Skip to content

Commit acb9f34

Browse files
eccleseccles
committed
CycloneDX 1.3
Problem: Script and SBOM service endpoint must both use CDX 1.3 Solution: Change to schema 1.3 and ensure that correct version of syft is installed. Signed-off-by: Paul Hewlett <[email protected]>
1 parent 4ecb604 commit acb9f34

File tree

2 files changed

+19
-4
lines changed

2 files changed

+19
-4
lines changed

scripts/cyclonedx-wrapper.xsd

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
<?xml version="1.0" encoding="UTF-8"?>
22
<schema elementFormDefault="qualified" xmlns="http://www.w3.org/2001/XMLSchema">
33
<import namespace="http://cyclonedx.org/schema/spdx" schemaLocation="spdx.xsd"/>
4-
<import namespace="http://cyclonedx.org/schema/bom/1.2" schemaLocation="cyclonedx.xsd"/>
4+
<import namespace="http://cyclonedx.org/schema/bom/1.3" schemaLocation="cyclonedx.xsd"/>
55
</schema>

scripts/sbom_scraper.sh

Lines changed: 18 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,21 @@ do
3030
fi
3131
done
3232

33+
SYFT_VERSION=$(syft version | grep '^Version' | tr -s ' ' | cut -d' ' -f2)
34+
compare_version() {
35+
local x=$1
36+
first=${x%%.*} # Delete first dot and what follows.
37+
last=${x##*.} # Delete up to last dot.
38+
mid=${x##"$first".} # Delete first number and dot.
39+
mid=${mid%%."$last"} # Delete dot and last number.
40+
if [ "$mid" -lt 34 ]
41+
then
42+
echo >&2 "syft must be at least version 0.34.0"
43+
exit 10
44+
fi
45+
}
46+
compare_version "${SYFT_VERSION}"
47+
3348
set -e
3449
set -u
3550

@@ -68,7 +83,7 @@ URL=https://app.rkvst.io
6883
usage() {
6984
cat >&2 <<EOF
7085
71-
Create a Cyclone DX 1.2 XML SBOM from a docker image and upload to RKVST SBOM Hub
86+
Create a Cyclone DX 1.3 XML SBOM from a docker image and upload to RKVST SBOM Hub
7287
7388
Usage: $SCRIPTNAME [-a AUTHOR_NAME] [-A COMPONENT_AUTHOR] [-c CLIENT_SECRET_FILE] [-e AUTHOR_EMAIL] [-sp] [-u URL] CLIENT_ID [docker-image:tag|sbom file|jar URL]
7489
@@ -284,8 +299,8 @@ def indent(elem, level=0):
284299
if level and (not elem.tail or not elem.tail.strip()):
285300
elem.tail = i
286301
287-
ET.register_namespace('', 'http://cyclonedx.org/schema/bom/1.2')
288-
ns = {'': 'http://cyclonedx.org/schema/bom/1.2'}
302+
ET.register_namespace('', 'http://cyclonedx.org/schema/bom/1.3')
303+
ns = {'': 'http://cyclonedx.org/schema/bom/1.3'}
289304
290305
# Open original file
291306
et = ET.parse(sys.stdin)

0 commit comments

Comments
 (0)