This is an automated email from the ASF dual-hosted git repository.
asf-gitbox-commits pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/ant-antlibs-cyclonedx.git
The following commit(s) were added to refs/heads/main by this push:
new 222e64d license are probably reusable as well
222e64d is described below
commit 222e64da74ce81b2c1526c237a500f96de3a24cb
Author: Stefan Bodewig <[email protected]>
AuthorDate: Sat May 2 10:04:04 2026 +0200
license are probably reusable as well
---
examples/ant-cyclonedx-0.1alpha-cyclonedx.json | 49 ++++++++++--------
examples/ant-cyclonedx-0.1alpha-cyclonedx.xml | 42 +++++++++-------
src/main/org/apache/ant/cyclonedx/Component.java | 29 +----------
src/main/org/apache/ant/cyclonedx/License.java | 58 ++++++++++++++++++++++
.../org/apache/ant/cyclonedx/Organization.java | 2 +-
src/main/org/apache/ant/cyclonedx/ToolData.java | 7 ++-
src/main/org/apache/ant/cyclonedx/antlib.xml | 2 +
src/tests/antunit/componentbom-test.xml | 10 +++-
8 files changed, 128 insertions(+), 71 deletions(-)
diff --git a/examples/ant-cyclonedx-0.1alpha-cyclonedx.json
b/examples/ant-cyclonedx-0.1alpha-cyclonedx.json
index ef9c253..55c6ef1 100644
--- a/examples/ant-cyclonedx-0.1alpha-cyclonedx.json
+++ b/examples/ant-cyclonedx-0.1alpha-cyclonedx.json
@@ -1,10 +1,10 @@
{
"bomFormat" : "CycloneDX",
"specVersion" : "1.6",
- "serialNumber" : "urn:uuid:9bc01eb7-5c9c-4579-8a08-dae8dbbf6820",
+ "serialNumber" : "urn:uuid:817ebe65-d467-4d89-b134-17c005157e74",
"version" : 1,
"metadata" : {
- "timestamp" : "2026-05-02T05:54:06Z",
+ "timestamp" : "2026-05-02T08:03:43Z",
"lifecycles" : [
{
"phase" : "build"
@@ -33,41 +33,42 @@
"hashes" : [
{
"alg" : "MD5",
- "content" : "df005ba963df3f6f51e9323c150619e1"
+ "content" : "14f2e711dd0b6d5abc7a9e5f2a5233a7"
},
{
"alg" : "SHA-1",
- "content" : "1cb95c53d0af659db41067416c5bd6779faa9e73"
+ "content" : "720f308380ae53446b78643d9d0b0561a9a6a1e8"
},
{
"alg" : "SHA-256",
- "content" :
"a5842cd356a394ecab0931639633721ffb5f1001178310a1e62963ea19be8534"
+ "content" :
"d823adf48bded32d8420c02932837cacdcb1052dc1e4abdd27039e2801ab4907"
},
{
"alg" : "SHA-512",
- "content" :
"ec06e7292f1ec1cd367d7000854d96e42a1f2e46d15ba0d09895ef1fb33e604d4a1cb6a2131a3948b24913c2c97b63f04247e580e0147d9f8fbe3fd05aa38ccd"
+ "content" :
"036835030909cdf345a4f8b104f9fcdefc34873024feed1a96899327ca96c7c2be2eecee46b80bf8c2e86b60cb9902f8c17cfae9ea1f30813d8d58f9d880eb37"
},
{
"alg" : "SHA3-256",
- "content" :
"89717eccb2f874580c437d0b4be1ba1854d5aa6f55748a9e97184cbc82b91c7c"
+ "content" :
"622f01c152661392d2d5cf46e075d9602439b9f9fa6bca0e4b3e10815dc4eeed"
},
{
"alg" : "SHA3-512",
- "content" :
"324a5f2a6cda6c0432e9088428a78b60cdc083241ff88a4c7c4396c498ad06abe2c20a25047bf1d0b607f2aa293aaf88deecc003bd94853af2fcd6fa3567c83b"
+ "content" :
"675e597165e3bf5fcdab6075628c1dbf6e3c6c346aaaf619a54c54d7eae45458a1f1c9e144cd8571994e34404d1c52f4721f42fde79050cf56db4460aee28aea"
},
{
"alg" : "SHA-384",
- "content" :
"7d323876ba131dff76d8401ef95edb6376ba6034ec2017c8bbd270519527c8090931c862bfaca8024cbf04a0e218c1b5"
+ "content" :
"02c0c52fe4504538c894b5fd24fe51f9c754a6935c6c241c2419492d6a11cd57bc3f7b1c561ee8a8c038dc5fe3ec1386"
},
{
"alg" : "SHA3-384",
- "content" :
"8bf326b3d613c5fb7740739c9d1625eb54b9f2487a9dcf498e8fdfb44bf186dd3b467ec179d8efb17f84a7fd765bc800"
+ "content" :
"406ff03cf5b204c79e41da2f484b8d86ea1c873ff6a41b752a02beb8e235a901c1de5b764a7688c9f12acacd4a623d84"
}
],
"licenses" : [
{
"license" : {
- "id" : "Apache-2.0"
+ "id" : "Apache-2.0",
+ "url" : "https://www.apache.org/licenses/LICENSE-2.0.txt";
}
}
],
@@ -76,6 +77,10 @@
{
"type" : "vcs",
"url" : "https://github.com/apache/ant-antlibs-cyclonedx";
+ },
+ {
+ "type" : "license",
+ "url" : "https://www.apache.org/licenses/LICENSE-2.0.txt";
}
]
}
@@ -103,41 +108,42 @@
"hashes" : [
{
"alg" : "MD5",
- "content" : "df005ba963df3f6f51e9323c150619e1"
+ "content" : "14f2e711dd0b6d5abc7a9e5f2a5233a7"
},
{
"alg" : "SHA-1",
- "content" : "1cb95c53d0af659db41067416c5bd6779faa9e73"
+ "content" : "720f308380ae53446b78643d9d0b0561a9a6a1e8"
},
{
"alg" : "SHA-256",
- "content" :
"a5842cd356a394ecab0931639633721ffb5f1001178310a1e62963ea19be8534"
+ "content" :
"d823adf48bded32d8420c02932837cacdcb1052dc1e4abdd27039e2801ab4907"
},
{
"alg" : "SHA-512",
- "content" :
"ec06e7292f1ec1cd367d7000854d96e42a1f2e46d15ba0d09895ef1fb33e604d4a1cb6a2131a3948b24913c2c97b63f04247e580e0147d9f8fbe3fd05aa38ccd"
+ "content" :
"036835030909cdf345a4f8b104f9fcdefc34873024feed1a96899327ca96c7c2be2eecee46b80bf8c2e86b60cb9902f8c17cfae9ea1f30813d8d58f9d880eb37"
},
{
"alg" : "SHA3-256",
- "content" :
"89717eccb2f874580c437d0b4be1ba1854d5aa6f55748a9e97184cbc82b91c7c"
+ "content" :
"622f01c152661392d2d5cf46e075d9602439b9f9fa6bca0e4b3e10815dc4eeed"
},
{
"alg" : "SHA3-512",
- "content" :
"324a5f2a6cda6c0432e9088428a78b60cdc083241ff88a4c7c4396c498ad06abe2c20a25047bf1d0b607f2aa293aaf88deecc003bd94853af2fcd6fa3567c83b"
+ "content" :
"675e597165e3bf5fcdab6075628c1dbf6e3c6c346aaaf619a54c54d7eae45458a1f1c9e144cd8571994e34404d1c52f4721f42fde79050cf56db4460aee28aea"
},
{
"alg" : "SHA-384",
- "content" :
"7d323876ba131dff76d8401ef95edb6376ba6034ec2017c8bbd270519527c8090931c862bfaca8024cbf04a0e218c1b5"
+ "content" :
"02c0c52fe4504538c894b5fd24fe51f9c754a6935c6c241c2419492d6a11cd57bc3f7b1c561ee8a8c038dc5fe3ec1386"
},
{
"alg" : "SHA3-384",
- "content" :
"8bf326b3d613c5fb7740739c9d1625eb54b9f2487a9dcf498e8fdfb44bf186dd3b467ec179d8efb17f84a7fd765bc800"
+ "content" :
"406ff03cf5b204c79e41da2f484b8d86ea1c873ff6a41b752a02beb8e235a901c1de5b764a7688c9f12acacd4a623d84"
}
],
"licenses" : [
{
"license" : {
- "id" : "Apache-2.0"
+ "id" : "Apache-2.0",
+ "url" : "https://www.apache.org/licenses/LICENSE-2.0.txt";
}
}
],
@@ -172,7 +178,8 @@
"licenses" : [
{
"license" : {
- "id" : "Apache-2.0"
+ "id" : "Apache-2.0",
+ "url" : "https://www.apache.org/licenses/LICENSE-2.0.txt";
}
}
],
diff --git a/examples/ant-cyclonedx-0.1alpha-cyclonedx.xml
b/examples/ant-cyclonedx-0.1alpha-cyclonedx.xml
index dca9bb7..ab5a2a2 100644
--- a/examples/ant-cyclonedx-0.1alpha-cyclonedx.xml
+++ b/examples/ant-cyclonedx-0.1alpha-cyclonedx.xml
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
-<bom serialNumber="urn:uuid:9bc01eb7-5c9c-4579-8a08-dae8dbbf6820" version="1"
xmlns="http://cyclonedx.org/schema/bom/1.6";>
+<bom serialNumber="urn:uuid:817ebe65-d467-4d89-b134-17c005157e74" version="1"
xmlns="http://cyclonedx.org/schema/bom/1.6";>
<metadata>
- <timestamp>2026-05-02T05:54:06Z</timestamp>
+ <timestamp>2026-05-02T08:03:43Z</timestamp>
<lifecycles>
<lifecycle>
<phase>build</phase>
@@ -23,18 +23,19 @@
<version>0.1alpha</version>
<description>Apache CycloneDX Antlib</description>
<hashes>
- <hash alg="MD5">df005ba963df3f6f51e9323c150619e1</hash>
- <hash alg="SHA-1">1cb95c53d0af659db41067416c5bd6779faa9e73</hash>
- <hash
alg="SHA-256">a5842cd356a394ecab0931639633721ffb5f1001178310a1e62963ea19be8534</hash>
- <hash
alg="SHA-512">ec06e7292f1ec1cd367d7000854d96e42a1f2e46d15ba0d09895ef1fb33e604d4a1cb6a2131a3948b24913c2c97b63f04247e580e0147d9f8fbe3fd05aa38ccd</hash>
- <hash
alg="SHA3-256">89717eccb2f874580c437d0b4be1ba1854d5aa6f55748a9e97184cbc82b91c7c</hash>
- <hash
alg="SHA3-512">324a5f2a6cda6c0432e9088428a78b60cdc083241ff88a4c7c4396c498ad06abe2c20a25047bf1d0b607f2aa293aaf88deecc003bd94853af2fcd6fa3567c83b</hash>
- <hash
alg="SHA-384">7d323876ba131dff76d8401ef95edb6376ba6034ec2017c8bbd270519527c8090931c862bfaca8024cbf04a0e218c1b5</hash>
- <hash
alg="SHA3-384">8bf326b3d613c5fb7740739c9d1625eb54b9f2487a9dcf498e8fdfb44bf186dd3b467ec179d8efb17f84a7fd765bc800</hash>
+ <hash alg="MD5">14f2e711dd0b6d5abc7a9e5f2a5233a7</hash>
+ <hash alg="SHA-1">720f308380ae53446b78643d9d0b0561a9a6a1e8</hash>
+ <hash
alg="SHA-256">d823adf48bded32d8420c02932837cacdcb1052dc1e4abdd27039e2801ab4907</hash>
+ <hash
alg="SHA-512">036835030909cdf345a4f8b104f9fcdefc34873024feed1a96899327ca96c7c2be2eecee46b80bf8c2e86b60cb9902f8c17cfae9ea1f30813d8d58f9d880eb37</hash>
+ <hash
alg="SHA3-256">622f01c152661392d2d5cf46e075d9602439b9f9fa6bca0e4b3e10815dc4eeed</hash>
+ <hash
alg="SHA3-512">675e597165e3bf5fcdab6075628c1dbf6e3c6c346aaaf619a54c54d7eae45458a1f1c9e144cd8571994e34404d1c52f4721f42fde79050cf56db4460aee28aea</hash>
+ <hash
alg="SHA-384">02c0c52fe4504538c894b5fd24fe51f9c754a6935c6c241c2419492d6a11cd57bc3f7b1c561ee8a8c038dc5fe3ec1386</hash>
+ <hash
alg="SHA3-384">406ff03cf5b204c79e41da2f484b8d86ea1c873ff6a41b752a02beb8e235a901c1de5b764a7688c9f12acacd4a623d84</hash>
</hashes>
<licenses>
<license>
<id>Apache-2.0</id>
+ <url>https://www.apache.org/licenses/LICENSE-2.0.txt</url>
</license>
</licenses>
<purl>pkg:maven/org.apache.ant/[email protected]?type=jar</purl>
@@ -42,6 +43,9 @@
<reference type="vcs">
<url>https://github.com/apache/ant-antlibs-cyclonedx</url>
</reference>
+ <reference type="license">
+ <url>https://www.apache.org/licenses/LICENSE-2.0.txt</url>
+ </reference>
</externalReferences>
</component>
</components>
@@ -60,18 +64,19 @@
<version>0.1alpha</version>
<description>Apache CycloneDX Antlib</description>
<hashes>
- <hash alg="MD5">df005ba963df3f6f51e9323c150619e1</hash>
- <hash alg="SHA-1">1cb95c53d0af659db41067416c5bd6779faa9e73</hash>
- <hash
alg="SHA-256">a5842cd356a394ecab0931639633721ffb5f1001178310a1e62963ea19be8534</hash>
- <hash
alg="SHA-512">ec06e7292f1ec1cd367d7000854d96e42a1f2e46d15ba0d09895ef1fb33e604d4a1cb6a2131a3948b24913c2c97b63f04247e580e0147d9f8fbe3fd05aa38ccd</hash>
- <hash
alg="SHA3-256">89717eccb2f874580c437d0b4be1ba1854d5aa6f55748a9e97184cbc82b91c7c</hash>
- <hash
alg="SHA3-512">324a5f2a6cda6c0432e9088428a78b60cdc083241ff88a4c7c4396c498ad06abe2c20a25047bf1d0b607f2aa293aaf88deecc003bd94853af2fcd6fa3567c83b</hash>
- <hash
alg="SHA-384">7d323876ba131dff76d8401ef95edb6376ba6034ec2017c8bbd270519527c8090931c862bfaca8024cbf04a0e218c1b5</hash>
- <hash
alg="SHA3-384">8bf326b3d613c5fb7740739c9d1625eb54b9f2487a9dcf498e8fdfb44bf186dd3b467ec179d8efb17f84a7fd765bc800</hash>
+ <hash alg="MD5">14f2e711dd0b6d5abc7a9e5f2a5233a7</hash>
+ <hash alg="SHA-1">720f308380ae53446b78643d9d0b0561a9a6a1e8</hash>
+ <hash
alg="SHA-256">d823adf48bded32d8420c02932837cacdcb1052dc1e4abdd27039e2801ab4907</hash>
+ <hash
alg="SHA-512">036835030909cdf345a4f8b104f9fcdefc34873024feed1a96899327ca96c7c2be2eecee46b80bf8c2e86b60cb9902f8c17cfae9ea1f30813d8d58f9d880eb37</hash>
+ <hash
alg="SHA3-256">622f01c152661392d2d5cf46e075d9602439b9f9fa6bca0e4b3e10815dc4eeed</hash>
+ <hash
alg="SHA3-512">675e597165e3bf5fcdab6075628c1dbf6e3c6c346aaaf619a54c54d7eae45458a1f1c9e144cd8571994e34404d1c52f4721f42fde79050cf56db4460aee28aea</hash>
+ <hash
alg="SHA-384">02c0c52fe4504538c894b5fd24fe51f9c754a6935c6c241c2419492d6a11cd57bc3f7b1c561ee8a8c038dc5fe3ec1386</hash>
+ <hash
alg="SHA3-384">406ff03cf5b204c79e41da2f484b8d86ea1c873ff6a41b752a02beb8e235a901c1de5b764a7688c9f12acacd4a623d84</hash>
</hashes>
<licenses>
<license>
<id>Apache-2.0</id>
+ <url>https://www.apache.org/licenses/LICENSE-2.0.txt</url>
</license>
</licenses>
<purl>pkg:maven/org.apache.ant/[email protected]?type=jar</purl>
@@ -98,6 +103,7 @@
<licenses>
<license>
<id>Apache-2.0</id>
+ <url>https://www.apache.org/licenses/LICENSE-2.0.txt</url>
</license>
</licenses>
<purl>pkg:maven/org.apache.ant/[email protected]?type=jar</purl>
diff --git a/src/main/org/apache/ant/cyclonedx/Component.java
b/src/main/org/apache/ant/cyclonedx/Component.java
index 3811c9d..8b8f715 100644
--- a/src/main/org/apache/ant/cyclonedx/Component.java
+++ b/src/main/org/apache/ant/cyclonedx/Component.java
@@ -271,33 +271,6 @@ public class Component extends DataType {
component.setHashes(BomUtils.calculateHashes(file, bomVersion));
}
- public static class License {
- private String id;
- private String name;
-
- public void setLicenseId(String id) {
- this.id = id;
- }
-
- public void setName(String name) {
- this.name = name;
- }
-
- public org.cyclonedx.model.License toCycloneDxLicense() {
- if (name == null && id == null) {
- throw new BuildException("license name or id is required");
- }
- org.cyclonedx.model.License l = new org.cyclonedx.model.License();
- if (name != null) {
- l.setName(name);
- }
- if (id != null) {
- l.setId(id);
- }
- return l;
- }
- }
-
public static class ExternalReference {
private String url;
private org.cyclonedx.model.ExternalReference.Type type;
@@ -364,7 +337,7 @@ public class Component extends DataType {
/**
* Perform the check for circular references and return the
- * referenced Resource.
+ * referenced Component.
* @return <code>Component</code>.
*/
protected Component getRef() {
diff --git a/src/main/org/apache/ant/cyclonedx/License.java
b/src/main/org/apache/ant/cyclonedx/License.java
new file mode 100644
index 0000000..4756af9
--- /dev/null
+++ b/src/main/org/apache/ant/cyclonedx/License.java
@@ -0,0 +1,58 @@
+package org.apache.ant.cyclonedx;
+
+import org.apache.tools.ant.BuildException;
+import org.apache.tools.ant.types.DataType;
+import org.apache.tools.ant.types.resources.URLResource;
+
+public class License extends DataType {
+ private String id;
+ private String name;
+ private String url;
+
+ public void setLicenseId(String id) {
+ checkAttributesAllowed();
+ this.id = id;
+ }
+
+ public void setName(String name) {
+ checkAttributesAllowed();
+ this.name = name;
+ }
+
+ public void addConfiguredUrl(URLResource url) {
+ checkAttributesAllowed();
+ if (this.url != null) {
+ throw new BuildException("only one URL is allowed");
+ }
+ this.url = url.getURL().toExternalForm();
+ }
+
+ public org.cyclonedx.model.License toCycloneDxLicense() {
+ if (isReference()) {
+ return getRef().toCycloneDxLicense();
+ }
+ if (name == null && id == null) {
+ throw new BuildException("license name or id is required");
+ }
+ org.cyclonedx.model.License l = new org.cyclonedx.model.License();
+ if (name != null) {
+ l.setName(name);
+ }
+ if (id != null) {
+ l.setId(id);
+ }
+ if (url != null) {
+ l.setUrl(url);
+ }
+ return l;
+ }
+
+ /**
+ * Perform the check for circular references and return the
+ * referenced License.
+ * @return <code>License</code>.
+ */
+ protected License getRef() {
+ return getCheckedRef(License.class);
+ }
+}
diff --git a/src/main/org/apache/ant/cyclonedx/Organization.java
b/src/main/org/apache/ant/cyclonedx/Organization.java
index 5f7b123..93d7c52 100644
--- a/src/main/org/apache/ant/cyclonedx/Organization.java
+++ b/src/main/org/apache/ant/cyclonedx/Organization.java
@@ -38,7 +38,7 @@ public class Organization extends DataType {
/**
* Perform the check for circular references and return the
- * referenced Resource.
+ * referenced Organization.
* @return <code>Organization</code>.
*/
protected Organization getRef() {
diff --git a/src/main/org/apache/ant/cyclonedx/ToolData.java
b/src/main/org/apache/ant/cyclonedx/ToolData.java
index d302216..28bcf24 100644
--- a/src/main/org/apache/ant/cyclonedx/ToolData.java
+++ b/src/main/org/apache/ant/cyclonedx/ToolData.java
@@ -44,14 +44,19 @@ public class ToolData {
antlibComponent.addManufacturer(manufacturer);
antlibComponent.setManufacturerIsSupplier(true);
- Component.License license = new Component.License();
+ License license = new License();
license.setLicenseId("Apache-2.0");
+ license.addConfiguredUrl(new
URLResource("https://www.apache.org/licenses/LICENSE-2.0.txt";));
antlibComponent.addConfiguredLicense(license);
Component.ExternalReference repo = new Component.ExternalReference();
repo.setUrl("https://github.com/apache/ant-antlibs-cyclonedx";);
repo.setType(ExternalReference.Type.VCS);
antlibComponent.addConfiguredExternalReference(repo);
+ Component.ExternalReference licRef = new Component.ExternalReference();
+ licRef.setUrl("https://www.apache.org/licenses/LICENSE-2.0.txt";);
+ licRef.setType(ExternalReference.Type.LICENSE);
+ antlibComponent.addConfiguredExternalReference(licRef);
File antlib = findAntlib();
if (antlib != null) {
diff --git a/src/main/org/apache/ant/cyclonedx/antlib.xml
b/src/main/org/apache/ant/cyclonedx/antlib.xml
index 3bf326d..cbdcbd3 100644
--- a/src/main/org/apache/ant/cyclonedx/antlib.xml
+++ b/src/main/org/apache/ant/cyclonedx/antlib.xml
@@ -24,4 +24,6 @@ under the License.
classname="org.apache.ant.cyclonedx.Component"/>
<typedef name="organization"
classname="org.apache.ant.cyclonedx.Organization"/>
+ <typedef name="license"
+ classname="org.apache.ant.cyclonedx.License"/>
</antlib>
diff --git a/src/tests/antunit/componentbom-test.xml
b/src/tests/antunit/componentbom-test.xml
index 33a58f2..ff4d61c 100644
--- a/src/tests/antunit/componentbom-test.xml
+++ b/src/tests/antunit/componentbom-test.xml
@@ -376,6 +376,12 @@
xmlns:cdx="antlib:org.apache.ant.cyclonedx">
<url url="https://ant.apache.org/"/>
</cdx:organization>
+ <cdx:license
+ licenseId="Apache-2.0"
+ id="apache-2"
+ xmlns:cdx="antlib:org.apache.ant.cyclonedx">
+ <url url="https://www.apache.org/licenses/LICENSE-2.0.txt"/>
+ </cdx:license>
<cdx:componentbom
bomName="ant-cyclonedx-${artifact.version}-cyclonedx"
outputdirectory="${output}"
@@ -390,7 +396,7 @@
manufacturerIsSupplier="true">
<file file="${antlib.location}"/>
<manufacturer refid="ant-team"/>
- <license licenseId="Apache-2.0"/>
+ <license refid="apache-2"/>
<externalReference
type="VCS"
url="https://github.com/apache/ant-antlibs-cyclonedx"/>
@@ -405,7 +411,7 @@
unknownDependencies="true"
id="ant">
<manufacturer refid="ant-team"/>
- <license licenseId="Apache-2.0"/>
+ <license refid="apache-2"/>
<externalReference
type="VCS"
url="https://github.com/apache/ant"/>
