Add comprehensive support for CycloneDX 1.7 specification#257
Open
alistair-mclean wants to merge 2 commits intoCycloneDX:masterfrom
Open
Add comprehensive support for CycloneDX 1.7 specification#257alistair-mclean wants to merge 2 commits intoCycloneDX:masterfrom
alistair-mclean wants to merge 2 commits intoCycloneDX:masterfrom
Conversation
Citations, Patents, enhanced CBOM capabilities, and all new 1.7 fields. This implementation adds: - Citations for data provenance and attribution - Patent information and assertions - Enhanced Cryptography Bill of Materials (CBOM) features - Traffic Light Protocol (TLP) distribution constraints - IKEv2 transform types for protocol properties - Extended certificate lifecycle management - New cryptographic asset tracking capabilities Breaking changes: - Default BOM version changed from 1.6 to 1.7 - NewBOM() now creates version 1.7 BOMs by default Changes by file: cyclonedx.go: - Add SpecVersion1_7 constant - Add BOM.Citations field for data attribution - Add Component.IsExternal, Component.PatentAssertions, Component.VersionRange - Add Service.PatentAssertions field - Add Metadata.DistributionConstraints field - Add ExternalReference.Properties field - Enhance CertificateProperties with 11 new fields: * SerialNumber, CertificateFileExtension, Fingerprint * CertificateState, CertificateExtensions * RelatedCryptographicAssets * CreationDate, ActivationDate, DeactivationDate * RevocationDate, DestructionDate - Enhance CryptoAlgorithmProperties with AlgorithmFamily, EllipticCurve - Enhance RelatedCryptoMaterialProperties with Fingerprint, RelatedCryptographicAssets - Enhance CryptoProtocolProperties with RelatedCryptographicAssets - Enhance CipherSuite with TLSGroups, TLSSignatureSchemes - Add new types: * Citation (8 fields: BOMRef, Pointers, Expressions, Timestamp, AttributedTo, Process, Note, Signature) * Patent (14 fields: BOMRef, PatentNumber, ApplicationNumber, Jurisdiction, PriorityApplication, PublicationNumber, Title, Abstract, FilingDate, GrantDate, PatentExpirationDate, PatentLegalStatus, PatentAssignee, ExternalReferences) * PatentFamily (5 fields: BOMRef, FamilyID, PriorityApplication, Members, ExternalReferences) * PatentAssertion (5 fields: BOMRef, PatentRefs, AssertionType, Asserter, Notes) * PatentAssertionType with 8 enum values * DistributionConstraints with TLP field * TLPClassification with 5 levels (Clear, Green, Amber, Amber+Strict, Red) * RelatedCryptographicAsset (Type, Ref) * CertificateState with predefined and custom state support * CertificateStateType with 6 enum values (pre-activation, active, suspended, deactivated, revoked, destroyed) * CertificateExtension with predefined and custom extension support * CertificateExtensionName with 10 common extensions * IKEv2TransformTypes (Encr, PRF, Integ, KE, ESN, Auth) * IKEv2Auth, IKEv2Enc, IKEv2Integ, IKEv2Ke, IKEv2Prf structs - Add hash algorithms: HashAlgoStreebog256, HashAlgoStreebog512 - Remove unused PatentLegalEvent type cyclonedx_json.go: - Add SpecVersion1_7 to jsonSchemas map - Add 1.7 case to BOM.UnmarshalJSON cyclonedx_xml.go: - Add SpecVersion1_7 to xmlNamespaces map - Add 1.7 case to BOM.UnmarshalXML cyclonedx_string.go: - Regenerate with SpecVersion1_7 string representation convert.go: - Add version conversion for BOM.Citations (< 1.7) - Add version conversion for Metadata.DistributionConstraints (< 1.7) - Add version conversion for Component.IsExternal, PatentAssertions, VersionRange (< 1.7) - Add version conversion for Service.PatentAssertions (< 1.7) - Add version conversion for ExternalReference.Properties (< 1.7) - Add convertCryptoProperties function for all CBOM 1.7 fields: * CryptoAlgorithmProperties.AlgorithmFamily, EllipticCurve * CertificateProperties (11 fields) * RelatedCryptoMaterialProperties.Fingerprint, RelatedCryptographicAssets * CryptoProtocolProperties.RelatedCryptographicAssets * CipherSuite.TLSGroups, TLSSignatureSchemes - Add hash algorithm version support for Streebog algorithms (>= 1.7) example_test.go: - Update Example_encode expected output from 1.6 to 1.7 namespace encode_test.go: - Update all test expectations from 1.6 to 1.7 Signed-off-by: Alistair McLean <alistair.mclean@netrise.io>
alistair-mclean
force-pushed
the
feature/spec-1.7-support
branch
from
3041de7 to
d746214
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This implementation adds:
Breaking changes:
Changes by file:
cyclonedx.go:
cyclonedx_json.go:
cyclonedx_xml.go:
cyclonedx_string.go:
convert.go:
example_test.go:
encode_test.go:
Addresses issue #247