forked from guacsec/guac
-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
TC-1810 CycloneDX: License with name but no text
Signed-off-by: mrizzi <[email protected]>
- Loading branch information
Showing
6 changed files
with
475 additions
and
55 deletions.
There are no files selected for viewing
280 changes: 280 additions & 0 deletions
280
internal/testing/testdata/exampledata/small-legal-cyclonedx-no-inline.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,280 @@ | ||
{ | ||
"bomFormat" : "CycloneDX", | ||
"specVersion" : "1.4", | ||
"serialNumber" : "urn:uuid:0697952e-9848-4785-95bf-f81ff9731682", | ||
"version" : 1, | ||
"metadata" : { | ||
"timestamp" : "2022-11-09T11:14:31Z", | ||
"tools" : [ | ||
{ | ||
"vendor" : "OWASP Foundation", | ||
"name" : "CycloneDX Maven plugin", | ||
"version" : "2.7.1", | ||
"hashes" : [ | ||
{ | ||
"alg" : "SHA3-512", | ||
"content" : "72ea0ed8faa3cc4493db96d0223094842e7153890b091ff364040ad3ad89363157fc9d1bd852262124aec83134f0c19aa4fd0fa482031d38a76d74dfd36b7964" | ||
} | ||
] | ||
} | ||
], | ||
"component" : { | ||
"group" : "org.acme", | ||
"name" : "getting-started", | ||
"version" : "1.0.0-SNAPSHOT", | ||
"licenses": [ | ||
{ | ||
"license": { | ||
"id": "GPL-2.0" | ||
} | ||
}, | ||
{ | ||
"license": { | ||
"id": "LGPL-3.0-or-later" | ||
} | ||
} | ||
], | ||
"hashes" : [ | ||
{ | ||
"alg" : "SHA3-512", | ||
"content" : "85240ed8faa3cc4493db96d0223094842e7153890b091ff364040ad3ad89363157fc9d1bd852262124aec83134f0c19aa4fd0fa482031d38a76d74dfd36b7964" | ||
} | ||
], | ||
"purl" : "pkg:maven/org.acme/[email protected]?type=jar", | ||
"type" : "library", | ||
"bom-ref" : "pkg:maven/org.acme/[email protected]?type=jar" | ||
} | ||
}, | ||
"components" : [ | ||
{ | ||
"publisher" : "JBoss by Red Hat", | ||
"group" : "io.quarkus", | ||
"name" : "quarkus-resteasy-reactive", | ||
"version" : "2.13.4.Final", | ||
"description" : "A JAX-RS implementation utilizing build time processing and Vert.x. This extension is not compatible with the quarkus-resteasy extension, or any of the extensions that depend on it.", | ||
"scope" : "optional", | ||
"hashes" : [ | ||
{ | ||
"alg" : "MD5", | ||
"content" : "bf39044af8c6ba66fc3beb034bc82ae8" | ||
}, | ||
{ | ||
"alg" : "SHA3-512", | ||
"content" : "615e56bdfeb591af8b5fdeadf019f8fa729643232d7e0768674411a7d959bb00e12e114280a6949f871514e1a86e01e0033372a0a826d15720050d7cffb80e69" | ||
} | ||
], | ||
"licenses" : [ | ||
{ | ||
"license" : { | ||
"id" : "Apache-2.0" | ||
} | ||
} | ||
], | ||
"purl" : "pkg:maven/io.quarkus/[email protected]?type=jar", | ||
"externalReferences" : [ | ||
{ | ||
"type" : "distribution", | ||
"url" : "https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/" | ||
}, | ||
{ | ||
"type" : "issue-tracker", | ||
"url" : "https://github.com/quarkusio/quarkus/issues/" | ||
}, | ||
{ | ||
"type" : "vcs", | ||
"url" : "https://github.com/quarkusio/quarkus" | ||
}, | ||
{ | ||
"type" : "website", | ||
"url" : "http://www.jboss.org" | ||
}, | ||
{ | ||
"type" : "mailing-list", | ||
"url" : "http://lists.jboss.org/pipermail/jboss-user/" | ||
} | ||
], | ||
"type" : "library", | ||
"bom-ref" : "pkg:maven/io.quarkus/[email protected]?type=jar" | ||
}, | ||
{ | ||
"publisher" : "SmallRye", | ||
"group" : "io.smallrye.reactive", | ||
"name" : "smallrye-mutiny-vertx-uri-template", | ||
"version" : "2.27.0", | ||
"description" : "SmallRye Build Parent POM", | ||
"hashes" : [ | ||
{ | ||
"alg" : "MD5", | ||
"content" : "8756663af131035a2090d83f5f1b4054" | ||
} | ||
], | ||
"licenses" : [ | ||
{ | ||
"expression" : "Apache-2.0 AND (MIT OR GPL-2.0-only)" | ||
} | ||
], | ||
"purl" : "pkg:maven/io.smallrye.reactive/[email protected]?type=jar", | ||
"externalReferences" : [ | ||
{ | ||
"type" : "website", | ||
"url" : "https://wwww.smallrye.io" | ||
}, | ||
{ | ||
"type" : "issue-tracker", | ||
"url" : "https://github.com/smallrye/smallrye-mutiny-vertx-bindings/issues" | ||
}, | ||
{ | ||
"type" : "vcs", | ||
"url" : "https://github.com/smallrye/smallrye-mutiny-vertx-bindings" | ||
}, | ||
{ | ||
"type" : "distribution", | ||
"url" : "https://oss.sonatype.org/service/local/staging/deploy/maven2/" | ||
} | ||
], | ||
"type" : "library", | ||
"bom-ref" : "pkg:maven/io.smallrye.reactive/[email protected]?type=jar" | ||
}, | ||
{ | ||
"publisher" : "JBoss by Red Hat", | ||
"group" : "io.quarkus", | ||
"name" : "quarkus-resteasy-reactive-common", | ||
"version" : "2.13.4.Final", | ||
"description" : "Common runtime parts of Quarkus RESTEasy Reactive", | ||
"hashes" : [ | ||
{ | ||
"alg" : "SHA3-512", | ||
"content" : "54ffa51cb2fb25e70871e4b69489814ebb3d23d4f958e83ef1f811c00a8753c6c30c5bbc1b48b6427357eb70e5c35c7b357f5252e246fbfa00b90ee22ad095e1" | ||
} | ||
], | ||
"licenses" : [ | ||
{ | ||
"license": { | ||
"id": "Apache-2.0" | ||
} | ||
}, | ||
{ | ||
"license": { | ||
"name": "Custom license", | ||
"text": { | ||
"content": "This is the text of the custom license I wrote" | ||
} | ||
} | ||
}, | ||
{ | ||
"license": { | ||
"name": "Custom license 2" | ||
} | ||
} | ||
], | ||
"purl" : "pkg:maven/io.quarkus/[email protected]?type=jar", | ||
"externalReferences" : [ | ||
{ | ||
"type" : "mailing-list", | ||
"url" : "http://lists.jboss.org/pipermail/jboss-user/" | ||
} | ||
], | ||
"type" : "library", | ||
"bom-ref" : "pkg:maven/io.quarkus/[email protected]?type=jar" | ||
}, | ||
{ | ||
"publisher" : "JBoss by Red Hat", | ||
"group" : "io.quarkus", | ||
"name" : "netbase", | ||
"version" : ".3", | ||
"description" : "Common runtime parts of Quarkus RESTEasy Reactive", | ||
"hashes" : [ | ||
{ | ||
"alg" : "SHA3-512", | ||
"content" : "87gna51cb2fb25e70871e4b69489814ebb3d23d4f958e83ef1f811c00a8753c6c30c5bbc1b48b6427357eb70e5c35c7b357f5252e246fbfa00b90ee22ad095e1" | ||
} | ||
], | ||
"licenses" : [ | ||
{ | ||
"license": { | ||
"id": "Apache-2.0" | ||
} | ||
}, | ||
{ | ||
"license": { | ||
"name": "Custom license", | ||
"text": { | ||
"content": "This is the text of the custom license I wrote" | ||
} | ||
} | ||
} | ||
], | ||
"purl" : "pkg:deb/debian/[email protected]?arch=all\u0026distro=debian-11", | ||
"externalReferences" : [ | ||
{ | ||
"type" : "mailing-list", | ||
"url" : "http://lists.jboss.org/pipermail/jboss-user/" | ||
} | ||
], | ||
"type" : "library", | ||
"bom-ref" : "pkg:deb/debian/[email protected]?arch=all\u0026distro=debian-11\u0026package-id=913906225fd3778b" | ||
}, | ||
{ | ||
"publisher" : "Eclipse Foundation", | ||
"group" : "org.eclipse.microprofile.context-propagation", | ||
"name" : "microprofile-context-propagation-api", | ||
"version" : "1.2", | ||
"description" : "MicroProfile Context Propagation :: API", | ||
"hashes" : [ | ||
{ | ||
"alg" : "SHA-256", | ||
"content" : "1576e21f3bf9cc3a3092e7cd40e9c9fef70532223af98a9218c1c9c885a71251" | ||
} | ||
], | ||
"licenses" : [ | ||
{ | ||
"license": { | ||
"name": "Custom license", | ||
"bom-ref" : "LicenseRef-a7fb6b15" | ||
} | ||
}, | ||
{ | ||
"license": { | ||
"name": "Custom license 2", | ||
"bom-ref" : "LicenseRef-59a01e67" | ||
} | ||
} | ||
], | ||
"purl" : "pkg:maven/org.eclipse.microprofile.context-propagation/[email protected]?type=jar", | ||
"externalReferences" : [ | ||
{ | ||
"type" : "website", | ||
"url" : "http://www.eclipse.org/" | ||
}, | ||
{ | ||
"type" : "distribution", | ||
"url" : "https://oss.sonatype.org/service/local/staging/deploy/maven2/" | ||
}, | ||
{ | ||
"type" : "issue-tracker", | ||
"url" : "https://github.com/eclipse/microprofile-context-propagation/issues" | ||
}, | ||
{ | ||
"type" : "vcs", | ||
"url" : "https://github.com/eclipse/microprofile-context-propagation" | ||
} | ||
], | ||
"type" : "library", | ||
"bom-ref" : "pkg:maven/org.eclipse.microprofile.context-propagation/[email protected]?type=jar" | ||
} | ||
], | ||
"dependencies" : [ | ||
{ | ||
"ref" : "pkg:maven/org.acme/[email protected]?type=jar", | ||
"dependsOn" : [ | ||
"pkg:maven/io.quarkus/[email protected]?type=jar" | ||
] | ||
}, | ||
{ | ||
"ref" : "pkg:maven/io.quarkus/[email protected]?type=jar", | ||
"dependsOn" : [ | ||
"pkg:maven/io.quarkus/[email protected]?type=jar" | ||
] | ||
} | ||
] | ||
} |
Oops, something went wrong.