.xml @@ -1,2 +1,2 @@ - + diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-evidence.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-evidence.xml index 8e35160..5a45cfd 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-evidence.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-evidence.xml @@ -1,5 +1,5 @@ - + com.google.code.findbugs diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-external-reference.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-external-reference.xml index e89c8b3..6ff6816 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-external-reference.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-external-reference.xml @@ -1,5 +1,5 @@ - + org.example diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-formulation.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-formulation.xml index c7ff248..1498f7e 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-formulation.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-formulation.xml @@ -1,5 +1,5 @@ - + Acme Inc diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-license-expression.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-license-expression.xml index 5961c9d..1b562b1 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-license-expression.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-license-expression.xml @@ -1,5 +1,5 @@ - + Acme Inc diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-license-id.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-license-id.xml index b288b92..e531c62 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-license-id.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-license-id.xml @@ -1,5 +1,5 @@ - + Acme Inc diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-license-licensing.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-license-licensing.xml index 681362b..28552e1 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-license-licensing.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-license-licensing.xml @@ -1,5 +1,5 @@ - + Acme Inc diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-license-name.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-license-name.xml index db0d80f..8b7cece 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-license-name.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-license-name.xml @@ -1,5 +1,5 @@ - + Acme Inc diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-lifecycle.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-lifecycle.xml index 69b66e1..9df8a26 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-lifecycle.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-lifecycle.xml @@ -1,5 +1,5 @@ - + diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-machine-learning.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-machine-learning.xml index 76276e9..c7b5bc4 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-machine-learning.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-machine-learning.xml @@ -1,5 +1,5 @@ - + Acme Inc diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-author.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-author.xml index 634c9b8..331bf09 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-author.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-author.xml @@ -1,5 +1,5 @@ - + diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-license.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-license.xml index 52c9233..ca87c7a 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-license.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-license.xml @@ -1,5 +1,5 @@ - + diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-manufacture.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-manufacture.xml index 0c9cfbe..74460c2 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-manufacture.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-manufacture.xml @@ -1,5 +1,5 @@ - + Acme, Inc. diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-supplier.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-supplier.xml index bb1a4e0..835bbe9 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-supplier.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-supplier.xml @@ -1,5 +1,5 @@ - + Acme, Inc. diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-timestamp.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-timestamp.xml index f2d4a99..46838af 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-timestamp.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-timestamp.xml @@ -1,5 +1,5 @@ - + 2020-04-07T07:01:00Z diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-tool-deprecated.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-tool-deprecated.xml index bfe8af7..c506119 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-tool-deprecated.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-tool-deprecated.xml @@ -1,5 +1,5 @@ - + diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-tool.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-tool.xml index 95b9eaa..1f5f6e1 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-tool.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-tool.xml @@ -1,5 +1,5 @@ - + diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-minimal-viable.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-minimal-viable.xml index af1cb69..8d78761 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-minimal-viable.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-minimal-viable.xml @@ -1,5 +1,5 @@ - + acme-library diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-patch.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-patch.xml index 514512c..9a2d394 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-patch.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-patch.xml @@ -1,5 +1,5 @@ - + com.acme diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-properties.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-properties.xml index e66d784..9b126b2 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-properties.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-properties.xml @@ -1,5 +1,5 @@ - + Bar diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-release-notes.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-release-notes.xml index 96ce5b5..e27bdde 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-release-notes.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-release-notes.xml @@ -1,5 +1,5 @@ - + acme-example diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-service-empty-objects.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-service-empty-objects.xml index 8521883..7442f3c 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-service-empty-objects.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-service-empty-objects.xml @@ -1,5 +1,5 @@ - + diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-service.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-service.xml index 77f59d3..cadf45c 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-service.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-service.xml @@ -1,5 +1,5 @@ - + com.acme diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-vulnerability.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-vulnerability.xml index 0bf3c56..93ef9b6 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-vulnerability.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-vulnerability.xml @@ -1,5 +1,5 @@ - + com.fasterxml.jackson.core diff --git a/testdata/snapshots/cyclonedx-go-TestXmlBOMEncoder_EncodeVersion-func1-1.6.bom.xml b/testdata/snapshots/cyclonedx-go-TestXmlBOMEncoder_EncodeVersion-func1-1.6.bom.xml new file mode 100644 index 0000000..b82454b --- /dev/null +++ b/testdata/snapshots/cyclonedx-go-TestXmlBOMEncoder_EncodeVersion-func1-1.6.bom.xml @@ -0,0 +1,197 @@ + + + + 2020-04-07T07:01:00Z + + + + Awesome Vendor + Awesome Tool + 9.1.2 + + 25ed8e31b995bb927966616df2a42b979a2717f0 + a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df + + + + + + + Acme Org + https://example.com + + com.example + Acme Signing Server + Signs artifacts + + https://example.com/sign + https://example.com/verify + https://example.com/tsa + + + + + + + Samantha Wright + samantha.wright@example.com + 800-555-1212 + + + + Acme Super Heros + Acme Application + 9.1.1 + + PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg== + + + + Acme, Inc. + https://example.com + + Acme Professional Services + professional.services@example.com + + + + Acme, Inc. + https://example.com + + Acme Distribution + distribution@example.com + + + + + + Acme Super Heros + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + Modified version of Apache Catalina + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + Apache-2.0 + CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= + https://www.apache.org/licenses/LICENSE-2.0.txt + + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + + Apache Super Heros + Apache + org.apache.tomcat + tomcat-catalina + 9.0.14 + Apache Catalina + + + Apache-2.0 + + + pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar + + + + + 7638417db6d59f3c431d3e1f261cc637155684cd + https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd + + 2018-11-07T22:01:45Z + John Doe + john.doe@example.com + + + 2018-11-07T22:01:45Z + Jane Doe + jane.doe@example.com + + Initial commit + + + Commentary here + + + + + Example Inc. + https://example.com + https://example.net + + Example Support AMER + support@example.com + 800-555-1212 + + + Example Support APAC + support@apac.example.com + + + Example Super Heros + org.example + mylibrary + 1.0.0 + required + + 2342c2eaf1feb9a80195dbaddf2ebaa3 + 68b78babe00a053f9e35ec6a2d9080f5b90122b0 + 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 + 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef + + + EPL-2.0 OR GPL-2.0-with-classpath-exception + + Copyright Example Inc. All rights reserved. + cpe:/a:example:myapplication:1.0.0 + pkg:maven/com.example/myapplication@1.0.0?packaging=war + + + http://example.org/docs + All component versions are documented here + + + http://example.org/security + + + + + Example Super Heros + com.example + myframework + 1.0.0 + Example Inc, enterprise framework + required + + cfcb0b64aacd2f81c1cd546543de965a + 7fbeef2346c45d565c3341f037bce4e088af8a52 + 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 + 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 + + + + Some random license + + + pkg:maven/com.example/myframework@1.0.0?packaging=war + + + http://example.com/myframework + + + http://example.com/security + + + + + diff --git a/testdata/valid-annotation.json b/testdata/valid-annotation.json index e2f3085..f070659 100644 --- a/testdata/valid-annotation.json +++ b/testdata/valid-annotation.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/valid-annotation.xml b/testdata/valid-annotation.xml index 3f8d3a9..5611bdf 100644 --- a/testdata/valid-annotation.xml +++ b/testdata/valid-annotation.xml @@ -1,5 +1,5 @@ - + Component A diff --git a/testdata/valid-assembly.json b/testdata/valid-assembly.json index aa26afe..681c10e 100644 --- a/testdata/valid-assembly.json +++ b/testdata/valid-assembly.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/valid-assembly.xml b/testdata/valid-assembly.xml index a8e34d8..089ce08 100644 --- a/testdata/valid-assembly.xml +++ b/testdata/valid-assembly.xml @@ -1,5 +1,5 @@ - + acme-library-a diff --git a/testdata/valid-bom.json b/testdata/valid-bom.json index 1ea8669..00706d7 100644 --- a/testdata/valid-bom.json +++ b/testdata/valid-bom.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { diff --git a/testdata/valid-bom.xml b/testdata/valid-bom.xml index 244f947..bb5ceaf 100644 --- a/testdata/valid-bom.xml +++ b/testdata/valid-bom.xml @@ -1,5 +1,5 @@ - + 2020-04-07T07:01:00Z diff --git a/testdata/valid-component-hashes.json b/testdata/valid-component-hashes.json index bcba363..fcb58a9 100644 --- a/testdata/valid-component-hashes.json +++ b/testdata/valid-component-hashes.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/valid-component-hashes.xml b/testdata/valid-component-hashes.xml index 37d05b9..4e5fcc6 100644 --- a/testdata/valid-component-hashes.xml +++ b/testdata/valid-component-hashes.xml @@ -1,5 +1,5 @@ - + acme-example diff --git a/testdata/valid-component-omniborId.json b/testdata/valid-component-omniborId.json new file mode 100644 index 0000000..886645e --- /dev/null +++ b/testdata/valid-component-omniborId.json @@ -0,0 +1,15 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "application", + "author": "Acme Super Heros", + "name": "Acme Application", + "version": "9.1.1", + "omniborId": ["gitoid:blob:sha1:a94a8fe5ccb19ba61c4c0873d391e987982fbbd3"] + } + ] +} diff --git a/testdata/valid-component-omniborId.xml b/testdata/valid-component-omniborId.xml new file mode 100644 index 0000000..572b09d --- /dev/null +++ b/testdata/valid-component-omniborId.xml @@ -0,0 +1,12 @@ + + + + + Acme Super Heros + Acme Application + 9.1.1 + gitoid:blob:sha1:a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 + gitoid:blob:sha256:9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 + + + diff --git a/testdata/valid-component-ref.json b/testdata/valid-component-ref.json index 3799d49..977fb1e 100644 --- a/testdata/valid-component-ref.json +++ b/testdata/valid-component-ref.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/valid-component-ref.xml b/testdata/valid-component-ref.xml index 46448db..b65c42d 100644 --- a/testdata/valid-component-ref.xml +++ b/testdata/valid-component-ref.xml @@ -1,5 +1,5 @@ - + acme-library diff --git a/testdata/valid-component-swhid.json b/testdata/valid-component-swhid.json new file mode 100644 index 0000000..32b1b93 --- /dev/null +++ b/testdata/valid-component-swhid.json @@ -0,0 +1,15 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "application", + "author": "Acme Super Heros", + "name": "Acme Application", + "version": "9.1.1", + "swhid": ["swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2"] + } + ] +} diff --git a/testdata/valid-component-swhid.xml b/testdata/valid-component-swhid.xml new file mode 100644 index 0000000..23cb75b --- /dev/null +++ b/testdata/valid-component-swhid.xml @@ -0,0 +1,12 @@ + + + + + Acme Super Heros + Acme Application + 9.1.1 + swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2 + swh:1:cnt:618152ea559a168bbcbb5e294a9ed024d3859793 + + + diff --git a/testdata/valid-component-swid-full.json b/testdata/valid-component-swid-full.json index 59cb168..576131c 100644 --- a/testdata/valid-component-swid-full.json +++ b/testdata/valid-component-swid-full.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/valid-component-swid-full.xml b/testdata/valid-component-swid-full.xml index bb1c81a..f0f7d40 100644 --- a/testdata/valid-component-swid-full.xml +++ b/testdata/valid-component-swid-full.xml @@ -1,5 +1,5 @@ - + Acme Super Heros diff --git a/testdata/valid-component-swid.json b/testdata/valid-component-swid.json index f28e9de..9b63b94 100644 --- a/testdata/valid-component-swid.json +++ b/testdata/valid-component-swid.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/valid-component-swid.xml b/testdata/valid-component-swid.xml index 9e4a0a1..3d4a954 100644 --- a/testdata/valid-component-swid.xml +++ b/testdata/valid-component-swid.xml @@ -1,5 +1,5 @@ - + Acme Super Heros diff --git a/testdata/valid-component-types.json b/testdata/valid-component-types.json index 6359068..782e701 100644 --- a/testdata/valid-component-types.json +++ b/testdata/valid-component-types.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/valid-component-types.xml b/testdata/valid-component-types.xml index 128a159..b66c396 100644 --- a/testdata/valid-component-types.xml +++ b/testdata/valid-component-types.xml @@ -1,5 +1,5 @@ - + application-a diff --git a/testdata/valid-compositions.json b/testdata/valid-compositions.json index 11c8a00..b42952e 100644 --- a/testdata/valid-compositions.json +++ b/testdata/valid-compositions.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { diff --git a/testdata/valid-compositions.xml b/testdata/valid-compositions.xml index 06800df..0806cad 100644 --- a/testdata/valid-compositions.xml +++ b/testdata/valid-compositions.xml @@ -1,5 +1,5 @@ - + Acme Application diff --git a/testdata/valid-dependency.json b/testdata/valid-dependency.json index fcaec59..3d24654 100644 --- a/testdata/valid-dependency.json +++ b/testdata/valid-dependency.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/valid-dependency.xml b/testdata/valid-dependency.xml index 1f02a1e..903670c 100644 --- a/testdata/valid-dependency.xml +++ b/testdata/valid-dependency.xml @@ -1,5 +1,5 @@ - + acme-library-a diff --git a/testdata/valid-empty-components.json b/testdata/valid-empty-components.json index 3c85b6a..572b398 100644 --- a/testdata/valid-empty-components.json +++ b/testdata/valid-empty-components.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/valid-empty-components.xml b/testdata/valid-empty-components.xml index 03cd10b..58f7c84 100644 --- a/testdata/valid-empty-components.xml +++ b/testdata/valid-empty-components.xml @@ -1,5 +1,5 @@ - + diff --git a/testdata/valid-evidence.json b/testdata/valid-evidence.json index 9274023..2d6187d 100644 --- a/testdata/valid-evidence.json +++ b/testdata/valid-evidence.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/valid-evidence.xml b/testdata/valid-evidence.xml index 9dd5127..6efdda2 100644 --- a/testdata/valid-evidence.xml +++ b/testdata/valid-evidence.xml @@ -1,5 +1,5 @@ - + com.google.code.findbugs diff --git a/testdata/valid-external-reference.json b/testdata/valid-external-reference.json index 78a3eb6..e3913d8 100644 --- a/testdata/valid-external-reference.json +++ b/testdata/valid-external-reference.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/valid-external-reference.xml b/testdata/valid-external-reference.xml index 0599884..21810f3 100644 --- a/testdata/valid-external-reference.xml +++ b/testdata/valid-external-reference.xml @@ -1,5 +1,5 @@ - + org.example diff --git a/testdata/valid-formulation.json b/testdata/valid-formulation.json index 9f9490a..9169d9c 100644 --- a/testdata/valid-formulation.json +++ b/testdata/valid-formulation.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/valid-formulation.xml b/testdata/valid-formulation.xml index 8492e4b..7f500a3 100644 --- a/testdata/valid-formulation.xml +++ b/testdata/valid-formulation.xml @@ -1,5 +1,5 @@ - + Acme Inc diff --git a/testdata/valid-license-expression.json b/testdata/valid-license-expression.json index 98b34e9..1e684ea 100644 --- a/testdata/valid-license-expression.json +++ b/testdata/valid-license-expression.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/valid-license-expression.xml b/testdata/valid-license-expression.xml index 6b14620..54e7f99 100644 --- a/testdata/valid-license-expression.xml +++ b/testdata/valid-license-expression.xml @@ -1,5 +1,5 @@ - + Acme Inc diff --git a/testdata/valid-license-id.json b/testdata/valid-license-id.json index 5f13e01..c6b34bb 100644 --- a/testdata/valid-license-id.json +++ b/testdata/valid-license-id.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/valid-license-id.xml b/testdata/valid-license-id.xml index 242a0a9..d62de88 100644 --- a/testdata/valid-license-id.xml +++ b/testdata/valid-license-id.xml @@ -1,5 +1,5 @@ - + Acme Inc diff --git a/testdata/valid-license-licensing.json b/testdata/valid-license-licensing.json index 84c4719..df2e9c7 100644 --- a/testdata/valid-license-licensing.json +++ b/testdata/valid-license-licensing.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/valid-license-licensing.xml b/testdata/valid-license-licensing.xml index a528a17..35447cf 100644 --- a/testdata/valid-license-licensing.xml +++ b/testdata/valid-license-licensing.xml @@ -1,5 +1,5 @@ - + Acme Inc diff --git a/testdata/valid-license-name.json b/testdata/valid-license-name.json index b856f70..467222b 100644 --- a/testdata/valid-license-name.json +++ b/testdata/valid-license-name.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/valid-license-name.xml b/testdata/valid-license-name.xml index fee242f..f37b41e 100644 --- a/testdata/valid-license-name.xml +++ b/testdata/valid-license-name.xml @@ -1,5 +1,5 @@ - + Acme Inc diff --git a/testdata/valid-lifecycle.json b/testdata/valid-lifecycle.json index c08a076..ef09df9 100644 --- a/testdata/valid-lifecycle.json +++ b/testdata/valid-lifecycle.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { diff --git a/testdata/valid-lifecycle.xml b/testdata/valid-lifecycle.xml index 824093e..8b4a845 100644 --- a/testdata/valid-lifecycle.xml +++ b/testdata/valid-lifecycle.xml @@ -1,5 +1,5 @@ - + diff --git a/testdata/valid-machine-learning.json b/testdata/valid-machine-learning.json index 59dc3ce..0aeef9b 100644 --- a/testdata/valid-machine-learning.json +++ b/testdata/valid-machine-learning.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/valid-machine-learning.xml b/testdata/valid-machine-learning.xml index 7c541ec..aff6268 100644 --- a/testdata/valid-machine-learning.xml +++ b/testdata/valid-machine-learning.xml @@ -1,5 +1,5 @@ - + Acme Inc diff --git a/testdata/valid-metadata-author.json b/testdata/valid-metadata-author.json index c5471c2..c63b706 100644 --- a/testdata/valid-metadata-author.json +++ b/testdata/valid-metadata-author.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { diff --git a/testdata/valid-metadata-author.xml b/testdata/valid-metadata-author.xml index 3085a30..a821778 100644 --- a/testdata/valid-metadata-author.xml +++ b/testdata/valid-metadata-author.xml @@ -1,5 +1,5 @@ - + diff --git a/testdata/valid-metadata-license.json b/testdata/valid-metadata-license.json index 5016d6a..84b43e7 100644 --- a/testdata/valid-metadata-license.json +++ b/testdata/valid-metadata-license.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { diff --git a/testdata/valid-metadata-license.xml b/testdata/valid-metadata-license.xml index 60212fa..a319587 100644 --- a/testdata/valid-metadata-license.xml +++ b/testdata/valid-metadata-license.xml @@ -1,5 +1,5 @@ - + diff --git a/testdata/valid-metadata-manufacture.json b/testdata/valid-metadata-manufacture.json index 6323f00..cbd80db 100644 --- a/testdata/valid-metadata-manufacture.json +++ b/testdata/valid-metadata-manufacture.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { diff --git a/testdata/valid-metadata-manufacture.xml b/testdata/valid-metadata-manufacture.xml index 7949391..5f419f1 100644 --- a/testdata/valid-metadata-manufacture.xml +++ b/testdata/valid-metadata-manufacture.xml @@ -1,5 +1,5 @@ - + Acme, Inc. diff --git a/testdata/valid-metadata-supplier.json b/testdata/valid-metadata-supplier.json index e445641..105c9cf 100644 --- a/testdata/valid-metadata-supplier.json +++ b/testdata/valid-metadata-supplier.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { diff --git a/testdata/valid-metadata-supplier.xml b/testdata/valid-metadata-supplier.xml index 2ed3c91..e533404 100644 --- a/testdata/valid-metadata-supplier.xml +++ b/testdata/valid-metadata-supplier.xml @@ -1,5 +1,5 @@ - + Acme, Inc. diff --git a/testdata/valid-metadata-timestamp.json b/testdata/valid-metadata-timestamp.json index 1d54539..9020021 100644 --- a/testdata/valid-metadata-timestamp.json +++ b/testdata/valid-metadata-timestamp.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { diff --git a/testdata/valid-metadata-timestamp.xml b/testdata/valid-metadata-timestamp.xml index fb1e823..1136bc4 100644 --- a/testdata/valid-metadata-timestamp.xml +++ b/testdata/valid-metadata-timestamp.xml @@ -1,5 +1,5 @@ - + 2020-04-07T07:01:00Z diff --git a/testdata/valid-metadata-tool-deprecated.json b/testdata/valid-metadata-tool-deprecated.json index 7e578d7..13b518d 100644 --- a/testdata/valid-metadata-tool-deprecated.json +++ b/testdata/valid-metadata-tool-deprecated.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { diff --git a/testdata/valid-metadata-tool-deprecated.xml b/testdata/valid-metadata-tool-deprecated.xml index 87a399f..5e90b4b 100644 --- a/testdata/valid-metadata-tool-deprecated.xml +++ b/testdata/valid-metadata-tool-deprecated.xml @@ -1,5 +1,5 @@ - + diff --git a/testdata/valid-metadata-tool.json b/testdata/valid-metadata-tool.json index aa55d67..53c69bb 100644 --- a/testdata/valid-metadata-tool.json +++ b/testdata/valid-metadata-tool.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { diff --git a/testdata/valid-metadata-tool.xml b/testdata/valid-metadata-tool.xml index 2d3129a..9e54701 100644 --- a/testdata/valid-metadata-tool.xml +++ b/testdata/valid-metadata-tool.xml @@ -1,5 +1,5 @@ - + diff --git a/testdata/valid-minimal-viable.json b/testdata/valid-minimal-viable.json index 5000812..14bdaba 100644 --- a/testdata/valid-minimal-viable.json +++ b/testdata/valid-minimal-viable.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/valid-minimal-viable.xml b/testdata/valid-minimal-viable.xml index f792405..56e9c31 100644 --- a/testdata/valid-minimal-viable.xml +++ b/testdata/valid-minimal-viable.xml @@ -1,5 +1,5 @@ - + acme-library diff --git a/testdata/valid-patch.json b/testdata/valid-patch.json index 6639bea..56f3dec 100644 --- a/testdata/valid-patch.json +++ b/testdata/valid-patch.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/valid-patch.xml b/testdata/valid-patch.xml index 409798f..b543548 100644 --- a/testdata/valid-patch.xml +++ b/testdata/valid-patch.xml @@ -1,5 +1,5 @@ - + com.acme diff --git a/testdata/valid-properties.json b/testdata/valid-properties.json index 24ce5de..237f7fe 100644 --- a/testdata/valid-properties.json +++ b/testdata/valid-properties.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { diff --git a/testdata/valid-properties.xml b/testdata/valid-properties.xml index 91a1916..32cd224 100644 --- a/testdata/valid-properties.xml +++ b/testdata/valid-properties.xml @@ -1,5 +1,5 @@ - + Bar diff --git a/testdata/valid-release-notes.json b/testdata/valid-release-notes.json index 8c4268e..bbdd00d 100644 --- a/testdata/valid-release-notes.json +++ b/testdata/valid-release-notes.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/valid-release-notes.xml b/testdata/valid-release-notes.xml index 490969e..f7ce16b 100644 --- a/testdata/valid-release-notes.xml +++ b/testdata/valid-release-notes.xml @@ -1,5 +1,5 @@ - + acme-example diff --git a/testdata/valid-service-empty-objects.json b/testdata/valid-service-empty-objects.json index 14b70f4..d77ba2d 100644 --- a/testdata/valid-service-empty-objects.json +++ b/testdata/valid-service-empty-objects.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "services": [ diff --git a/testdata/valid-service-empty-objects.xml b/testdata/valid-service-empty-objects.xml index 59f6f5f..38023db 100644 --- a/testdata/valid-service-empty-objects.xml +++ b/testdata/valid-service-empty-objects.xml @@ -1,5 +1,5 @@ - + diff --git a/testdata/valid-service.json b/testdata/valid-service.json index 091fab1..71a49ca 100644 --- a/testdata/valid-service.json +++ b/testdata/valid-service.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/valid-service.xml b/testdata/valid-service.xml index 03bc664..26ec846 100644 --- a/testdata/valid-service.xml +++ b/testdata/valid-service.xml @@ -1,5 +1,5 @@ - + com.acme diff --git a/testdata/valid-vulnerability.json b/testdata/valid-vulnerability.json index a529a53..d6166ec 100644 --- a/testdata/valid-vulnerability.json +++ b/testdata/valid-vulnerability.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.5", + "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ diff --git a/testdata/valid-vulnerability.xml b/testdata/valid-vulnerability.xml index d356d6b..1ce2996 100644 --- a/testdata/valid-vulnerability.xml +++ b/testdata/valid-vulnerability.xml @@ -1,5 +1,5 @@ - + com.fasterxml.jackson.core diff --git a/validate_json_test.go b/validate_json_test.go index aa22982..6269759 100644 --- a/validate_json_test.go +++ b/validate_json_test.go @@ -28,6 +28,7 @@ var jsonSchemaFiles = map[SpecVersion]string{ SpecVersion1_3: "file://./schema/bom-1.3.schema.json", SpecVersion1_4: "file://./schema/bom-1.4.schema.json", SpecVersion1_5: "file://./schema/bom-1.5.schema.json", + SpecVersion1_6: "file://./schema/bom-1.6.schema.json", } type jsonValidator struct{} diff --git a/validate_xml_test.go b/validate_xml_test.go index e678b49..d519f6f 100644 --- a/validate_xml_test.go +++ b/validate_xml_test.go @@ -31,6 +31,7 @@ var xmlSchemaFiles = map[SpecVersion]string{ SpecVersion1_3: "./schema/bom-1.3.xsd", SpecVersion1_4: "./schema/bom-1.4.xsd", SpecVersion1_5: "./schema/bom-1.5.xsd", + SpecVersion1_6: "./schema/bom-1.6.xsd", } var xsdValidateInitOnce sync.Once