Skip to content

Add support for CycloneDX 1.5 #2120

New issue
New issue
Closed
#2123
Closed
Add support for CycloneDX 1.5#2120
#2123
Assignees
spiffcs
Labels
enhancementNew feature or request
@spiffcs

Description

@spiffcs
spiffcs
opened on Sep 12, 2023

What would you like to be added:
With the onset of CycloneDX/cyclonedx-go#90 the current library we use for generating cyclone-dx SBOM now minimally supports 1.5. Syft should still generate 1.4 as the default stable version, but should give the option for users to generate 1.5 with syft -o cyclone-dx@1.5 node:latest - Syft should also take this opportunity to allow users to generate versions back to v1.0 given that https://github.com/CycloneDX/cyclonedx-go/blob/83031d6697bd6d8b20bce2a0326347a0ea7691c7/encode.go#L31-L34 can now accept a version supplied by the user.

Why is this needed:
Keeping syft up to date with latest SBOM specification standards

Additional context:
N/A

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Type

No type

Projects

OSS

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions