File tree Expand file tree Collapse file tree 7 files changed +25
-2
lines changed Expand file tree Collapse file tree 7 files changed +25
-2
lines changed Original file line number Diff line number Diff line change @@ -14,6 +14,10 @@ v34.7.1 (unreleased)
1414- Display the resolved_to_package as link in the dependencies tab.
1515 https://github.com/nexB/scancode.io/pull/1314
1616
17+ - Add support for multiple instances of a PackageURL in the CycloneDX outputs.
18+ The `package_uid ` is now included in each BOM Component as a property.
19+ https://github.com/nexB/scancode.io/issues/1316
20+
1721v34.7.0 (2024-07-02)
1822--------------------
1923
Original file line number Diff line number Diff line change @@ -3414,6 +3414,7 @@ def as_cyclonedx(self):
34143414 "download_url" ,
34153415 "homepage_url" ,
34163416 "notice_text" ,
3417+ "package_uid" ,
34173418 ]
34183419 properties = [
34193420 cyclonedx_model .Property (
Original file line number Diff line number Diff line change 5454 "name" : " aboutcode:homepage_url"
5555 "value" : " https://github.com/django/asgiref/"
5656 },
57+ {
58+ "name" : " aboutcode:package_uid"
59+ "value" : " pkg:pypi/asgiref@3.3.0?uuid=8203628e-74ff-42c0-b96d-cdd2c56a0f01"
60+ },
5761 {
5862 "name" : " aboutcode:primary_language"
5963 "value" : " Python"
99103 "name" : " aboutcode:homepage_url"
100104 "value" : " https://github.com/django/asgiref/"
101105 },
106+ {
107+ "name" : " aboutcode:package_uid"
108+ "value" : " pkg:pypi/asgiref@3.3.0?uuid=6dc8a3e1-c9d2-41a0-aa6c-99999115001a"
109+ },
102110 {
103111 "name" : " aboutcode:primary_language"
104112 "value" : " Python"
Original file line number Diff line number Diff line change @@ -229,7 +229,7 @@ def test_scanpipe_cyclonedx_resolve_cyclonedx_packages(self):
229229 # JSON v1.5 (this file is generated by the to_cyclonedx)
230230 input_location = self .data / "asgiref-3.3.0.cdx.json"
231231 packages = cyclonedx .resolve_cyclonedx_packages (input_location )
232- self .assertEqual (1 , len (packages ))
232+ self .assertEqual (2 , len (packages ))
233233
234234 # XML v1.4
235235 input_location = self .data / "laravel-7.12.0" / "bom.1.4.xml"
Original file line number Diff line number Diff line change @@ -309,6 +309,15 @@ def test_scanpipe_pipes_outputs_get_cyclonedx_bom_dependency_tree(self):
309309 ]
310310 self .assertEqual (expected , results_json ["dependencies" ])
311311
312+ def test_scanpipe_pipes_outputs_get_cyclonedx_bom_package_uid_instances (self ):
313+ project = Project .objects .create (name = "project" )
314+ make_package (project , "pkg:type/a" , package_uid = "pkg:type/a?uuid=1" )
315+ make_package (project , "pkg:type/a" , package_uid = "pkg:type/a?uuid=2" )
316+
317+ output_file = output .to_cyclonedx (project = project )
318+ results_json = json .loads (output_file .read_text ())
319+ self .assertEqual (2 , len (results_json ["components" ]))
320+
312321 def test_scanpipe_pipes_outputs_to_spdx (self ):
313322 fixtures = self .data / "asgiref" / "asgiref-3.3.0_fixtures.json"
314323 call_command ("loaddata" , fixtures , ** {"verbosity" : 0 })
Original file line number Diff line number Diff line change @@ -2059,6 +2059,7 @@ def test_scanpipe_discovered_package_model_as_cyclonedx(self):
20592059 "aboutcode:homepage_url" : "https://packages.debian.org" ,
20602060 "aboutcode:primary_language" : "bash" ,
20612061 "aboutcode:notice_text" : "Notice\n Text" ,
2062+ "aboutcode:package_uid" : package_data1 ["package_uid" ],
20622063 }
20632064 self .assertEqual (expected_properties , properties )
20642065
Original file line number Diff line number Diff line change @@ -91,7 +91,7 @@ install_requires =
9191 # Profiling
9292 pyinstrument ==4.6.2
9393 # CycloneDX
94- cyclonedx-python-lib ==7.4.1
94+ cyclonedx-python-lib ==7.5.0
9595 jsonschema ==4.22.0
9696 # Font Awesome
9797 fontawesomefree ==6.5.1
You can’t perform that action at this time.
0 commit comments