diff --git a/integration/testdata/conda-cyclonedx.json.golden b/integration/testdata/conda-cyclonedx.json.golden index 7523d4132ae2..b70b3eb03fd1 100644 --- a/integration/testdata/conda-cyclonedx.json.golden +++ b/integration/testdata/conda-cyclonedx.json.golden @@ -1,10 +1,11 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5", - "serialNumber": "urn:uuid:e1f49b6f-018f-4bf3-97c8-85cd92a82c7c", + "serialNumber": "urn:uuid:e7d2faf4-1d5f-4cd7-a792-8b9b5f6fe2d7", "version": 1, "metadata": { - "timestamp": "2023-05-19T10:38:39+00:00", + "timestamp": "2023-08-04T05:57:22+00:00", "tools": [ { "vendor": "aquasecurity", @@ -13,7 +14,7 @@ } ], "component": { - "bom-ref": "cd0ebb00-5c53-4b82-a3f7-271add663c51", + "bom-ref": "a80bd6fc-91e4-4e42-9941-eafc2423d031", "type": "application", "name": "testdata/fixtures/repo/conda", "properties": [ @@ -26,63 +27,69 @@ }, "components": [ { - "bom-ref": "pkg:conda/pip@22.2.2?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fpip-22.2.2-py38h06a4308_0.json", + "bom-ref": "pkg:conda/openssl@1.1.1q?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fopenssl-1.1.1q-h7f8727e_0.json", "type": "library", - "name": "pip", - "version": "22.2.2", + "name": "openssl", + "version": "1.1.1q", "licenses": [ { - "expression": "MIT" + "license": { + "name": "OpenSSL" + } } ], - "purl": "pkg:conda/pip@22.2.2", + "purl": "pkg:conda/openssl@1.1.1q", "properties": [ { - "name": "aquasecurity:trivy:PkgType", - "value": "conda-pkg" + "name": "aquasecurity:trivy:FilePath", + "value": "miniconda3/envs/testenv/conda-meta/openssl-1.1.1q-h7f8727e_0.json" }, { - "name": "aquasecurity:trivy:FilePath", - "value": "miniconda3/envs/testenv/conda-meta/pip-22.2.2-py38h06a4308_0.json" + "name": "aquasecurity:trivy:PkgType", + "value": "conda-pkg" } ] }, { - "bom-ref": "pkg:conda/openssl@1.1.1q?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fopenssl-1.1.1q-h7f8727e_0.json", + "bom-ref": "pkg:conda/pip@22.2.2?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fpip-22.2.2-py38h06a4308_0.json", "type": "library", - "name": "openssl", - "version": "1.1.1q", + "name": "pip", + "version": "22.2.2", "licenses": [ { - "expression": "OpenSSL" + "license": { + "name": "MIT" + } } ], - "purl": "pkg:conda/openssl@1.1.1q", + "purl": "pkg:conda/pip@22.2.2", "properties": [ { - "name": "aquasecurity:trivy:PkgType", - "value": "conda-pkg" + "name": "aquasecurity:trivy:FilePath", + "value": "miniconda3/envs/testenv/conda-meta/pip-22.2.2-py38h06a4308_0.json" }, { - "name": "aquasecurity:trivy:FilePath", - "value": "miniconda3/envs/testenv/conda-meta/openssl-1.1.1q-h7f8727e_0.json" + "name": "aquasecurity:trivy:PkgType", + "value": "conda-pkg" } ] } ], "dependencies": [ { - "ref": "cd0ebb00-5c53-4b82-a3f7-271add663c51", + "ref": "a80bd6fc-91e4-4e42-9941-eafc2423d031", "dependsOn": [ "pkg:conda/openssl@1.1.1q?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fopenssl-1.1.1q-h7f8727e_0.json", "pkg:conda/pip@22.2.2?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fpip-22.2.2-py38h06a4308_0.json" ] }, { - "ref": "pkg:conda/openssl@1.1.1q?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fopenssl-1.1.1q-h7f8727e_0.json" + "ref": "pkg:conda/openssl@1.1.1q?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fopenssl-1.1.1q-h7f8727e_0.json", + "dependsOn": [] }, { - "ref": "pkg:conda/pip@22.2.2?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fpip-22.2.2-py38h06a4308_0.json" + "ref": "pkg:conda/pip@22.2.2?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fpip-22.2.2-py38h06a4308_0.json", + "dependsOn": [] } ], "vulnerabilities": [] diff --git a/pkg/sbom/cyclonedx/core/cyclonedx.go b/pkg/sbom/cyclonedx/core/cyclonedx.go index 6b1288be5889..53d9c1fa7234 100644 --- a/pkg/sbom/cyclonedx/core/cyclonedx.go +++ b/pkg/sbom/cyclonedx/core/cyclonedx.go @@ -304,7 +304,10 @@ func (c *CycloneDX) Licenses(licenses []string) *cdx.Licenses { return nil } choices := lo.Map(licenses, func(license string, i int) cdx.LicenseChoice { - return cdx.LicenseChoice{Expression: license} + return cdx.LicenseChoice{ + License: &cdx.License{ + Name: license}, + } }) return lo.ToPtr(cdx.Licenses(choices)) } diff --git a/pkg/sbom/cyclonedx/marshal_test.go b/pkg/sbom/cyclonedx/marshal_test.go index a7074742a0e7..bfb3d7161662 100644 --- a/pkg/sbom/cyclonedx/marshal_test.go +++ b/pkg/sbom/cyclonedx/marshal_test.go @@ -381,7 +381,11 @@ func TestMarshaler_Marshal(t *testing.T) { Name: "binutils", Version: "2.30-93.el8", Licenses: &cdx.Licenses{ - cdx.LicenseChoice{Expression: "GPLv3+"}, + cdx.LicenseChoice{ + License: &cdx.License{ + Name: "GPLv3+", + }, + }, }, PackageURL: "pkg:rpm/centos/binutils@2.30-93.el8?arch=aarch64&distro=centos-8.3.2011", Supplier: &cdx.OrganizationalEntity{ @@ -840,7 +844,11 @@ func TestMarshaler_Marshal(t *testing.T) { Name: "acl", Version: "2.2.53-1.el8", Licenses: &cdx.Licenses{ - cdx.LicenseChoice{Expression: "GPLv2+"}, + cdx.LicenseChoice{ + License: &cdx.License{ + Name: "GPLv2+", + }, + }, }, PackageURL: "pkg:rpm/centos/acl@2.2.53-1.el8?arch=aarch64&epoch=1&distro=centos-8.3.2011", Properties: &[]cdx.Property{ @@ -882,7 +890,11 @@ func TestMarshaler_Marshal(t *testing.T) { Name: "glibc", Version: "2.28-151.el8", Licenses: &cdx.Licenses{ - cdx.LicenseChoice{Expression: "GPLv2+"}, + cdx.LicenseChoice{ + License: &cdx.License{ + Name: "GPLv2+", + }, + }, }, PackageURL: "pkg:rpm/centos/glibc@2.28-151.el8?arch=aarch64&distro=centos-8.3.2011", Properties: &[]cdx.Property{ @@ -1484,7 +1496,11 @@ func TestMarshaler_Marshal(t *testing.T) { Version: "0.20.1", PackageURL: "pkg:npm/ruby-typeprof@0.20.1", Licenses: &cdx.Licenses{ - cdx.LicenseChoice{Expression: "MIT"}, + cdx.LicenseChoice{ + License: &cdx.License{ + Name: "MIT", + }, + }, }, Properties: &[]cdx.Property{ {