test: compare UUID

integration/client_server_test.go

@@ -18,6 +18,7 @@ import (
 
 	"github.com/aquasecurity/trivy/pkg/clock"
 	"github.com/aquasecurity/trivy/pkg/report"
+	"github.com/aquasecurity/trivy/pkg/uuid"
 )
 
 type csArgs struct {
@@ -417,6 +418,9 @@ func TestClientServerWithCycloneDX(t *testing.T) {
 	addr, cacheDir := setup(t, setupOptions{})
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
+			clock.SetFakeTime(t, time.Date(2020, 9, 10, 14, 20, 30, 5, time.UTC))
+			uuid.SetFakeUUID(t, "3ff14136-e09f-4df9-80ea-%012d")
+
 			osArgs, outputFile := setupClient(t, tt.args, addr, cacheDir, tt.golden)
 
 			// Run Trivy client

integration/integration_test.go

@@ -140,10 +140,7 @@ func readCycloneDX(t *testing.T, filePath string) *cdx.BOM {
 	err = decoder.Decode(bom)
 	require.NoError(t, err)
 
-	// We don't compare values which change each time an SBOM is generated
-	bom.Metadata.Timestamp = ""
-	bom.Metadata.Component.BOMRef = ""
-	bom.SerialNumber = ""
+	// Sort components
 	if bom.Components != nil {
 		sort.Slice(*bom.Components, func(i, j int) bool {
 			return (*bom.Components)[i].Name < (*bom.Components)[j].Name
@@ -155,12 +152,6 @@ func readCycloneDX(t *testing.T, filePath string) *cdx.BOM {
 			})
 		}
 	}
-	if bom.Dependencies != nil {
-		for j := range *bom.Dependencies {
-			(*bom.Dependencies)[j].Ref = ""
-			(*bom.Dependencies)[j].Dependencies = nil
-		}
-	}
 
 	return bom
 }

integration/repo_test.go

@@ -7,12 +7,15 @@ import (
 	"path/filepath"
 	"strings"
 	"testing"
+	"time"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
+	"github.com/aquasecurity/trivy/pkg/clock"
 	ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
 	"github.com/aquasecurity/trivy/pkg/types"
+	"github.com/aquasecurity/trivy/pkg/uuid"
 )
 
 // TestRepository tests `trivy repo` with the local code repositories
@@ -458,6 +461,9 @@ func TestRepository(t *testing.T) {
 			osArgs = append(osArgs, "--output", outputFile)
 			osArgs = append(osArgs, tt.args.input)
 
+			clock.SetFakeTime(t, time.Date(2020, 9, 10, 14, 20, 30, 5, time.UTC))
+			uuid.SetFakeUUID(t, "3ff14136-e09f-4df9-80ea-%012d")
+
 			// Run "trivy repo"
 			err := execute(osArgs)
 			require.NoError(t, err)

integration/testdata/conda-cyclonedx.json.golden

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:e7d2faf4-1d5f-4cd7-a792-8b9b5f6fe2d7",
+  "serialNumber": "urn:uuid:3ff14136-e09f-4df9-80ea-000000000001",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-08-04T05:57:22+00:00",
+    "timestamp": "2020-09-10T14:20:30+00:00",
     "tools": [
       {
         "vendor": "aquasecurity",
@@ -14,7 +14,7 @@
       }
     ],
     "component": {
-      "bom-ref": "a80bd6fc-91e4-4e42-9941-eafc2423d031",
+      "bom-ref": "3ff14136-e09f-4df9-80ea-000000000002",
       "type": "application",
       "name": "testdata/fixtures/repo/conda",
       "properties": [
@@ -77,7 +77,7 @@
   ],
   "dependencies": [
     {
-      "ref": "a80bd6fc-91e4-4e42-9941-eafc2423d031",
+      "ref": "3ff14136-e09f-4df9-80ea-000000000002",
       "dependsOn": [
         "pkg:conda/[email protected]?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fopenssl-1.1.1q-h7f8727e_0.json",
         "pkg:conda/[email protected]?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fpip-22.2.2-py38h06a4308_0.json"