This is an automated email from the ASF dual-hosted git repository.
asf-gitbox-commits pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/ant-antlibs-cyclonedx.git
The following commit(s) were added to refs/heads/main by this push:
new 3606e6e support more component fields
3606e6e is described below
commit 3606e6e481b324bd116326eaee1338ab946084b5
Author: Stefan Bodewig <[email protected]>
AuthorDate: Fri May 8 18:49:31 2026 +0200
support more component fields
---
examples/ant-cyclonedx-0.1alpha-cyclonedx.json | 43 ++++++++------
examples/ant-cyclonedx-0.1alpha-cyclonedx.xml | 43 ++++++++------
src/main/org/apache/ant/cyclonedx/Component.java | 74 ++++++++++++++++++++++++
src/main/org/apache/ant/cyclonedx/ToolData.java | 1 +
4 files changed, 125 insertions(+), 36 deletions(-)
diff --git a/examples/ant-cyclonedx-0.1alpha-cyclonedx.json
b/examples/ant-cyclonedx-0.1alpha-cyclonedx.json
index 4c0fd98..6b3e00c 100644
--- a/examples/ant-cyclonedx-0.1alpha-cyclonedx.json
+++ b/examples/ant-cyclonedx-0.1alpha-cyclonedx.json
@@ -1,10 +1,10 @@
{
"bomFormat" : "CycloneDX",
"specVersion" : "1.6",
- "serialNumber" : "urn:uuid:87cc16ad-4397-473c-bab8-fbd7899b27cb",
+ "serialNumber" : "urn:uuid:266aabc2-6812-4036-88b0-1c88d390502c",
"version" : 1,
"metadata" : {
- "timestamp" : "2026-05-08T16:15:00Z",
+ "timestamp" : "2026-05-08T16:48:44Z",
"lifecycles" : [
{
"phase" : "build"
@@ -26,6 +26,7 @@
"https://ant.apache.org/";
]
},
+ "publisher" : "The Apache Software Foundation",
"group" : "org.apache.ant",
"name" : "ant-cyclonedx",
"version" : "0.1alpha",
@@ -33,35 +34,35 @@
"hashes" : [
{
"alg" : "MD5",
- "content" : "6aeaa4d90eb5a78e1de7de2e4d4ad034"
+ "content" : "6d0e2adf8c544249288e7ee596c566e9"
},
{
"alg" : "SHA-1",
- "content" : "ed43b1dbded26e2a2a24c6d213d7b813c4e2bc6e"
+ "content" : "48d86c01594b9ac882d4153bf41e5fc55b620faa"
},
{
"alg" : "SHA-256",
- "content" :
"dca5a782a71ec62524e1d570c6473258d019656e12fe0fe4bdbc2a44545c5324"
+ "content" :
"4219d857d3100fd4ec043318f63836bafddedf4181b0767774ee1cf4916f8a2d"
},
{
"alg" : "SHA-512",
- "content" :
"f427019b0505e0860dd1ded1866296ec363fb5d832cb49072a23aa27be3632192570c7339330308bf6a6b8a39555f816b2d9afcd6c798f1a06fbaec8361d5f22"
+ "content" :
"2347e3843020e10bc1bb5b3d255d105ae4403a832398406c541b7bcf45eef73bfed63bb7181cddae056f386faba9effdd5e83a48692db48df79307b4e39688ba"
},
{
"alg" : "SHA3-256",
- "content" :
"a69ab61d30bf7d890622726a448a44ff02a741c91d205c45e943fc94ac0ff328"
+ "content" :
"6f64a5f69c6a2dc750cef5143c66beaf3aa19600716ed63cbb0afa980c5b46fb"
},
{
"alg" : "SHA3-512",
- "content" :
"305eb78224477a3b88a0506db5fd99f08706b20c8707851150b207f4127adbe648f4ba44c139a07799153cb46367bd382284f43874be3e49b7ec30cee69c0844"
+ "content" :
"6859d0d58ea10a43f7704c1617a73609522763d4460ad5c52f067374bc995f7aa3a3d43851015625bcddaf354c528e79b38a5d7c9cb36272afa2a98b9b05c966"
},
{
"alg" : "SHA-384",
- "content" :
"faa448fc61c705102c4f7edf584c1660c697fb723297522021e462e3911de05a3bbd049dd607139c203d67f44ce5fc09"
+ "content" :
"72d5b1dfaa25985a0891d763ef8b65169a58f67ca3b47864f3aa16204649247e8d6f8c0654959553ae12e6d3bb564a81"
},
{
"alg" : "SHA3-384",
- "content" :
"d19b4b2d1aff17e35a76c2fa731200e3ee9d32ce784e2efa8f86e985513fb1568efbf7e1612df068e0871c8e0918263b"
+ "content" :
"56afebe15d38d52e2f80580659f0558f618deba550f0139f9a72b6254afe9f3a90bb3cb9837568ca8f93a8495c2ba2f3"
}
],
"licenses" : [
@@ -108,35 +109,35 @@
"hashes" : [
{
"alg" : "MD5",
- "content" : "6aeaa4d90eb5a78e1de7de2e4d4ad034"
+ "content" : "6d0e2adf8c544249288e7ee596c566e9"
},
{
"alg" : "SHA-1",
- "content" : "ed43b1dbded26e2a2a24c6d213d7b813c4e2bc6e"
+ "content" : "48d86c01594b9ac882d4153bf41e5fc55b620faa"
},
{
"alg" : "SHA-256",
- "content" :
"dca5a782a71ec62524e1d570c6473258d019656e12fe0fe4bdbc2a44545c5324"
+ "content" :
"4219d857d3100fd4ec043318f63836bafddedf4181b0767774ee1cf4916f8a2d"
},
{
"alg" : "SHA-512",
- "content" :
"f427019b0505e0860dd1ded1866296ec363fb5d832cb49072a23aa27be3632192570c7339330308bf6a6b8a39555f816b2d9afcd6c798f1a06fbaec8361d5f22"
+ "content" :
"2347e3843020e10bc1bb5b3d255d105ae4403a832398406c541b7bcf45eef73bfed63bb7181cddae056f386faba9effdd5e83a48692db48df79307b4e39688ba"
},
{
"alg" : "SHA3-256",
- "content" :
"a69ab61d30bf7d890622726a448a44ff02a741c91d205c45e943fc94ac0ff328"
+ "content" :
"6f64a5f69c6a2dc750cef5143c66beaf3aa19600716ed63cbb0afa980c5b46fb"
},
{
"alg" : "SHA3-512",
- "content" :
"305eb78224477a3b88a0506db5fd99f08706b20c8707851150b207f4127adbe648f4ba44c139a07799153cb46367bd382284f43874be3e49b7ec30cee69c0844"
+ "content" :
"6859d0d58ea10a43f7704c1617a73609522763d4460ad5c52f067374bc995f7aa3a3d43851015625bcddaf354c528e79b38a5d7c9cb36272afa2a98b9b05c966"
},
{
"alg" : "SHA-384",
- "content" :
"faa448fc61c705102c4f7edf584c1660c697fb723297522021e462e3911de05a3bbd049dd607139c203d67f44ce5fc09"
+ "content" :
"72d5b1dfaa25985a0891d763ef8b65169a58f67ca3b47864f3aa16204649247e8d6f8c0654959553ae12e6d3bb564a81"
},
{
"alg" : "SHA3-384",
- "content" :
"d19b4b2d1aff17e35a76c2fa731200e3ee9d32ce784e2efa8f86e985513fb1568efbf7e1612df068e0871c8e0918263b"
+ "content" :
"56afebe15d38d52e2f80580659f0558f618deba550f0139f9a72b6254afe9f3a90bb3cb9837568ca8f93a8495c2ba2f3"
}
],
"licenses" : [
@@ -198,6 +199,7 @@
{
"type" : "library",
"bom-ref" :
"pkg:maven/org.cyclonedx/[email protected]?type=jar",
+ "publisher" : "OWASP Foundation",
"group" : "org.cyclonedx",
"name" : "cyclonedx-core-java",
"version" : "12.2.0",
@@ -237,6 +239,7 @@
{
"type" : "library",
"bom-ref" : "pkg:maven/commons-io/[email protected]?type=jar",
+ "publisher" : "The Apache Software Foundation",
"group" : "commons-io",
"name" : "commons-io",
"version" : "2.21.0",
@@ -281,6 +284,7 @@
{
"type" : "library",
"bom-ref" :
"pkg:maven/org.apache.commons/[email protected]?type=jar",
+ "publisher" : "The Apache Software Foundation",
"group" : "org.apache.commons",
"name" : "commons-collections4",
"version" : "4.5.0",
@@ -364,6 +368,7 @@
{
"type" : "library",
"bom-ref" :
"pkg:maven/com.fasterxml.jackson.dataformat/[email protected]?type=jar",
+ "publisher" : "FasterXML",
"group" : "com.fasterxml.jackson.dataformat",
"name" : "jackson-dataformat-xml",
"version" : "2.21.1",
@@ -434,6 +439,7 @@
{
"type" : "library",
"bom-ref" : "pkg:maven/commons-codec/[email protected]?type=jar",
+ "publisher" : "The Apache Software Foundation",
"group" : "commons-codec",
"name" : "commons-codec",
"version" : "1.21.1",
@@ -478,6 +484,7 @@
{
"type" : "library",
"bom-ref" : "pkg:maven/org.apache.commons/[email protected]?type=jar",
+ "publisher" : "The Apache Software Foundation",
"group" : "org.apache.commons",
"name" : "commons-lang3",
"version" : "3.20.0",
diff --git a/examples/ant-cyclonedx-0.1alpha-cyclonedx.xml
b/examples/ant-cyclonedx-0.1alpha-cyclonedx.xml
index 11bf946..f9bb86e 100644
--- a/examples/ant-cyclonedx-0.1alpha-cyclonedx.xml
+++ b/examples/ant-cyclonedx-0.1alpha-cyclonedx.xml
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
-<bom serialNumber="urn:uuid:87cc16ad-4397-473c-bab8-fbd7899b27cb" version="1"
xmlns="http://cyclonedx.org/schema/bom/1.6";>
+<bom serialNumber="urn:uuid:266aabc2-6812-4036-88b0-1c88d390502c" version="1"
xmlns="http://cyclonedx.org/schema/bom/1.6";>
<metadata>
- <timestamp>2026-05-08T16:15:00Z</timestamp>
+ <timestamp>2026-05-08T16:48:44Z</timestamp>
<lifecycles>
<lifecycle>
<phase>build</phase>
@@ -18,19 +18,20 @@
<name>Apache Ant Development Team</name>
<url>https://ant.apache.org/</url>
</manufacturer>
+ <publisher>The Apache Software Foundation</publisher>
<group>org.apache.ant</group>
<name>ant-cyclonedx</name>
<version>0.1alpha</version>
<description>Apache CycloneDX Antlib</description>
<hashes>
- <hash alg="MD5">6aeaa4d90eb5a78e1de7de2e4d4ad034</hash>
- <hash alg="SHA-1">ed43b1dbded26e2a2a24c6d213d7b813c4e2bc6e</hash>
- <hash
alg="SHA-256">dca5a782a71ec62524e1d570c6473258d019656e12fe0fe4bdbc2a44545c5324</hash>
- <hash
alg="SHA-512">f427019b0505e0860dd1ded1866296ec363fb5d832cb49072a23aa27be3632192570c7339330308bf6a6b8a39555f816b2d9afcd6c798f1a06fbaec8361d5f22</hash>
- <hash
alg="SHA3-256">a69ab61d30bf7d890622726a448a44ff02a741c91d205c45e943fc94ac0ff328</hash>
- <hash
alg="SHA3-512">305eb78224477a3b88a0506db5fd99f08706b20c8707851150b207f4127adbe648f4ba44c139a07799153cb46367bd382284f43874be3e49b7ec30cee69c0844</hash>
- <hash
alg="SHA-384">faa448fc61c705102c4f7edf584c1660c697fb723297522021e462e3911de05a3bbd049dd607139c203d67f44ce5fc09</hash>
- <hash
alg="SHA3-384">d19b4b2d1aff17e35a76c2fa731200e3ee9d32ce784e2efa8f86e985513fb1568efbf7e1612df068e0871c8e0918263b</hash>
+ <hash alg="MD5">6d0e2adf8c544249288e7ee596c566e9</hash>
+ <hash alg="SHA-1">48d86c01594b9ac882d4153bf41e5fc55b620faa</hash>
+ <hash
alg="SHA-256">4219d857d3100fd4ec043318f63836bafddedf4181b0767774ee1cf4916f8a2d</hash>
+ <hash
alg="SHA-512">2347e3843020e10bc1bb5b3d255d105ae4403a832398406c541b7bcf45eef73bfed63bb7181cddae056f386faba9effdd5e83a48692db48df79307b4e39688ba</hash>
+ <hash
alg="SHA3-256">6f64a5f69c6a2dc750cef5143c66beaf3aa19600716ed63cbb0afa980c5b46fb</hash>
+ <hash
alg="SHA3-512">6859d0d58ea10a43f7704c1617a73609522763d4460ad5c52f067374bc995f7aa3a3d43851015625bcddaf354c528e79b38a5d7c9cb36272afa2a98b9b05c966</hash>
+ <hash
alg="SHA-384">72d5b1dfaa25985a0891d763ef8b65169a58f67ca3b47864f3aa16204649247e8d6f8c0654959553ae12e6d3bb564a81</hash>
+ <hash
alg="SHA3-384">56afebe15d38d52e2f80580659f0558f618deba550f0139f9a72b6254afe9f3a90bb3cb9837568ca8f93a8495c2ba2f3</hash>
</hashes>
<licenses>
<license>
@@ -64,14 +65,14 @@
<version>0.1alpha</version>
<description>Apache CycloneDX Antlib</description>
<hashes>
- <hash alg="MD5">6aeaa4d90eb5a78e1de7de2e4d4ad034</hash>
- <hash alg="SHA-1">ed43b1dbded26e2a2a24c6d213d7b813c4e2bc6e</hash>
- <hash
alg="SHA-256">dca5a782a71ec62524e1d570c6473258d019656e12fe0fe4bdbc2a44545c5324</hash>
- <hash
alg="SHA-512">f427019b0505e0860dd1ded1866296ec363fb5d832cb49072a23aa27be3632192570c7339330308bf6a6b8a39555f816b2d9afcd6c798f1a06fbaec8361d5f22</hash>
- <hash
alg="SHA3-256">a69ab61d30bf7d890622726a448a44ff02a741c91d205c45e943fc94ac0ff328</hash>
- <hash
alg="SHA3-512">305eb78224477a3b88a0506db5fd99f08706b20c8707851150b207f4127adbe648f4ba44c139a07799153cb46367bd382284f43874be3e49b7ec30cee69c0844</hash>
- <hash
alg="SHA-384">faa448fc61c705102c4f7edf584c1660c697fb723297522021e462e3911de05a3bbd049dd607139c203d67f44ce5fc09</hash>
- <hash
alg="SHA3-384">d19b4b2d1aff17e35a76c2fa731200e3ee9d32ce784e2efa8f86e985513fb1568efbf7e1612df068e0871c8e0918263b</hash>
+ <hash alg="MD5">6d0e2adf8c544249288e7ee596c566e9</hash>
+ <hash alg="SHA-1">48d86c01594b9ac882d4153bf41e5fc55b620faa</hash>
+ <hash
alg="SHA-256">4219d857d3100fd4ec043318f63836bafddedf4181b0767774ee1cf4916f8a2d</hash>
+ <hash
alg="SHA-512">2347e3843020e10bc1bb5b3d255d105ae4403a832398406c541b7bcf45eef73bfed63bb7181cddae056f386faba9effdd5e83a48692db48df79307b4e39688ba</hash>
+ <hash
alg="SHA3-256">6f64a5f69c6a2dc750cef5143c66beaf3aa19600716ed63cbb0afa980c5b46fb</hash>
+ <hash
alg="SHA3-512">6859d0d58ea10a43f7704c1617a73609522763d4460ad5c52f067374bc995f7aa3a3d43851015625bcddaf354c528e79b38a5d7c9cb36272afa2a98b9b05c966</hash>
+ <hash
alg="SHA-384">72d5b1dfaa25985a0891d763ef8b65169a58f67ca3b47864f3aa16204649247e8d6f8c0654959553ae12e6d3bb564a81</hash>
+ <hash
alg="SHA3-384">56afebe15d38d52e2f80580659f0558f618deba550f0139f9a72b6254afe9f3a90bb3cb9837568ca8f93a8495c2ba2f3</hash>
</hashes>
<licenses>
<license>
@@ -117,6 +118,7 @@
</externalReferences>
</component>
<component type="library"
bom-ref="pkg:maven/org.cyclonedx/[email protected]?type=jar">
+ <publisher>OWASP Foundation</publisher>
<group>org.cyclonedx</group>
<name>cyclonedx-core-java</name>
<version>12.2.0</version>
@@ -147,6 +149,7 @@
</externalReferences>
</component>
<component type="library"
bom-ref="pkg:maven/commons-io/[email protected]?type=jar">
+ <publisher>The Apache Software Foundation</publisher>
<group>commons-io</group>
<name>commons-io</name>
<version>2.21.0</version>
@@ -181,6 +184,7 @@
</externalReferences>
</component>
<component type="library"
bom-ref="pkg:maven/org.apache.commons/[email protected]?type=jar">
+ <publisher>The Apache Software Foundation</publisher>
<group>org.apache.commons</group>
<name>commons-collections4</name>
<version>4.5.0</version>
@@ -245,6 +249,7 @@
</externalReferences>
</component>
<component type="library"
bom-ref="pkg:maven/com.fasterxml.jackson.dataformat/[email protected]?type=jar">
+ <publisher>FasterXML</publisher>
<group>com.fasterxml.jackson.dataformat</group>
<name>jackson-dataformat-xml</name>
<version>2.21.1</version>
@@ -299,6 +304,7 @@
</externalReferences>
</component>
<component type="library"
bom-ref="pkg:maven/commons-codec/[email protected]?type=jar">
+ <publisher>The Apache Software Foundation</publisher>
<group>commons-codec</group>
<name>commons-codec</name>
<version>1.21.1</version>
@@ -333,6 +339,7 @@
</externalReferences>
</component>
<component type="library"
bom-ref="pkg:maven/org.apache.commons/[email protected]?type=jar">
+ <publisher>The Apache Software Foundation</publisher>
<group>org.apache.commons</group>
<name>commons-lang3</name>
<version>3.20.0</version>
diff --git a/src/main/org/apache/ant/cyclonedx/Component.java
b/src/main/org/apache/ant/cyclonedx/Component.java
index 3db4b66..82b0d73 100644
--- a/src/main/org/apache/ant/cyclonedx/Component.java
+++ b/src/main/org/apache/ant/cyclonedx/Component.java
@@ -22,7 +22,10 @@ import org.cyclonedx.Version;
import org.cyclonedx.exception.ParseException;
import org.cyclonedx.model.Bom;
import org.cyclonedx.model.LicenseChoice;
+import org.cyclonedx.model.OrganizationalContact;
import org.cyclonedx.model.OrganizationalEntity;
+import org.cyclonedx.model.Property;
+import org.cyclonedx.model.component.Tags;
import org.cyclonedx.parsers.BomParserFactory;
import org.cyclonedx.parsers.Parser;
import org.cyclonedx.util.BomUtils;
@@ -32,8 +35,10 @@ public class Component extends DataType {
private org.cyclonedx.model.Component.Type type =
org.cyclonedx.model.Component.Type.LIBRARY;
private String name;
private String group;
+ private String publisher;
private String version;
private String description;
+ private String copyright;
private Organization manufacturer = null;
private Organization supplier = null;
private boolean manufacturerIsSupplier = false;
@@ -46,6 +51,10 @@ public class Component extends DataType {
private List<Dependency> dependencies = new ArrayList<>();
private boolean unknownDependencies = false;
private boolean sbomLinkResolved = false;
+ private List<OrganizationalContact> authors = new ArrayList<>();
+ private List<String> tags = new ArrayList<>();
+ private List<Property> properties = new ArrayList<>();
+ private String mimeType;
private Union sbomLink;
public void add(Resource resource) {
@@ -95,6 +104,21 @@ public class Component extends DataType {
this.description = description;
}
+ public void setPublisher(String publisher) {
+ checkAttributesAllowed();
+ this.publisher = publisher;
+ }
+
+ public void setCopyright(String copyright) {
+ checkAttributesAllowed();
+ this.copyright = copyright;
+ }
+
+ public void setMimeType(String mimeType) {
+ checkAttributesAllowed();
+ this.mimeType = mimeType;
+ }
+
public void addManufacturer(Organization manufacturer) {
checkChildrenAllowed();
if (this.manufacturer != null) {
@@ -111,6 +135,21 @@ public class Component extends DataType {
this.supplier = supplier;
}
+ public void addAuthor(OrganizationalContact author) {
+ checkChildrenAllowed();
+ authors.add(author);
+ }
+
+ public void addTag(String tag) {
+ checkChildrenAllowed();
+ tags.add(tag);
+ }
+
+ public void addProperty(Property property) {
+ checkChildrenAllowed();
+ properties.add(property);
+ }
+
public void setManufacturerIsSupplier(boolean manufacturerIsSupplier) {
checkAttributesAllowed();
this.manufacturerIsSupplier = manufacturerIsSupplier;
@@ -335,6 +374,15 @@ public class Component extends DataType {
if (description != null) {
component.setDescription(description);
}
+ if (publisher != null) {
+ component.setPublisher(publisher);
+ }
+ if (copyright != null) {
+ component.setCopyright(copyright);
+ }
+ if (mimeType != null) {
+ component.setMimeType(mimeType);
+ }
if (manufacturer != null) {
OrganizationalEntity oe = manufacturer.toOrganizationalEntity();
component.setManufacturer(oe);
@@ -345,6 +393,17 @@ public class Component extends DataType {
if (supplier != null) {
component.setSupplier(supplier.toOrganizationalEntity());
}
+ if (!authors.isEmpty()) {
+ component.setAuthors(authors);
+ }
+ if (!properties.isEmpty()) {
+ component.setProperties(properties);
+ }
+ if (!tags.isEmpty()) {
+ Tags t = new Tags();
+ t.setTags(tags);
+ component.setTags(t);
+ }
if (!licenses.isEmpty()) {
LicenseChoice lc = new LicenseChoice();
lc.setLicenses(licenses);
@@ -374,6 +433,9 @@ public class Component extends DataType {
setGroup(real.getGroup());
setVersion(real.getVersion());
setDescription(real.getDescription());
+ setPublisher(real.getPublisher());
+ setCopyright(real.getCopyright());
+ setMimeType(real.getMimeType());
setPurl(real.getPurl());
setBomRef(real.getBomRef());
setScope(real.getScope());
@@ -394,6 +456,18 @@ public class Component extends DataType {
this.externalReferences.clear();
this.externalReferences.addAll(real.getExternalReferences());
}
+ if (real.getAuthors() != null) {
+ authors.clear();
+ authors.addAll(real.getAuthors());
+ }
+ if (real.getProperties() != null) {
+ properties.clear();
+ properties.addAll(real.getProperties());
+ }
+ if (real.getTags() != null && real.getTags().getTags() != null) {
+ tags.clear();
+ tags.addAll(real.getTags().getTags());
+ }
}
private void addHashes(org.cyclonedx.model.Component component, Version
bomVersion)
diff --git a/src/main/org/apache/ant/cyclonedx/ToolData.java
b/src/main/org/apache/ant/cyclonedx/ToolData.java
index 02ea916..0d48e49 100644
--- a/src/main/org/apache/ant/cyclonedx/ToolData.java
+++ b/src/main/org/apache/ant/cyclonedx/ToolData.java
@@ -43,6 +43,7 @@ public class ToolData {
antlibComponent.setName("ant-cyclonedx");
antlibComponent.setVersion(getVersion());
antlibComponent.setDescription("Apache CycloneDX Antlib");
+ antlibComponent.setPublisher("The Apache Software Foundation");
Organization manufacturer = new Organization();
manufacturer.setName("Apache Ant Development Team");
