Add support for "legacy" and new Tool structure introduced in CycloneDX v1.5 #91
Description
TODO: figure out how to support both current (object)/legacy(array) tools in Metadata.Tools field. Currently, we use an interface{} placeholder in our struct bindings which is NOT ideal for many things we are trying to do with entity hashing, normalization, etc.
type CDXToolLegacy struct {
Name string `json:"name,omitempty"`
Version string `json:"version,omitempty"`
Vendor string `json:"vendor,omitempty"`
Hashes *[]CDXHash `json:"hashes,omitempty"`
ExternalReferences *[]CDXExternalReference `json:"externalReferences,omitempty"`
}type CDXTools struct {
Components *[]CDXComponent `json:"components,omitempty"`
Services *[]CDXService `json:"services,omitempty"`
}which are both referenced from:
type CDXMetadata struct {
Timestamp string `json:"timestamp,omitempty" scvs:"bom:core:timestamp"` // urn:owasp:scvs:bom:core:timestamp
Tools interface{} `json:"tools,omitempty"` // v1.2: added; v1.5: "tools" is now an interface{}
Authors *[]CDXOrganizationalContact `json:"authors,omitempty"`
Component *CDXComponent `json:"component,omitempty"`
Manufacturer *CDXOrganizationalEntity `json:"manufacture,omitempty"` // NOTE: Typo is in spec.
Supplier *CDXOrganizationalEntity `json:"supplier,omitempty"`
Licenses *[]CDXLicenseChoice `json:"licenses,omitempty"` // v1.3 added
Properties *[]CDXProperty `json:"properties,omitempty"` // v1.3 added
Lifecycles *[]CDXLifecycle `json:"lifecycles,omitempty"` // v1.5 added
Manufacture *CDXOrganizationalEntity `json:"manufacture,omitempty"` // v1.5: deprecated
}See: https://stackoverflow.com/questions/47057240/parsing-multiple-json-types-into-the-same-struct
on possible ways to do this efficiently...