Merge branch 'update-readme' into cli-revamp

Shnatsel · Shnatsel · commit d396947ffb20 · 2024-03-01T22:32:22.000Z
diff --git a/cargo-cyclonedx/CHANGELOG.md b/cargo-cyclonedx/CHANGELOG.md
@@ -5,6 +5,19 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 0.5.0 - UNRELEASED
+
+### Added
+
+ - Added `--describe` flag to control what is described by the SBOM: the crate as a whole in a single SBOM file, a separate SBOM file for every binary (executable or cdylib), or a separate SBOM file for every [Cargo target](https://doc.rust-lang.org/cargo/reference/cargo-targets.html) including rlibs and other kinds that do not produce executable artifacts. ([#619]) ([#630]) ([#634])
+ - Added an option to output CycloneDX v1.4 with `--spec-version=1.4`. The recorded data are the same between v1.3 and v1.4 outputs. ([#634])
+ - When using Rust 1.77 and later, the package hashes for crates originating from package registries are now recorded. ([#620])
+
+### Changed
+ - `cargo cyclonedx` now displays the progress information for Cargo operations, such as updating the crates.io index. This can be suppressed with the `-q` flag. `-qq` is now required to suppress warnings. ([#634])
+ - Introduced the `--override-filename` flag replacing the `--output-prefix` and `--output-pattern` flags. ([#634])
+ - The `.cdx` suffix is now always added to the end of the filename in all cases when the filename isn't manually overridden, to comply with the CycloneDX specification. The `--output-cdx` flag that previously controlled this behavior is removed. ([#602]) ([#634])
+
 ## 0.4.1 - 2023-11-23
 
 ### Added
@@ -54,7 +67,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Removed the configuration through `Cargo.toml`. This is a fundamentally wrong place to record it. ([#520]) If you have use cases for a configuration file, please let us know by [filing an issue](https://github.com/CycloneDX/cyclonedx-rust-cargo/issues).
 
-
 [#363]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/363
 [#365]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/365
 [#443]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/443
@@ -75,4 +87,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [#542]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/542
 [#553]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/553
 [#554]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/554
-[#561]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/561
+[#561]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/561
+[#602]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/602
+[#619]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/619
+[#620]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/620
+[#630]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/630
+[#634]: https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/634
diff --git a/cargo-cyclonedx/README.md b/cargo-cyclonedx/README.md
@@ -37,11 +37,17 @@ This produces a `bom.xml` file adjacent to every `Cargo.toml` file that exists i
   -f, --format <FORMAT>
           Output BOM format: json, xml
 
+      --describe <DESCRIBE>
+          Possible values:
+          - crate:             Describe the entire crate in a single SBOM file, with Cargo targets as subcomponents. (default)
+          - binaries:          A separate SBOM is emitted for each binary (bin, cdylib) while all other targets are ignored
+          - all-cargo-targets: A separate SBOM is emitted for each Cargo target, including things that aren't directly executable (e.g rlib)
+
   -v, --verbose...
-          Use verbose output (-vv very verbose/build.rs output)
+          Use verbose output (-vv for debug logging, -vvv for tracing)
 
-  -q, --quiet
-          No output printed to stdout
+  -q, --quiet...
+          Disable progress reports (-qq to suppress warnings)
 
       --all-features
           Activate all available features
@@ -58,29 +64,26 @@ This produces a `bom.xml` file adjacent to every `Cargo.toml` file that exists i
           Defaults to the host target, as printed by 'rustc -vV'
 
       --target-in-filename
-          Include the target platform of the BOM in the filename. Implies --output-cdx
+          Include the target platform of the BOM in the filename
 
   -a, --all
           List all dependencies instead of only top-level ones (default)
 
       --top-level
           List only top-level dependencies
 
-      --output-cdx
-          Prepend file extension with .cdx
-
-      --output-pattern <PATTERN>
-          Prefix patterns to use for the filename: bom, package
-
-      --output-prefix <FILENAME_PREFIX>
-          Custom prefix string to use for the filename
+      --override-filename <FILENAME>
+          Custom string to use for the output filename
 
       --license-strict
           Reject the deprecated '/' separator for licenses, treating 'MIT/Apache-2.0' as an error
 
       --license-accept-named <LICENSE_ACCEPT_NAMED>
           Add license names which will not be warned about when parsing them as a SPDX expression fails
 
+      --spec-version <SPEC_VERSION>
+          The CycloneDX specification version to output: `1.3` or `1.4`. Defaults to 1.3
+
   -h, --help
           Print help (see a summary with '-h')
 
