Output CycloneDX reports
What does this MR do?
This MR adds support for outputting CycloneDX reports, for example:
{
"bomFormat": "CycloneDX",
"specVersion": "1.4",
"serialNumber": "urn:uuid:b9b3a9a0-ff76-48f8-9064-436627f34adc",
"version": 1,
"metadata": {
"timestamp": "2022-02-23T07:58:59Z",
"tools": [
{
"vendor": "GitLab",
"name": "Gemnasium",
"version": "2.34.0"
}
],
"authors": [
{
"name": "GitLab",
"email": "support@gitlab.com"
}
],
"properties": [
{
"name": "gitlab:input_file",
"value": "ruby-project-1/Gemfile.lock"
},
{
"name": "gitlab:package_manager",
"value": "bundler"
}
]
},
"components": [
{
"name": "coderay",
"version": "1.1.0.rc2",
"purl": "pkg:gem/coderay@1.1.0.rc2",
"type": "library",
"bom-ref": "pkg:gem/coderay@1.1.0.rc2"
}
]
}
What are the relevant issue numbers?
gitlab-org/gitlab#350509 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Adam Cohen