Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CDXA XML and JSON support for temurin-build cyclonedx Java client #4063

Merged
merged 17 commits into from
Dec 3, 2024
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Initial CDXA support
Signed-off-by: Andrew Leonard <anleonar@redhat.com>
andrew-m-leonard committed Dec 2, 2024
commit 44956bbe80eb3d84b49023a429a167cd160fff24
5 changes: 5 additions & 0 deletions .github/linters/.gitleaks.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
title = "gitleaks config"
[allowlist]
files = [
"cyclonedx-lib/dependency_data/dependency_data.properties"
]
7 changes: 6 additions & 1 deletion cyclonedx-lib/build.xml
Original file line number Diff line number Diff line change
@@ -855,8 +855,13 @@

<!-- Use local cache if available, otherwise download -->
<copy verbose="true" file="${local.deps.cache.dir}/${@{component}.jar}" tofile="build/jar/@{component}.jar" if:true="${@{component}_cache_available}"/>
<propertyregex property="@{component}_sha256"
input="${@{component}.sha256}"
regexp="([a-zA-Z0-9]+)\s.*"
select="\1"
casesensitive="false"/>
<download-file unless:true="${@{component}_cache_available}"
checksum="${@{component}.sha256}"
checksum="${@{component}_sha256}"
destdir="build/jar"
destfile="@{component}.jar"
srcurl="${@{component}.url}"/>
26 changes: 13 additions & 13 deletions cyclonedx-lib/dependency_data/dependency_data.properties
Original file line number Diff line number Diff line change
@@ -16,43 +16,43 @@ maven.central.repo=https://repo1.maven.org/maven2

# Component versions, SHAs and jar names
commons-codec.version=1.17.1
commons-codec.sha256=f9f6cb103f2ddc3c99a9d80ada2ae7bf0685111fd6bffccb72033d1da4e6ff23 #gitleaks:allow
commons-codec.sha256=f9f6cb103f2ddc3c99a9d80ada2ae7bf0685111fd6bffccb72033d1da4e6ff23
commons-codec.jar=commons-codec-${commons-codec.version}.jar
commons-collections4.version=4.4
commons-collections4.sha256=1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1 #gitleaks:allow
commons-collections4.sha256=1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1
commons-collections4.jar=commons-collections4-${commons-collections4.version}.jar
commons-lang3.version=3.17.0
commons-lang3.sha256=6ee731df5c8e5a2976a1ca023b6bb320ea8d3539fbe64c8a1d5cb765127c33b4 #gitleaks:allow
commons-lang3.sha256=6ee731df5c8e5a2976a1ca023b6bb320ea8d3539fbe64c8a1d5cb765127c33b4
commons-lang3.jar=commons-lang3-${commons-lang3.version}.jar
commons-io.version=2.16.1
commons-io.sha256=f41f7baacd716896447ace9758621f62c1c6b0a91d89acee488da26fc477c84f #gitleaks:allow
commons-io.sha256=f41f7baacd716896447ace9758621f62c1c6b0a91d89acee488da26fc477c84f
commons-io.jar=commons-io-${commons-io.version}.jar
cyclonedx-core-java.version=9.1.0
cyclonedx-core-java.sha256=a911ee5e5ebdabc2b2c08d08f9c92c673c21965ee1b982f40fc166d80f1eb088 #gitleaks:allow
cyclonedx-core-java.sha256=a911ee5e5ebdabc2b2c08d08f9c92c673c21965ee1b982f40fc166d80f1eb088
cyclonedx-core-java.jar=cyclonedx-core-java-${cyclonedx-core-java.version}.jar
github-package-url.version=1.5.0
github-package-url.sha256=e45551727707acc0c56ac62d56964332ea0f138d6cc3656d988b9369150f5247 #gitleaks:allow
github-package-url.sha256=e45551727707acc0c56ac62d56964332ea0f138d6cc3656d988b9369150f5247
github-package-url.jar=packageurl-java-${github-package-url.version}.jar
jackson-annotations.version=2.17.2
jackson-annotations.sha256=873a606e23507969f9bbbea939d5e19274a88775ea5a169ba7e2d795aa5156e1 #gitleaks:allow
jackson-annotations.sha256=873a606e23507969f9bbbea939d5e19274a88775ea5a169ba7e2d795aa5156e1
jackson-annotations.jar=jackson-annotations-${jackson-annotations.version}.jar
jackson-core.version=2.17.2
jackson-core.sha256=721a189241dab0525d9e858e5cb604d3ecc0ede081e2de77d6f34fa5779a5b46 #gitleaks:allow
jackson-core.sha256=721a189241dab0525d9e858e5cb604d3ecc0ede081e2de77d6f34fa5779a5b46
jackson-core.jar=jackson-core-${jackson-core.version}.jar
jackson-databind.version=2.17.2
jackson-databind.sha256=c04993f33c0f845342653784f14f38373d005280e6359db5f808701cfae73c0c #gitleaks:allow
jackson-databind.sha256=c04993f33c0f845342653784f14f38373d005280e6359db5f808701cfae73c0c
jackson-databind.jar=jackson-databind-${jackson-databind.version}.jar
jackson-dataformat-xml.version=2.17.2
jackson-dataformat-xml.sha256=517add5f3848517894b319a93a7ebfc1c21737b2c17c9acccd38fea97d6adc6f #gitleaks:allow
jackson-dataformat-xml.sha256=517add5f3848517894b319a93a7ebfc1c21737b2c17c9acccd38fea97d6adc6f
jackson-dataformat-xml.jar=jackson-dataformat-xml-${jackson-dataformat-xml.version}.jar
json-schema-validator.version=1.5.1
json-schema-validator.sha256=de015f79d4a63d22c002bad76bb30c039cafa205465eef8770e2c6b85880ded7 #gitleaks:allow
json-schema-validator.sha256=de015f79d4a63d22c002bad76bb30c039cafa205465eef8770e2c6b85880ded7
json-schema-validator.jar=json-schema-validator-${json-schema-validator.version}.jar
stax2-api.version=4.2.2
stax2-api.sha256=a61c48d553efad78bc01fffc4ac528bebbae64cbaec170b2a5e39cf61eb51abe #gitleaks:allow
stax2-api.sha256=a61c48d553efad78bc01fffc4ac528bebbae64cbaec170b2a5e39cf61eb51abe
stax2-api.jar=stax2-api-${stax2-api.version}.jar
woodstox-core.version=7.1.0
woodstox-core.sha256=81266920a1cdc47306a8a2b4726c99ec89b3fbf31c2470e4f5e477d9d857ca9f #gitleaks:allow
woodstox-core.sha256=81266920a1cdc47306a8a2b4726c99ec89b3fbf31c2470e4f5e477d9d857ca9f
woodstox-core.jar=woodstox-core-${woodstox-core.version}.jar

# Download URLs