✨ --validate

- Added --validate and --validate-file flags in Cyclonedx::BomBuilder.
- After writing the BOM, if --validate is set, validate JSON via JSON Schema and XML via XSD with local files under schema/.
- Added logic to validate an existing file with --validate --validate-file <path>, inferring format from extension unless --format is provided.</path>
- In validate-only mode, project path isn’t required.

- Added Cyclonedx::BomHelpers.validate_bom_content(content, format, spec_version) which:
  - For JSON: uses json_schemer to validate against bom-<ver>.schema.json.</ver>
  - For XML: uses Nokogiri::XML::Schema with bom-<ver>.xsd.</ver>
- Uses local schemas at schema/ and surfaces compact error messages; returns non-zero exit on failure.

- Added json_schemer (~> 2.2) to cyclonedx-ruby.gemspec.
- Required json_schemer in lib/cyclonedx/ruby.rb.

- Updated features/help.feature to show the new flags.
- Added features/validate.feature:
  - Validate XML BOM succeeds.
  - Validate JSON BOM succeeds.
  - Validate fails for invalid XML BOM (corrupts namespace and expects exit 1).

- Infer format from file extension when using --validate-file and no --format provided.

Signed-off-by: Peter H. Boling <[email protected]>

Author: pboling

lib/cyclonedx/bom_builder.rb

@@ -142,15 +142,17 @@ def self.setup(path)
       end
 
       # Normalize to an absolute project path to avoid relative path issues later
-      @project_path = File.expand_path(@options[:path])
+      @project_path = File.expand_path(@options[:path]) if @options[:path]
       @provided_path = @options[:path]
 
-      begin
-        @logger.info("Changing directory to Ruby project directory located at #{@provided_path}")
-        Dir.chdir @project_path
-      rescue StandardError => e
-        @logger.error("Unable to change directory to Ruby project directory located at #{@provided_path}. #{e.message}: #{Array(e.backtrace).join("\n")}")
-        abort
+      if @project_path
+        begin
+          @logger.info("Changing directory to Ruby project directory located at #{@provided_path}")
+          Dir.chdir @project_path
+        rescue StandardError => e
+          @logger.error("Unable to change directory to Ruby project directory located at #{@provided_path}. #{e.message}: #{Array(e.backtrace).join("\n")}")
+          abort
+        end
       end
 
       if @options[:bom_output_format].nil?
@@ -191,9 +193,9 @@ def self.setup(path)
       if @project_path
         begin
           # Use absolute path so it's correct regardless of current working directory
-        gemfile_path = File.join(@project_path, 'Gemfile.lock')
-        # Compute display path for logs: './Gemfile.lock' when provided path is '.', else '<provided>/Gemfile.lock'
-        display_gemfile_path = (@provided_path == '.' ? './Gemfile.lock' : File.join(@provided_path, 'Gemfile.lock'))
+          gemfile_path = File.join(@project_path, 'Gemfile.lock')
+          # Compute display path for logs: './Gemfile.lock' when provided path is '.', else '<provided>/Gemfile.lock'
+          display_gemfile_path = (@provided_path == '.' ? './Gemfile.lock' : File.join(@provided_path, 'Gemfile.lock'))
           @logger.info("Parsing specs from #{display_gemfile_path}...")
           gemfile_contents = File.read(gemfile_path)
           @specs = Bundler::LockfileParser.new(gemfile_contents).specs