Skip to content

feat: basic support cdx17 #579

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Oct 27, 2025
Merged

feat: basic support cdx17 #579

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
779a263
feat: add basic support for CycloneDX 1.7
jkowalleck Oct 24, 2025
dd8a6fa
feat: basic support for CycloneDX 1.7
jkowalleck Oct 24, 2025
ba83114
docs
jkowalleck Oct 24, 2025
69f2ede
wip
jkowalleck Oct 25, 2025
b5f4298
wip
jkowalleck Oct 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions HISTORY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,14 @@ All notable changes to this project will be documented in this file.

<!-- add unreleased items here -->

Added _basic_ support for [_CycloneDX_ Specification-1.7](https://github.com/CycloneDX/specification/releases/tag/1.7).

* Changed
* This tool may support _CycloneDX_ Specification-1.7 now (via [#579])
This feature depends on `cyclonedx/cyclonedx-library:^3.8`.

[#579]: https://github.com/CycloneDX/cyclonedx-php-composer/pull/579

## 5.2.3 - 2025-05-12

Maintenance release.
Expand Down
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ Options:
{choices: "dev", "plugin"}
(multiple values allowed)
--spec-version=SPEC-VERSION Which version of CycloneDX spec to use.
{choices: "1.1", "1.2", "1.3", "1.4", "1.5", "1.6"}
{choices: "1.1", "1.2", "1.3", "1.4", "1.5", "1.6", "1.7"}
[default: "1.5"]
--output-reproducible|--no-output-reproducible Whether to go the extra mile and make the output reproducible.
This might result in loss of time- and random-based-values.
Expand Down
1 change: 1 addition & 0 deletions composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@
},
"config": {
"allow-plugins": {
"cyclonedx/cyclonedx-php-composer": true,
"ergebnis/composer-normalize": true,
"icanhazstring/composer-unused": true
},
Expand Down
4 changes: 4 additions & 0 deletions demo/devReq/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,14 @@ The following are examples generated by _cyclonedx-php-composer_:
* [`results/bom.1.3.xml`](results/bom.1.3.xml)
* [`results/bom.1.4.xml`](results/bom.1.4.xml)
* [`results/bom.1.5.xml`](results/bom.1.5.xml)
* [`results/bom.1.6.xml`](results/bom.1.6.xml)
* [`results/bom.1.7.xml`](results/bom.1.7.xml)
* [`results/bom.1.2.json`](results/bom.1.2.json)
* [`results/bom.1.3.json`](results/bom.1.3.json)
* [`results/bom.1.4.json`](results/bom.1.4.json)
* [`results/bom.1.5.json`](results/bom.1.5.json)
* [`results/bom.1.6.json`](results/bom.1.6.json)
* [`results/bom.1.7.json`](results/bom.1.7.json)

## Setup

Expand Down
2 changes: 2 additions & 0 deletions demo/devReq/project/composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
"@putenv CDX_CP_TOOLS_VERSION_OVERRIDE=in-dev",
"@putenv CDX_CP_TOOLS_EXCLUDE_LIBS=1",
"@putenv CDX_CP_TOOLS_EXCLUDE_COMPOSER=1",
"@composer -d ../../.tool CycloneDX:make-sbom --validate --spec-version=1.7 --output-reproducible --output-format=JSON --output-file=$PWD/../results/bom.1.7.json $PWD/composer.json",
"@composer -d ../../.tool CycloneDX:make-sbom --validate --spec-version=1.6 --output-reproducible --output-format=JSON --output-file=$PWD/../results/bom.1.6.json $PWD/composer.json",
"@composer -d ../../.tool CycloneDX:make-sbom --validate --spec-version=1.5 --output-reproducible --output-format=JSON --output-file=$PWD/../results/bom.1.5.json $PWD/composer.json",
"@composer -d ../../.tool CycloneDX:make-sbom --validate --spec-version=1.4 --output-reproducible --output-format=JSON --output-file=$PWD/../results/bom.1.4.json $PWD/composer.json",
Expand All @@ -49,6 +50,7 @@
"@putenv CDX_CP_TOOLS_VERSION_OVERRIDE=in-dev",
"@putenv CDX_CP_TOOLS_EXCLUDE_LIBS=1",
"@putenv CDX_CP_TOOLS_EXCLUDE_COMPOSER=1",
"@composer -d ../../.tool CycloneDX:make-sbom --validate --spec-version=1.7 --output-reproducible --output-format=XML --output-file=$PWD/../results/bom.1.7.xml $PWD/composer.json",
"@composer -d ../../.tool CycloneDX:make-sbom --validate --spec-version=1.6 --output-reproducible --output-format=XML --output-file=$PWD/../results/bom.1.6.xml $PWD/composer.json",
"@composer -d ../../.tool CycloneDX:make-sbom --validate --spec-version=1.5 --output-reproducible --output-format=XML --output-file=$PWD/../results/bom.1.5.xml $PWD/composer.json",
"@composer -d ../../.tool CycloneDX:make-sbom --validate --spec-version=1.4 --output-reproducible --output-format=XML --output-file=$PWD/../results/bom.1.4.xml $PWD/composer.json",
Expand Down
Loading