Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: metadata.tools support components&services #561

Open
maitrey opened this issue Mar 1, 2024 · 5 comments · Fixed by #635 · May be fixed by #665
Open

feat: metadata.tools support components&services #561

maitrey opened this issue Mar 1, 2024 · 5 comments · Fixed by #635 · May be fixed by #665
Assignees
@jkugler @saquibsaifee
Labels
enhancement New feature or request schema 1.5
Milestone
8.0.0

Comments

@maitrey
Copy link

maitrey commented Mar 1, 2024
edited
Loading

Hi !

Version cyclonedx-python-lib:6.4.1
Platform: Windows
Python Version: 3.12
Input(s):

  1. My goal is to achieve the xml output in the format:
<?xml version="1.0" ?>
<bom xmlns="http://cyclonedx.org/schema/bom/1.5" serialNumber="urn:uuid:dcfe183f-da82-43c3-93f4-8dcdb80a6796" version="1">
  <metadata>
    <timestamp>2024-02-29T15:03:19.775602+00:00</timestamp>
    <tools>
        <components>
          <component type="application" bom-ref="None">
            <supplier>
              <name>Test Company</name>
            </supplier>
            <name>testtool</name>
            <version>1.0.0</version>
          </component>
        </components>
      </tools>

For which the code written is:

testcomp = Component(
    name='testtool',
    type=ComponentType.APPLICATION,
    version='1.0.0',
    supplier=OrganizationalEntity(
        name='Test Company'),)
toollist = Component(name="Test",components = [testcomp])
bom.metadata.tools.add(toollist)

Expected Output(s):

<?xml version="1.0" ?>
<bom xmlns="http://cyclonedx.org/schema/bom/1.5" serialNumber="urn:uuid:dcfe183f-da82-43c3-93f4-8dcdb80a6796" version="1">
  <metadata>
    <timestamp>2024-02-29T15:03:19.775602+00:00</timestamp>
    <tools>
        <components>
          <component type="application" bom-ref="None">
            <supplier>
              <name>Test Company</name>
            </supplier>
            <name>testtool</name>
            <version>1.0.0</version>
          </component>
        </components>
      </tools>

Actual Output(s):

<?xml version="1.0" ?>
<bom xmlns="http://cyclonedx.org/schema/bom/1.5" serialNumber="urn:uuid:dcfe183f-da82-43c3-93f4-8dcdb80a6796" version="1">
  <metadata>
    <timestamp>2024-02-29T15:03:19.775602+00:00</timestamp>
    <tools>
      <tool type="library" bom-ref="None">
        <name>Test</name>
        <components>
          <component type="application" bom-ref="None">
            <supplier>
              <name>Test Company</name>
            </supplier>
            <name>testtool</name>
            <version>1.0.0</version>
          </component>
        </components>
      </tool>
   </tools>

So far it looks to me the tool class does not support adding components.
https://cyclonedx.org/docs/1.5/json/#metadata_tools_oneOf_i0_components
https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/cyclonedx/model/__init__.py#L1231
Rather it supports the older formats : https://cyclonedx.org/docs/1.5/json/#tab-pane_metadata_tools_oneOf_i1
My code fails at the XMLValidation step as the Tool Class expects the legacy format tags.
Could you please check this issue and get back? Many Thanks!
@maitrey maitrey changed the title sbom:1.5 and sbom:1.5 and cyclonedx-python-lib:6.4.1 (Tool Class) Mar 1, 2024
@jkowalleck
Copy link
Member

Current state of this library does not support Components not Services in $.metadata.tools.

This library is a community effort.
Feel free to donate the missing feature. Please follow our guidelines: https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CONTRIBUTING.md

@jkowalleck jkowalleck changed the title sbom:1.5 and cyclonedx-python-lib:6.4.1 (Tool Class) feat: metadata.tools support components&services Mar 1, 2024
@jkowalleck jkowalleck added enhancement New feature or request help wanted Extra attention is needed schema 1.5 labels Mar 1, 2024
@tdruez tdruez mentioned this issue Apr 22, 2024
Open
@madpah madpah mentioned this issue Apr 22, 2024
Open
15 tasks
@jkowalleck jkowalleck mentioned this issue Apr 24, 2024
Closed
@jkowalleck
Copy link
Member

related: #597

@jkowalleck jkowalleck mentioned this issue Jun 14, 2024
Open
@saquibsaifee
Copy link

I am working on this feat as time permits.

@jkowalleck jkowalleck removed the help wanted Extra attention is needed label Jun 14, 2024
@jkugler
Copy link

jkugler commented Jun 14, 2024

I am also working on this. Hope to have something soon.

jkugler added a commit to jkugler/cyclonedx-python-lib that referenced this issue Jun 18, 2024
@jkugler
CycloneDX#561: Add component and services for tools
2bbd659 
CycloneDX spec 1.5 depcreated an array of tools in bom.metadata
and instead prefers object with an array of components and an
array of services.

This PR implements that.

Signed-off-by: Joshua Kugler <[email protected]>
@jkugler jkugler mentioned this issue Jun 18, 2024
Merged
jkowalleck added a commit that referenced this issue Sep 6, 2024
@jkugler @jkowalleck
feat!: Add component and services for tools (#635)
1f5fd7a 
CycloneDX spec 1.5 deprecated an array of tools in bom.metadata and
instead prefers object with an array of components and an array of
services.

This PR implements that.

This works de-serializing a Syft SBOM with a tool section like so:
```
  "metadata": {
    "timestamp": "2024-06-10T13:06:52-08:00",
    "tools": {
      "components": [
        {
          "type": "application",
          "author": "anchore",
          "name": "syft",
          "version": "1.4.1"
        }
      ]
    },
    "component": {
      "bom-ref": "08329a07b4eb8eac",
      "type": "file",
      "name": "./"
    }
  },
```
Next up: docs, XML (de)serialization code, and tests.

fixes #561

---------

Signed-off-by: Joshua Kugler <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Co-authored-by: Jan Kowalleck <[email protected]>
@jkowalleck jkowalleck linked a pull request Sep 6, 2024 that will close this issue
Open
@jkowalleck
Copy link
Member

implementation finished

@jkowalleck jkowalleck added this to the 8.0.0 milestone Sep 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jkugler jkugler

@saquibsaifee saquibsaifee

Labels
enhancement New feature or request schema 1.5
Projects
None yet
Milestone
8.0.0
4 participants
@jkugler @maitrey @jkowalleck @saquibsaifee