diff --git a/docs/docs/supply-chain/sbom.md b/docs/docs/supply-chain/sbom.md index e8e214784b..097836d61e 100644 --- a/docs/docs/supply-chain/sbom.md +++ b/docs/docs/supply-chain/sbom.md @@ -224,7 +224,7 @@ $ trivy image --format cyclonedx --output result.json alpine:3.15 $ cat result.json | jq . { "bomFormat": "CycloneDX", - "specVersion": "1.4", + "specVersion": "1.5", "serialNumber": "urn:uuid:2be5773d-7cd3-4b4b-90a5-e165474ddace", "version": 1, "metadata": { diff --git a/docs/docs/supply-chain/vex.md b/docs/docs/supply-chain/vex.md index 65a6421c9a..b766b68185 100644 --- a/docs/docs/supply-chain/vex.md +++ b/docs/docs/supply-chain/vex.md @@ -43,7 +43,7 @@ Take a look at the example below. $ cat < trivy.vex.cdx { "bomFormat": "CycloneDX", - "specVersion": "1.4", + "specVersion": "1.5", "version": 1, "vulnerabilities": [ { diff --git a/go.mod b/go.mod index 45969577af..742da456f4 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0 github.com/BurntSushi/toml v1.3.2 - github.com/CycloneDX/cyclonedx-go v0.7.0 + github.com/CycloneDX/cyclonedx-go v0.7.2-0.20230625092137-07e2f29defc3 github.com/GoogleCloudPlatform/docker-credential-gcr v2.0.5+incompatible github.com/Masterminds/sprig/v3 v3.2.3 github.com/NYTimes/gziphandler v1.1.1 diff --git a/go.sum b/go.sum index b0e4ffb356..492da1b339 100644 --- a/go.sum +++ b/go.sum @@ -235,8 +235,8 @@ github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbi github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/CycloneDX/cyclonedx-go v0.7.0 h1:jNxp8hL7UpcvPDFXjY+Y1ibFtsW+e5zyF9QoSmhK/zg= -github.com/CycloneDX/cyclonedx-go v0.7.0/go.mod h1:W5Z9w8pTTL+t+yG3PCiFRGlr8PUlE0pGWzKSJbsyXkg= +github.com/CycloneDX/cyclonedx-go v0.7.2-0.20230625092137-07e2f29defc3 h1:NqeV+ZMqpcosu0Xg2VW14Ru9ayBs/toe2oihS7sN6Xo= +github.com/CycloneDX/cyclonedx-go v0.7.2-0.20230625092137-07e2f29defc3/go.mod h1:fGXSp1lCDfMQ8KR1EjxT4ewc5HHhGczRF2pWhLSWohs= github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60= github.com/GoogleCloudPlatform/docker-credential-gcr v2.0.5+incompatible h1:juIaKLLVhqzP55d8x4cSVgwyQv76Z55/fRv/UBr2KkQ= github.com/GoogleCloudPlatform/docker-credential-gcr v2.0.5+incompatible/go.mod h1:BB1eHdMLYEFuFdBlRMb0N7YGVdM5s6Pt0njxgvfbGGs= @@ -1643,6 +1643,7 @@ github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I= github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes= github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= +github.com/terminalstatic/go-xsd-validate v0.1.5 h1:RqpJnf6HGE2CB/lZB1A8BYguk8uRtcvYAPLCF15qguo= github.com/testcontainers/testcontainers-go v0.20.1 h1:mK15UPJ8c5P+NsQKmkqzs/jMdJt6JMs5vlw2y4j92c0= github.com/testcontainers/testcontainers-go v0.20.1/go.mod h1:zb+NOlCQBkZ7RQp4QI+YMIHyO2CQ/qsXzNF5eLJ24SY= github.com/tetratelabs/wazero v1.2.0 h1:I/8LMf4YkCZ3r2XaL9whhA0VMyAvF6QE+O7rco0DCeQ= diff --git a/integration/k8s_test.go b/integration/k8s_test.go index c01630d0d3..f151c4f7a8 100644 --- a/integration/k8s_test.go +++ b/integration/k8s_test.go @@ -98,7 +98,7 @@ func TestK8s(t *testing.T) { require.NoError(t, err) assert.Equal(t, got.Metadata.Component.Name, "kind-kind-test") - assert.Equal(t, got.Metadata.Component.Type, cdx.ComponentType("container")) + assert.Equal(t, got.Metadata.Component.Type, cdx.ComponentType("platform")) // Has components assert.True(t, len(*got.Components) > 0) diff --git a/integration/testdata/conda-cyclonedx.json.golden b/integration/testdata/conda-cyclonedx.json.golden index 54e70c012c..94a52ee3e0 100644 --- a/integration/testdata/conda-cyclonedx.json.golden +++ b/integration/testdata/conda-cyclonedx.json.golden @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.4", + "specVersion": "1.5", "serialNumber": "urn:uuid:e1f49b6f-018f-4bf3-97c8-85cd92a82c7c", "version": 1, "metadata": { diff --git a/integration/testdata/fixtures/sbom/centos-7-cyclonedx.json b/integration/testdata/fixtures/sbom/centos-7-cyclonedx.json index f3595ec8b4..27eeb322f2 100644 --- a/integration/testdata/fixtures/sbom/centos-7-cyclonedx.json +++ b/integration/testdata/fixtures/sbom/centos-7-cyclonedx.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.4", + "specVersion": "1.5", "serialNumber": "urn:uuid:1455c02d-64ca-453e-a5df-ddfb70a7c804", "version": 1, "metadata": { diff --git a/integration/testdata/fixtures/sbom/fluentd-multiple-lockfiles-cyclonedx.json b/integration/testdata/fixtures/sbom/fluentd-multiple-lockfiles-cyclonedx.json index ea9bf391f6..ce7a21e7d2 100644 --- a/integration/testdata/fixtures/sbom/fluentd-multiple-lockfiles-cyclonedx.json +++ b/integration/testdata/fixtures/sbom/fluentd-multiple-lockfiles-cyclonedx.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.4", + "specVersion": "1.5", "serialNumber": "urn:uuid:31ee662c-480e-4f63-9765-23ea8afc754d", "version": 1, "metadata": { diff --git a/pkg/attestation/sbom/rekor_test.go b/pkg/attestation/sbom/rekor_test.go index 788e1e0662..db97d78156 100644 --- a/pkg/attestation/sbom/rekor_test.go +++ b/pkg/attestation/sbom/rekor_test.go @@ -22,7 +22,7 @@ func TestRekor_RetrieveSBOM(t *testing.T) { { name: "happy path", digest: "sha256:5891b5b522d5df086d0ff0b110fbd9d21bb4fc7163af34d08286a2e846f6be03", - want: `{"bomFormat":"CycloneDX","specVersion":"1.4","version":2}`, + want: `{"bomFormat":"CycloneDX","specVersion":"1.5","version":2}`, }, { name: "404", diff --git a/pkg/fanal/analyzer/sbom/testdata/cdx.json b/pkg/fanal/analyzer/sbom/testdata/cdx.json index 9e031d0ecf..639677780f 100644 --- a/pkg/fanal/analyzer/sbom/testdata/cdx.json +++ b/pkg/fanal/analyzer/sbom/testdata/cdx.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.4", + "specVersion": "1.5", "serialNumber": "urn:uuid:73f26314-e86a-4f5a-befc-f853a15b64e7", "version": 1, "metadata": { diff --git a/pkg/fanal/artifact/sbom/testdata/bom.json b/pkg/fanal/artifact/sbom/testdata/bom.json index 9afa62bbee..2244d48334 100644 --- a/pkg/fanal/artifact/sbom/testdata/bom.json +++ b/pkg/fanal/artifact/sbom/testdata/bom.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.4", + "specVersion": "1.5", "serialNumber": "urn:uuid:c986ba94-e37d-49c8-9e30-96daccd0415b", "version": 1, "metadata": { diff --git a/pkg/fanal/artifact/sbom/testdata/os-only-bom.json b/pkg/fanal/artifact/sbom/testdata/os-only-bom.json index 86e2cf0c25..8200570066 100644 --- a/pkg/fanal/artifact/sbom/testdata/os-only-bom.json +++ b/pkg/fanal/artifact/sbom/testdata/os-only-bom.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.4", + "specVersion": "1.5", "serialNumber": "urn:uuid:c986ba94-e37d-49c8-9e30-96daccd0415b", "version": 1, "metadata": { diff --git a/pkg/k8s/scanner/scanner.go b/pkg/k8s/scanner/scanner.go index d847d7e1ed..759377920a 100644 --- a/pkg/k8s/scanner/scanner.go +++ b/pkg/k8s/scanner/scanner.go @@ -250,7 +250,7 @@ func clusterInfoToReportResources(allArtifact []*artifacts.Artifact, clusterName } rootComponent := &core.Component{ Name: clusterName, - Type: cdx.ComponentTypeContainer, + Type: cdx.ComponentTypePlatform, Components: coreComponents, } return rootComponent, nil @@ -304,7 +304,7 @@ func nodeComponent(nf bom.NodeInfo) *core.Component { k8sComponentName: nf.NodeName, }, k8sCoreComponentNamespace)...) return &core.Component{ - Type: cdx.ComponentTypeContainer, + Type: cdx.ComponentTypePlatform, Name: nf.NodeName, Properties: properties, Components: []*core.Component{ diff --git a/pkg/k8s/scanner/scanner_test.go b/pkg/k8s/scanner/scanner_test.go index 314435ad1f..e8bb4e1c97 100644 --- a/pkg/k8s/scanner/scanner_test.go +++ b/pkg/k8s/scanner/scanner_test.go @@ -72,7 +72,7 @@ func TestK8sClusterInfoReport(t *testing.T) { }, }, want: &core.Component{ - Type: cdx.ComponentTypeContainer, + Type: cdx.ComponentTypePlatform, Name: "test-cluster", Components: []*core.Component{ { @@ -110,7 +110,7 @@ func TestK8sClusterInfoReport(t *testing.T) { }, }, { - Type: cdx.ComponentTypeContainer, + Type: cdx.ComponentTypePlatform, Name: "kind-control-plane", Properties: []core.Property{ {Name: "Architecture", Value: "arm64"}, diff --git a/pkg/rekortest/server.go b/pkg/rekortest/server.go index 1b2276f5df..7053e54684 100644 --- a/pkg/rekortest/server.go +++ b/pkg/rekortest/server.go @@ -50,7 +50,7 @@ var ( Data: &cyclonedx.BOM{ BOMFormat: cyclonedx.BOMFormat, SerialNumber: "urn:uuid:6453fd82-71f4-47c8-ad12-01775619c443", - SpecVersion: cyclonedx.SpecVersion1_4, + SpecVersion: cyclonedx.SpecVersion1_5, Version: 1, Metadata: &cyclonedx.Metadata{ Timestamp: "2022-09-15T13:53:49+00:00", @@ -138,7 +138,7 @@ var ( Data: &cyclonedx.BOM{ BOMFormat: cyclonedx.BOMFormat, SerialNumber: "urn:uuid:8b16c9a3-e957-4c85-b43d-7dd05ea0421c", - SpecVersion: cyclonedx.SpecVersion1_4, + SpecVersion: cyclonedx.SpecVersion1_5, Version: 1, Metadata: &cyclonedx.Metadata{ Timestamp: "2022-10-21T09:50:08+00:00", @@ -205,7 +205,7 @@ var ( Predicate: &attestation.CosignPredicate{ Data: &cyclonedx.BOM{ BOMFormat: cyclonedx.BOMFormat, - SpecVersion: cyclonedx.SpecVersion1_4, + SpecVersion: cyclonedx.SpecVersion1_5, Version: 2, }, }, diff --git a/pkg/sbom/cyclonedx/core/cyclonedx_test.go b/pkg/sbom/cyclonedx/core/cyclonedx_test.go index f6c2041e31..2fc142d1e0 100644 --- a/pkg/sbom/cyclonedx/core/cyclonedx_test.go +++ b/pkg/sbom/cyclonedx/core/cyclonedx_test.go @@ -132,10 +132,11 @@ func TestMarshaler_CoreComponent(t *testing.T) { }, want: &cdx.BOM{ - XMLNS: "http://cyclonedx.org/schema/bom/1.4", + XMLNS: "http://cyclonedx.org/schema/bom/1.5", BOMFormat: "CycloneDX", SerialNumber: "urn:uuid:3ff14136-e09f-4df9-80ea-000000000001", - SpecVersion: cdx.SpecVersion1_4, + JSONSchema: "http://cyclonedx.org/schema/bom-1.5.schema.json", + SpecVersion: cdx.SpecVersion1_5, Version: 1, Metadata: &cdx.Metadata{ Timestamp: "2021-08-25T12:20:30+00:00", diff --git a/pkg/sbom/cyclonedx/marshal_test.go b/pkg/sbom/cyclonedx/marshal_test.go index 69668d4776..787ea9245c 100644 --- a/pkg/sbom/cyclonedx/marshal_test.go +++ b/pkg/sbom/cyclonedx/marshal_test.go @@ -182,9 +182,10 @@ func TestMarshaler_Marshal(t *testing.T) { }, }, want: &cdx.BOM{ - XMLNS: "http://cyclonedx.org/schema/bom/1.4", + XMLNS: "http://cyclonedx.org/schema/bom/1.5", BOMFormat: "CycloneDX", - SpecVersion: cdx.SpecVersion1_4, + SpecVersion: cdx.SpecVersion1_5, + JSONSchema: "http://cyclonedx.org/schema/bom-1.5.schema.json", SerialNumber: "urn:uuid:3ff14136-e09f-4df9-80ea-000000000001", Version: 1, Metadata: &cdx.Metadata{ @@ -726,9 +727,10 @@ func TestMarshaler_Marshal(t *testing.T) { }, }, want: &cdx.BOM{ - XMLNS: "http://cyclonedx.org/schema/bom/1.4", + XMLNS: "http://cyclonedx.org/schema/bom/1.5", BOMFormat: "CycloneDX", - SpecVersion: cdx.SpecVersion1_4, + SpecVersion: cdx.SpecVersion1_5, + JSONSchema: "http://cyclonedx.org/schema/bom-1.5.schema.json", SerialNumber: "urn:uuid:3ff14136-e09f-4df9-80ea-000000000001", Version: 1, Metadata: &cdx.Metadata{ @@ -1060,9 +1062,10 @@ func TestMarshaler_Marshal(t *testing.T) { }, }, want: &cdx.BOM{ - XMLNS: "http://cyclonedx.org/schema/bom/1.4", + XMLNS: "http://cyclonedx.org/schema/bom/1.5", BOMFormat: "CycloneDX", - SpecVersion: cdx.SpecVersion1_4, + SpecVersion: cdx.SpecVersion1_5, + JSONSchema: "http://cyclonedx.org/schema/bom-1.5.schema.json", SerialNumber: "urn:uuid:3ff14136-e09f-4df9-80ea-000000000001", Version: 1, Metadata: &cdx.Metadata{ @@ -1187,9 +1190,10 @@ func TestMarshaler_Marshal(t *testing.T) { }, }, want: &cdx.BOM{ - XMLNS: "http://cyclonedx.org/schema/bom/1.4", + XMLNS: "http://cyclonedx.org/schema/bom/1.5", BOMFormat: "CycloneDX", - SpecVersion: cdx.SpecVersion1_4, + SpecVersion: cdx.SpecVersion1_5, + JSONSchema: "http://cyclonedx.org/schema/bom-1.5.schema.json", SerialNumber: "urn:uuid:3ff14136-e09f-4df9-80ea-000000000001", Version: 1, Metadata: &cdx.Metadata{ @@ -1267,9 +1271,10 @@ func TestMarshaler_Marshal(t *testing.T) { Results: types.Results{}, }, want: &cdx.BOM{ - XMLNS: "http://cyclonedx.org/schema/bom/1.4", + XMLNS: "http://cyclonedx.org/schema/bom/1.5", BOMFormat: "CycloneDX", - SpecVersion: cdx.SpecVersion1_4, + SpecVersion: cdx.SpecVersion1_5, + JSONSchema: "http://cyclonedx.org/schema/bom-1.5.schema.json", SerialNumber: "urn:uuid:3ff14136-e09f-4df9-80ea-000000000001", Version: 1, Metadata: &cdx.Metadata{ diff --git a/pkg/sbom/cyclonedx/testdata/happy/bom.json b/pkg/sbom/cyclonedx/testdata/happy/bom.json index 0fd73a8eb6..b9e657c03d 100644 --- a/pkg/sbom/cyclonedx/testdata/happy/bom.json +++ b/pkg/sbom/cyclonedx/testdata/happy/bom.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.4", + "specVersion": "1.5", "serialNumber": "urn:uuid:c986ba94-e37d-49c8-9e30-96daccd0415b", "version": 1, "metadata": { diff --git a/pkg/sbom/cyclonedx/testdata/happy/empty-bom.json b/pkg/sbom/cyclonedx/testdata/happy/empty-bom.json index bfac954d0f..b61f7bef7b 100644 --- a/pkg/sbom/cyclonedx/testdata/happy/empty-bom.json +++ b/pkg/sbom/cyclonedx/testdata/happy/empty-bom.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.4", + "specVersion": "1.5", "serialNumber": "urn:uuid:c986ba94-e37d-49c8-9e30-96daccd0415b", "version": 1, "metadata": { diff --git a/pkg/sbom/cyclonedx/testdata/happy/empty-metadata-component-bom.json b/pkg/sbom/cyclonedx/testdata/happy/empty-metadata-component-bom.json index 45d8e83c65..63109c7392 100644 --- a/pkg/sbom/cyclonedx/testdata/happy/empty-metadata-component-bom.json +++ b/pkg/sbom/cyclonedx/testdata/happy/empty-metadata-component-bom.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.4", + "specVersion": "1.5", "serialNumber": "urn:uuid:c986ba94-e37d-49c8-9e30-96daccd0415b", "version": 1, "metadata": { diff --git a/pkg/sbom/cyclonedx/testdata/happy/group-in-name.json b/pkg/sbom/cyclonedx/testdata/happy/group-in-name.json index 6302acd631..e42790df19 100644 --- a/pkg/sbom/cyclonedx/testdata/happy/group-in-name.json +++ b/pkg/sbom/cyclonedx/testdata/happy/group-in-name.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.4", + "specVersion": "1.5", "serialNumber": "urn:uuid:8366a7c8-229c-4518-b86c-8a1bcf69af01", "version": 1, "metadata": { diff --git a/pkg/sbom/cyclonedx/testdata/happy/independent-library-bom.json b/pkg/sbom/cyclonedx/testdata/happy/independent-library-bom.json index e0faa0433d..0a1b337820 100644 --- a/pkg/sbom/cyclonedx/testdata/happy/independent-library-bom.json +++ b/pkg/sbom/cyclonedx/testdata/happy/independent-library-bom.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.4", + "specVersion": "1.5", "serialNumber": "urn:uuid:c986ba94-e37d-49c8-9e30-96daccd0415b", "version": 1, "metadata": { diff --git a/pkg/sbom/cyclonedx/testdata/happy/infinite-loop-bom.json b/pkg/sbom/cyclonedx/testdata/happy/infinite-loop-bom.json index defe77ae89..fc50f7dd44 100644 --- a/pkg/sbom/cyclonedx/testdata/happy/infinite-loop-bom.json +++ b/pkg/sbom/cyclonedx/testdata/happy/infinite-loop-bom.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.4", + "specVersion": "1.5", "serialNumber": "urn:uuid:a085f5e7-f5c1-4bc0-96be-ffa4d235ebc8", "version": 1, "metadata": { diff --git a/pkg/sbom/cyclonedx/testdata/happy/os-only-bom.json b/pkg/sbom/cyclonedx/testdata/happy/os-only-bom.json index 86e2cf0c25..8200570066 100644 --- a/pkg/sbom/cyclonedx/testdata/happy/os-only-bom.json +++ b/pkg/sbom/cyclonedx/testdata/happy/os-only-bom.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.4", + "specVersion": "1.5", "serialNumber": "urn:uuid:c986ba94-e37d-49c8-9e30-96daccd0415b", "version": 1, "metadata": { diff --git a/pkg/sbom/cyclonedx/testdata/happy/third-party-bom-no-os.json b/pkg/sbom/cyclonedx/testdata/happy/third-party-bom-no-os.json index 5996bd7fa9..e683fe1793 100644 --- a/pkg/sbom/cyclonedx/testdata/happy/third-party-bom-no-os.json +++ b/pkg/sbom/cyclonedx/testdata/happy/third-party-bom-no-os.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.4", + "specVersion": "1.5", "serialNumber": "urn:uuid:c986ba94-e37d-49c8-9e30-96daccd0415b", "version": 1, "metadata": { diff --git a/pkg/sbom/cyclonedx/testdata/happy/third-party-bom.json b/pkg/sbom/cyclonedx/testdata/happy/third-party-bom.json index d3b41ba9be..a7dd0b6bdb 100644 --- a/pkg/sbom/cyclonedx/testdata/happy/third-party-bom.json +++ b/pkg/sbom/cyclonedx/testdata/happy/third-party-bom.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.4", + "specVersion": "1.5", "serialNumber": "urn:uuid:c986ba94-e37d-49c8-9e30-96daccd0415b", "version": 1, "metadata": { diff --git a/pkg/sbom/cyclonedx/testdata/happy/unrelated-bom.json b/pkg/sbom/cyclonedx/testdata/happy/unrelated-bom.json index b6483caca9..5d9231de10 100644 --- a/pkg/sbom/cyclonedx/testdata/happy/unrelated-bom.json +++ b/pkg/sbom/cyclonedx/testdata/happy/unrelated-bom.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.4", + "specVersion": "1.5", "serialNumber": "urn:uuid:c986ba94-e37d-49c8-9e30-96daccd0415b", "version": 1, "metadata": { diff --git a/pkg/sbom/cyclonedx/testdata/sad/invalid-purl.json b/pkg/sbom/cyclonedx/testdata/sad/invalid-purl.json index 8a40bd35fc..58c9e14c8f 100644 --- a/pkg/sbom/cyclonedx/testdata/sad/invalid-purl.json +++ b/pkg/sbom/cyclonedx/testdata/sad/invalid-purl.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.4", + "specVersion": "1.5", "serialNumber": "urn:uuid:c986ba94-e37d-49c8-9e30-96daccd0415b", "version": 1, "metadata": { diff --git a/pkg/vex/testdata/cyclonedx.json b/pkg/vex/testdata/cyclonedx.json index a87f382ba4..61b97de17a 100644 --- a/pkg/vex/testdata/cyclonedx.json +++ b/pkg/vex/testdata/cyclonedx.json @@ -1,6 +1,6 @@ { "bomFormat": "CycloneDX", - "specVersion": "1.4", + "specVersion": "1.5", "version": 1, "vulnerabilities": [ {