This is an automated email from the ASF dual-hosted git repository. asf-gitbox-commits pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/ant-antlibs-cyclonedx.git
commit 3e35d41a6c234cd1d5afb147f08c837b8d9b28df Author: Stefan Bodewig <[email protected]> AuthorDate: Fri May 1 21:54:42 2026 +0200 create BOM for antlib-cyclonedx --- examples/bom.json | 191 ++++++++++++++++++++++++++++++++ examples/bom.xml | 114 +++++++++++++++++++ src/tests/antunit/componentbom-test.xml | 96 ++++++++++++++++ 3 files changed, 401 insertions(+) diff --git a/examples/bom.json b/examples/bom.json new file mode 100644 index 0000000..b858f16 --- /dev/null +++ b/examples/bom.json @@ -0,0 +1,191 @@ +{ + "bomFormat" : "CycloneDX", + "specVersion" : "1.6", + "serialNumber" : "urn:uuid:8cfe0788-fca0-491e-a48c-920ac2b05566", + "version" : 1, + "metadata" : { + "timestamp" : "2026-05-01T19:53:39Z", + "lifecycles" : [ + { + "phase" : "build" + } + ], + "tools" : { + "components" : [ + { + "type" : "library", + "manufacturer" : { + "name" : "Apache Ant Development Team", + "url" : [ + "https://ant.apache.org/"; + ] + }, + "group" : "org.apache.ant", + "name" : "ant-cyclonedx", + "version" : "0.1alpha", + "description" : "Apache CycloneDX Antlib", + "hashes" : [ + { + "alg" : "MD5", + "content" : "a30e1771f4376fc5444a0eff34c57f35" + }, + { + "alg" : "SHA-1", + "content" : "91174b265156be460602e86dd20456e1b1f3783f" + }, + { + "alg" : "SHA-256", + "content" : "938be9e478e3134df97d0ae0710d77ebbf39e3916e5f307db99bf131ddd39bb3" + }, + { + "alg" : "SHA-512", + "content" : "be0b34697f1954938c3875ef857341d6e7fd276b083bd92ce904651c109911995db8d8420608734e348d54c45bcf72c5213223b84a8c88efbebb62a99edbfe90" + }, + { + "alg" : "SHA3-256", + "content" : "d9a03b56538c8eb3531a333b3727c88e84e51255ddbcfcf324027f0cf5863182" + }, + { + "alg" : "SHA3-512", + "content" : "a4653e504cb66e18f0629ed3b21ceb2aebf203ba7848bc96593011fc647435d6a2ae2f3ebe21df72413dd4b2a6ed690b2689cb24b4be3f90d3427f0b1111631d" + }, + { + "alg" : "SHA-384", + "content" : "b94ebd288e066eb3663583b576d28abece610be66343db9e1a76145b0fa468f97b96a10f5aa24074d844586c048de6ce" + }, + { + "alg" : "SHA3-384", + "content" : "7262084714b890624a731ba65af3ae6b4ffe61bed2d6b6647114f52faa9b15d5a53e77a1f463c36bc5fb2b11e430687d" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.ant/[email protected]?type=jar", + "externalReferences" : [ + { + "type" : "vcs", + "url" : "https://github.com/apache/ant-antlibs-cyclonedx"; + } + ] + } + ] + }, + "component" : { + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.ant/[email protected]?type=jar", + "manufacturer" : { + "name" : "Apache Ant Development Team", + "url" : [ + "https://ant.apache.org/"; + ] + }, + "group" : "org.apache.ant", + "name" : "ant-cyclonedx", + "version" : "0.1alpha", + "description" : "Apache CycloneDX Antlib", + "hashes" : [ + { + "alg" : "MD5", + "content" : "a30e1771f4376fc5444a0eff34c57f35" + }, + { + "alg" : "SHA-1", + "content" : "91174b265156be460602e86dd20456e1b1f3783f" + }, + { + "alg" : "SHA-256", + "content" : "938be9e478e3134df97d0ae0710d77ebbf39e3916e5f307db99bf131ddd39bb3" + }, + { + "alg" : "SHA-512", + "content" : "be0b34697f1954938c3875ef857341d6e7fd276b083bd92ce904651c109911995db8d8420608734e348d54c45bcf72c5213223b84a8c88efbebb62a99edbfe90" + }, + { + "alg" : "SHA3-256", + "content" : "d9a03b56538c8eb3531a333b3727c88e84e51255ddbcfcf324027f0cf5863182" + }, + { + "alg" : "SHA3-512", + "content" : "a4653e504cb66e18f0629ed3b21ceb2aebf203ba7848bc96593011fc647435d6a2ae2f3ebe21df72413dd4b2a6ed690b2689cb24b4be3f90d3427f0b1111631d" + }, + { + "alg" : "SHA-384", + "content" : "b94ebd288e066eb3663583b576d28abece610be66343db9e1a76145b0fa468f97b96a10f5aa24074d844586c048de6ce" + }, + { + "alg" : "SHA3-384", + "content" : "7262084714b890624a731ba65af3ae6b4ffe61bed2d6b6647114f52faa9b15d5a53e77a1f463c36bc5fb2b11e430687d" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.ant/[email protected]?type=jar", + "externalReferences" : [ + { + "type" : "vcs", + "url" : "https://github.com/apache/ant-antlibs-cyclonedx"; + } + ] + } + }, + "components" : [ + { + "type" : "library", + "bom-ref" : "pkg:maven/org.apache.ant/[email protected]?type=jar", + "manufacturer" : { + "name" : "Apache Ant Development Team", + "url" : [ + "https://ant.apache.org/"; + ] + }, + "group" : "org.apache.ant", + "name" : "ant", + "version" : "1.10.17", + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/org.apache.ant/[email protected]?type=jar", + "externalReferences" : [ + { + "type" : "vcs", + "url" : "https://github.com/apache/ant"; + }, + { + "type" : "website", + "url" : "https://ant.apache.org/"; + } + ] + }, + { + "type" : "library", + "bom-ref" : "pkg:maven/org.cyclonedx/[email protected]?type=jar", + "group" : "org.cyclonedx", + "name" : "cyclonedx-core-java", + "version" : "12.1.0", + "purl" : "pkg:maven/org.cyclonedx/[email protected]?type=jar" + } + ], + "dependencies" : [ + { + "ref" : "pkg:maven/org.apache.ant/[email protected]?type=jar", + "dependsOn" : [ + "pkg:maven/org.apache.ant/[email protected]?type=jar", + "pkg:maven/org.cyclonedx/[email protected]?type=jar" + ] + } + ] +} \ No newline at end of file diff --git a/examples/bom.xml b/examples/bom.xml new file mode 100644 index 0000000..b882d5b --- /dev/null +++ b/examples/bom.xml @@ -0,0 +1,114 @@ +<?xml version="1.0" encoding="UTF-8"?> +<bom serialNumber="urn:uuid:b09e9df9-cc7f-4de4-a61d-489046a4358c" version="1" xmlns="http://cyclonedx.org/schema/bom/1.6";> + <metadata> + <timestamp>2026-05-01T19:53:39Z</timestamp> + <lifecycles> + <lifecycle> + <phase>build</phase> + </lifecycle> + </lifecycles> + <tools> + <components> + <component type="library"> + <manufacturer> + <name>Apache Ant Development Team</name> + <url>https://ant.apache.org/</url> + </manufacturer> + <group>org.apache.ant</group> + <name>ant-cyclonedx</name> + <version>0.1alpha</version> + <description>Apache CycloneDX Antlib</description> + <hashes> + <hash alg="MD5">a30e1771f4376fc5444a0eff34c57f35</hash> + <hash alg="SHA-1">91174b265156be460602e86dd20456e1b1f3783f</hash> + <hash alg="SHA-256">938be9e478e3134df97d0ae0710d77ebbf39e3916e5f307db99bf131ddd39bb3</hash> + <hash alg="SHA-512">be0b34697f1954938c3875ef857341d6e7fd276b083bd92ce904651c109911995db8d8420608734e348d54c45bcf72c5213223b84a8c88efbebb62a99edbfe90</hash> + <hash alg="SHA3-256">d9a03b56538c8eb3531a333b3727c88e84e51255ddbcfcf324027f0cf5863182</hash> + <hash alg="SHA3-512">a4653e504cb66e18f0629ed3b21ceb2aebf203ba7848bc96593011fc647435d6a2ae2f3ebe21df72413dd4b2a6ed690b2689cb24b4be3f90d3427f0b1111631d</hash> + <hash alg="SHA-384">b94ebd288e066eb3663583b576d28abece610be66343db9e1a76145b0fa468f97b96a10f5aa24074d844586c048de6ce</hash> + <hash alg="SHA3-384">7262084714b890624a731ba65af3ae6b4ffe61bed2d6b6647114f52faa9b15d5a53e77a1f463c36bc5fb2b11e430687d</hash> + </hashes> + <licenses> + <license> + <id>Apache-2.0</id> + </license> + </licenses> + <purl>pkg:maven/org.apache.ant/[email protected]?type=jar</purl> + <externalReferences> + <reference type="vcs"> + <url>https://github.com/apache/ant-antlibs-cyclonedx</url> + </reference> + </externalReferences> + </component> + </components> + </tools> + <component type="library" bom-ref="pkg:maven/org.apache.ant/[email protected]?type=jar"> + <manufacturer> + <name>Apache Ant Development Team</name> + <url>https://ant.apache.org/</url> + </manufacturer> + <group>org.apache.ant</group> + <name>ant-cyclonedx</name> + <version>0.1alpha</version> + <description>Apache CycloneDX Antlib</description> + <hashes> + <hash alg="MD5">a30e1771f4376fc5444a0eff34c57f35</hash> + <hash alg="SHA-1">91174b265156be460602e86dd20456e1b1f3783f</hash> + <hash alg="SHA-256">938be9e478e3134df97d0ae0710d77ebbf39e3916e5f307db99bf131ddd39bb3</hash> + <hash alg="SHA-512">be0b34697f1954938c3875ef857341d6e7fd276b083bd92ce904651c109911995db8d8420608734e348d54c45bcf72c5213223b84a8c88efbebb62a99edbfe90</hash> + <hash alg="SHA3-256">d9a03b56538c8eb3531a333b3727c88e84e51255ddbcfcf324027f0cf5863182</hash> + <hash alg="SHA3-512">a4653e504cb66e18f0629ed3b21ceb2aebf203ba7848bc96593011fc647435d6a2ae2f3ebe21df72413dd4b2a6ed690b2689cb24b4be3f90d3427f0b1111631d</hash> + <hash alg="SHA-384">b94ebd288e066eb3663583b576d28abece610be66343db9e1a76145b0fa468f97b96a10f5aa24074d844586c048de6ce</hash> + <hash alg="SHA3-384">7262084714b890624a731ba65af3ae6b4ffe61bed2d6b6647114f52faa9b15d5a53e77a1f463c36bc5fb2b11e430687d</hash> + </hashes> + <licenses> + <license> + <id>Apache-2.0</id> + </license> + </licenses> + <purl>pkg:maven/org.apache.ant/[email protected]?type=jar</purl> + <externalReferences> + <reference type="vcs"> + <url>https://github.com/apache/ant-antlibs-cyclonedx</url> + </reference> + </externalReferences> + </component> + </metadata> + <components> + <component type="library" bom-ref="pkg:maven/org.apache.ant/[email protected]?type=jar"> + <manufacturer> + <name>Apache Ant Development Team</name> + <url>https://ant.apache.org/</url> + </manufacturer> + <group>org.apache.ant</group> + <name>ant</name> + <version>1.10.17</version> + <licenses> + <license> + <id>Apache-2.0</id> + </license> + </licenses> + <purl>pkg:maven/org.apache.ant/[email protected]?type=jar</purl> + <externalReferences> + <reference type="vcs"> + <url>https://github.com/apache/ant</url> + </reference> + <reference type="website"> + <url>https://ant.apache.org/</url> + </reference> + </externalReferences> + </component> + <component type="library" bom-ref="pkg:maven/org.cyclonedx/[email protected]?type=jar"> + <group>org.cyclonedx</group> + <name>cyclonedx-core-java</name> + <version>12.1.0</version> + <purl>pkg:maven/org.cyclonedx/[email protected]?type=jar</purl> + </component> + </components> + <dependencies> + <dependency ref="pkg:maven/org.apache.ant/[email protected]?type=jar"> + <dependency ref="pkg:maven/org.apache.ant/[email protected]?type=jar"/> + <dependency ref="pkg:maven/org.cyclonedx/[email protected]?type=jar"/> + </dependency> + </dependencies> +</bom> diff --git a/src/tests/antunit/componentbom-test.xml b/src/tests/antunit/componentbom-test.xml index dfb61d0..ae48f41 100644 --- a/src/tests/antunit/componentbom-test.xml +++ b/src/tests/antunit/componentbom-test.xml @@ -316,4 +316,100 @@ value="pkg:maven/org.example/[email protected]?type=jar,pkg:maven/org.example/[email protected]?type=jar"/> </target> + <target name="testAntlibsOwnBom"> + <mkdir dir="${output}"/> + <cdx:componentbom + bomfile="${output}/bom.json" + format="JSON" + xmlns:cdx="antlib:org.apache.ant.cyclonedx"> + <component + name="ant-cyclonedx" + group="org.apache.ant" + version="${artifact.version}" + description="Apache CycloneDX Antlib"> + <file file="${antlib.location}"/> + <manufacturer name="Apache Ant Development Team"> + <url url="https://ant.apache.org/"/> + </manufacturer> + <license licenseId="Apache-2.0"/> + <externalReference + type="VCS" + url="https://github.com/apache/ant-antlibs-cyclonedx"/> + <dependency componentRef="ant"/> + <dependency componentRef="cyclonedx-core"/> + </component> + <additionalComponent + name="ant" + group="org.apache.ant" + version="1.10.17" + isExternal="true" + unknownDependencies="true" + id="ant"> + <manufacturer name="Apache Ant Development Team"> + <url url="https://ant.apache.org/"/> + </manufacturer> + <license licenseId="Apache-2.0"/> + <externalReference + type="VCS" + url="https://github.com/apache/ant"/> + <externalReference + type="WEBSITE" + url="https://ant.apache.org/"/> + </additionalComponent> + <additionalComponent + name="cyclonedx-core-java" + group="org.cyclonedx" + version="12.1.0" + id="cyclonedx-core" + unknownDependencies="true"/> + </cdx:componentbom> + <copy todir="/tmp" file="${output}/bom.json"/> + <cdx:componentbom + bomfile="${output}/bom.xml" + format="XML" + xmlns:cdx="antlib:org.apache.ant.cyclonedx"> + <component + name="ant-cyclonedx" + group="org.apache.ant" + version="${artifact.version}" + description="Apache CycloneDX Antlib"> + <file file="${antlib.location}"/> + <manufacturer name="Apache Ant Development Team"> + <url url="https://ant.apache.org/"/> + </manufacturer> + <license licenseId="Apache-2.0"/> + <externalReference + type="VCS" + url="https://github.com/apache/ant-antlibs-cyclonedx"/> + <dependency componentRef="ant"/> + <dependency componentRef="cyclonedx-core"/> + </component> + <additionalComponent + name="ant" + group="org.apache.ant" + version="1.10.17" + isExternal="true" + unknownDependencies="true" + id="ant"> + <manufacturer name="Apache Ant Development Team"> + <url url="https://ant.apache.org/"/> + </manufacturer> + <license licenseId="Apache-2.0"/> + <externalReference + type="VCS" + url="https://github.com/apache/ant"/> + <externalReference + type="WEBSITE" + url="https://ant.apache.org/"/> + </additionalComponent> + <additionalComponent + name="cyclonedx-core-java" + group="org.cyclonedx" + version="12.1.0" + id="cyclonedx-core" + unknownDependencies="true"/> + </cdx:componentbom> + <copy todir="/tmp" file="${output}/bom.xml"/> + </target> + </project>
