New Feature Request: Add protobuf struct tags

[seb06cai]

Currently, it is not possible to use the official CDX protobuf schema to serialize json and/or xml bom files. In order to serialize the files, the CDX golang library works well, but we still need to serialize the golang Bom struct into a protobuf message in order to transmit the data between services.

Protobuf struct tags should allow this to work, where a CDX bom file is first serialized using the golang library, and then serialized into the official CDX protobuf schema using the protobuf struct tags.

[nscuro]

So I looked into this, and it turns out it indeed can not be solved by simply adding struct tags.

Even if Protobuf supports struct tags in the way we'd need it here, the existing structs won't cleanly map to the Protobuf schema.

I think what we need to do instead is generating code from the official schema, and then provide functions to support mapping from and to the different models. That could end up looking like this in practice:

import (
    "google.golang.org/protobuf/proto"

    cdx "github.com/CycloneDX/cyclonedx-go"
    cdxproto "github.com/CycloneDX/cyclonedx-go/proto"
)

func Foo() {
    bom := cdx.BOM{
        // ...
    }
    bytes, err := proto.Marshal(bom.ToProto())

    bomProto := cdxproto.Bom{}
    err = proto.Unmarshal(bytes, &bomProto)
    bom.FromProto(bomProto)
}

While it's not pretty, I think it's acceptable. Means we'll have to do lots of manual mapping though. 🫠