diff --git a/go.mod b/go.mod index 510c311..3db0dc8 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,6 @@ module github.com/codacy/codacy-engine-golang-seed/v6 go 1.23 require ( - github.com/CycloneDX/cyclonedx-go v0.10.0 github.com/samber/lo v1.52.0 github.com/sirupsen/logrus v1.9.4 github.com/stretchr/testify v1.11.1 diff --git a/go.sum b/go.sum index 3e0cd04..ee8f65d 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,3 @@ -github.com/CycloneDX/cyclonedx-go v0.10.0 h1:7xyklU7YD+CUyGzSFIARG18NYLsKVn4QFg04qSsu+7Y= -github.com/CycloneDX/cyclonedx-go v0.10.0/go.mod h1:vUvbCXQsEm48OI6oOlanxstwNByXjCZ2wuleUlwGEO8= -github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M= -github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= @@ -12,14 +8,6 @@ github.com/sirupsen/logrus v1.9.4 h1:TsZE7l11zFCLZnZ+teH4Umoq5BhEIfIzfRDZ1Uzql2w github.com/sirupsen/logrus v1.9.4/go.mod h1:ftWc9WdOfJ0a92nsE2jF5u5ZwH8Bv2zdeOC42RjbV2g= github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= -github.com/terminalstatic/go-xsd-validate v0.1.6 h1:TenYeQ3eY631qNi1/cTmLH/s2slHPRKTTHT+XSHkepo= -github.com/terminalstatic/go-xsd-validate v0.1.6/go.mod h1:18lsvYFofBflqCrvo1umpABZ99+GneNTw2kEEc8UPJw= -github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c= -github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= -github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= -github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM= diff --git a/result.go b/result.go index 2800237..9310411 100644 --- a/result.go +++ b/result.go @@ -3,7 +3,6 @@ package codacytool import ( "encoding/json" - "github.com/CycloneDX/cyclonedx-go" "github.com/sirupsen/logrus" ) @@ -46,9 +45,29 @@ func (i FileError) GetFile() string { return i.File } -// SBOM represents a Software Bill of Materials in the CycloneDX format. +// An "enum" representing the supported BOM formats. +type BomFormat string + +const ( + // [CycloneDX] specification in JSON format. + // + // [CycloneDX]: https://cyclonedx.org/ + CycloneDXJSON = BomFormat("CycloneDXJSON") +) + +// SBOM - Software Bill of Materials +// +// A SBOM declares the inventory of components used to build a software artifact, including any open source and +// proprietary software components. type SBOM struct { - cyclonedx.BOM + // The format of the SBOM. Currently only [CycloneDX] specification in JSON format is supported. + // + // [CycloneDX]: https://cyclonedx.org/ + BomFormat BomFormat `json:"bomFormat"` + // The version of the SBOM format used to build this SBOM. + SpecVersion string `json:"specVersion"` + // The actual SBOM content. To be parsed by downstream consumers according to `bomFormat` and `specVersion`. + Sbom string `json:"sbom"` } func (s SBOM) ToJSON() ([]byte, error) { diff --git a/result_test.go b/result_test.go index e12a0e8..c8a6c76 100644 --- a/result_test.go +++ b/result_test.go @@ -20,13 +20,17 @@ func TestResultsToJSON(t *testing.T) { File: "file-error", Message: "file-error", } - sbom := SBOM{} + sbom := SBOM{ + BomFormat: CycloneDXJSON, + SpecVersion: "1.6", + Sbom: `{"bomFormat":"CycloneDX","specVersion":"1.6","metadata"...}`, + } badResult := BadResult{} expectedJSONResults := []string{ `{"filename":"file","line":5,"message":"message","patternId":"pattern ID", "sourceId":"CVE-2025-11111"}`, `{"filename":"file-error","message":"file-error"}`, - `{"bomFormat":"","specVersion":"SpecVersion(0)","version":0}`, + `{"bomFormat":"CycloneDXJSON","specVersion":"1.6","sbom":"{\"bomFormat\":\"CycloneDX\",\"specVersion\":\"1.6\",\"metadata\"...}"}`, } // Act