diff --git a/integration/testdata/conda-cyclonedx.json.golden b/integration/testdata/conda-cyclonedx.json.golden index 7f3a352fcce7..df8f575e9053 100644 --- a/integration/testdata/conda-cyclonedx.json.golden +++ b/integration/testdata/conda-cyclonedx.json.golden @@ -34,6 +34,12 @@ "type": "library", "name": "openssl", "version": "1.1.1q", + "hashes": [ + { + "alg": "SHA-1", + "content": "237db0da53131e4548cb1181337fa0f420299e1f" + } + ], "licenses": [ { "license": { @@ -58,6 +64,12 @@ "type": "library", "name": "pip", "version": "22.2.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "a6a2db7668f1ad541d704369fc66c96a4415aa24" + } + ], "licenses": [ { "license": { diff --git a/integration/testdata/fluentd-multiple-lockfiles.cdx.json.golden b/integration/testdata/fluentd-multiple-lockfiles.cdx.json.golden index 65fc78e6c66f..9f23585a01da 100644 --- a/integration/testdata/fluentd-multiple-lockfiles.cdx.json.golden +++ b/integration/testdata/fluentd-multiple-lockfiles.cdx.json.golden @@ -6169,6 +6169,12 @@ "type": "library", "name": "activesupport", "version": "6.0.2.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "a2cd09dcbaf8ca1951fb8e3f2ebdfe6728ab44f7" + } + ], "licenses": [ { "license": { @@ -6201,6 +6207,12 @@ "type": "library", "name": "addressable", "version": "2.7.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "b4596fdeffcb1c89b24623b6f775a6b054a8323f" + } + ], "licenses": [ { "license": { @@ -6233,6 +6245,12 @@ "type": "library", "name": "concurrent-ruby", "version": "1.1.6", + "hashes": [ + { + "alg": "SHA-1", + "content": "c96749b0390ad63300b13dca6fd83e5508facf18" + } + ], "licenses": [ { "license": { @@ -6265,6 +6283,12 @@ "type": "library", "name": "cool.io", "version": "1.6.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "706a2490b54301e8ae8f2ca8f9f56b279b96ac7b" + } + ], "purl": "pkg:gem/cool.io@1.6.0", "properties": [ { @@ -6290,6 +6314,12 @@ "type": "library", "name": "dig_rb", "version": "1.0.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "04a4a555fe3a7e253098e870cf8a6c8746828829" + } + ], "licenses": [ { "license": { @@ -6322,6 +6352,12 @@ "type": "library", "name": "domain_name", "version": "0.5.20190701", + "hashes": [ + { + "alg": "SHA-1", + "content": "e45a352deedbf1d48c2563caa583d0864d6ac62b" + } + ], "licenses": [ { "license": { @@ -6364,6 +6400,12 @@ "type": "library", "name": "elasticsearch-api", "version": "7.5.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "aac794d1d845525dc57d73d8bd5bda4b7f593ea4" + } + ], "licenses": [ { "license": { @@ -6396,6 +6438,12 @@ "type": "library", "name": "elasticsearch-transport", "version": "7.5.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "29ab0a306cfc109b82ac19c37f288956a4d6d1d9" + } + ], "licenses": [ { "license": { @@ -6428,6 +6476,12 @@ "type": "library", "name": "elasticsearch", "version": "7.5.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "f3996e145e83f80d27ed48f8d2dca84f02c696c3" + } + ], "licenses": [ { "license": { @@ -6460,6 +6514,12 @@ "type": "library", "name": "excon", "version": "0.72.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "8b5c81a189d2748ae488dff8a7b4876493b86f76" + } + ], "licenses": [ { "license": { @@ -6492,6 +6552,12 @@ "type": "library", "name": "faraday", "version": "0.17.3", + "hashes": [ + { + "alg": "SHA-1", + "content": "b8c741fbdc2d729a59e2e855037421040673ca45" + } + ], "licenses": [ { "license": { @@ -6524,6 +6590,12 @@ "type": "library", "name": "ffi-compiler", "version": "1.0.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "b9ffee214ef79e695c14c8703566f7c13be4c2ba" + } + ], "licenses": [ { "license": { @@ -6556,6 +6628,12 @@ "type": "library", "name": "ffi", "version": "1.12.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "e6345da46b7a923b2248bc76d074362e7491376b" + } + ], "licenses": [ { "license": { @@ -6588,6 +6666,12 @@ "type": "library", "name": "fluent-plugin-concat", "version": "2.4.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "b6a0da88821e50d052cb244b57562f00abe79888" + } + ], "licenses": [ { "license": { @@ -6620,6 +6704,12 @@ "type": "library", "name": "fluent-plugin-detect-exceptions", "version": "0.0.13", + "hashes": [ + { + "alg": "SHA-1", + "content": "d1a7b50f7723ead908453f463e24424735be0a56" + } + ], "licenses": [ { "license": { @@ -6652,6 +6742,12 @@ "type": "library", "name": "fluent-plugin-elasticsearch", "version": "3.8.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "d60372f3af2757abd0a4ff68484e9328b2cbe386" + } + ], "licenses": [ { "license": { @@ -6684,6 +6780,12 @@ "type": "library", "name": "fluent-plugin-kubernetes_metadata_filter", "version": "2.4.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "eeb3ce046c69c9c83ed1d4bc949058ef6a124f96" + } + ], "licenses": [ { "license": { @@ -6716,6 +6818,12 @@ "type": "library", "name": "fluent-plugin-multi-format-parser", "version": "1.0.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "9aa245fc07627474621e29f04507a377dfae09d3" + } + ], "licenses": [ { "license": { @@ -6748,6 +6856,12 @@ "type": "library", "name": "fluent-plugin-prometheus", "version": "1.7.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "597a311791f0d05968c558e8015c8bed864137e2" + } + ], "licenses": [ { "license": { @@ -6780,6 +6894,12 @@ "type": "library", "name": "fluent-plugin-systemd", "version": "1.0.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "115901208913bc5031597a20fae33c50c6de6500" + } + ], "licenses": [ { "license": { @@ -6812,6 +6932,12 @@ "type": "library", "name": "fluentd", "version": "1.8.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "5f31ca316e345410e5a5b70b5fafed8a51fd5092" + } + ], "licenses": [ { "license": { @@ -6844,6 +6970,12 @@ "type": "library", "name": "http-accept", "version": "1.7.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "21dedf2ba79a24f86528c2dfc32d17dd9324d9fd" + } + ], "purl": "pkg:gem/http-accept@1.7.0", "properties": [ { @@ -6869,6 +7001,12 @@ "type": "library", "name": "http-cookie", "version": "1.0.3", + "hashes": [ + { + "alg": "SHA-1", + "content": "e6f5b8e237e694b3729797cca134525822769964" + } + ], "licenses": [ { "license": { @@ -6901,6 +7039,12 @@ "type": "library", "name": "http-form_data", "version": "2.2.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "53c844c1f954a9c43b78b8e57f18c0ec965beb1f" + } + ], "licenses": [ { "license": { @@ -6933,6 +7077,12 @@ "type": "library", "name": "http-parser", "version": "1.2.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "7c6889d98755a1fe8859d850892412a0e001ba9a" + } + ], "licenses": [ { "license": { @@ -6965,6 +7115,12 @@ "type": "library", "name": "http", "version": "4.3.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "79032e0328aa1d3ee184a38c50cd93d5bce8998b" + } + ], "licenses": [ { "license": { @@ -6997,6 +7153,12 @@ "type": "library", "name": "http_parser.rb", "version": "0.6.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "0ed80e936eaf7151f540186333c3df436afd46c6" + } + ], "licenses": [ { "license": { @@ -7029,6 +7191,12 @@ "type": "library", "name": "i18n", "version": "1.8.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "d13bccc2521cef33fc4303888b24f327a7369877" + } + ], "licenses": [ { "license": { @@ -7061,6 +7229,12 @@ "type": "library", "name": "kubeclient", "version": "4.6.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "31916cb42ac6b30c68a5422414946d0328be94d4" + } + ], "licenses": [ { "license": { @@ -7093,6 +7267,12 @@ "type": "library", "name": "lru_redux", "version": "1.1.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "c8c5874f406a8fefc655fee48b75dfa276a5b8fa" + } + ], "licenses": [ { "license": { @@ -7125,6 +7305,12 @@ "type": "library", "name": "mime-types-data", "version": "3.2019.1009", + "hashes": [ + { + "alg": "SHA-1", + "content": "8a80ce9bf4961df0184d25699612d29293a05aee" + } + ], "licenses": [ { "license": { @@ -7157,6 +7343,12 @@ "type": "library", "name": "mime-types", "version": "3.3.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "b70aa1555acff548ee282c76ddd562e831483187" + } + ], "licenses": [ { "license": { @@ -7189,6 +7381,12 @@ "type": "library", "name": "minitest", "version": "5.14.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "8fcf25c201eacdf1a0e4db78efcb37ad590f33c0" + } + ], "licenses": [ { "license": { @@ -7221,6 +7419,12 @@ "type": "library", "name": "msgpack", "version": "1.3.3", + "hashes": [ + { + "alg": "SHA-1", + "content": "bda4ff6f3cd395534ba441ccacc4640f9dc43942" + } + ], "licenses": [ { "license": { @@ -7253,6 +7457,12 @@ "type": "library", "name": "multi_json", "version": "1.14.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "fead333877a2db2e2aaca87d8cd1f270952cd42e" + } + ], "licenses": [ { "license": { @@ -7285,6 +7495,12 @@ "type": "library", "name": "multipart-post", "version": "2.1.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "927edb51d5b23a49a417fe1503f196896c0e8034" + } + ], "licenses": [ { "license": { @@ -7317,6 +7533,12 @@ "type": "library", "name": "netrc", "version": "0.11.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "98d7bbb894429413feb5c0a3b766a7945f65e3ba" + } + ], "licenses": [ { "license": { @@ -7349,6 +7571,12 @@ "type": "library", "name": "oj", "version": "3.10.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "b348b933b9c2f6a6e952f6a15c7cbd9f1186815f" + } + ], "licenses": [ { "license": { @@ -7381,6 +7609,12 @@ "type": "library", "name": "prometheus-client", "version": "0.9.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "f829d25ee6b39cdda518f7b6f85be6563d7b5990" + } + ], "licenses": [ { "license": { @@ -7413,6 +7647,12 @@ "type": "library", "name": "public_suffix", "version": "4.0.3", + "hashes": [ + { + "alg": "SHA-1", + "content": "ac88907845a8bec2a0df25cf2e3ef61121e47252" + } + ], "licenses": [ { "license": { @@ -7445,6 +7685,12 @@ "type": "library", "name": "quantile", "version": "0.2.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "07a0817cd9df688930b2d8481a647a7ec321b870" + } + ], "licenses": [ { "license": { @@ -7477,6 +7723,12 @@ "type": "library", "name": "rake", "version": "13.0.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "d01a832a472daf914670adda88b44b419a4d2daf" + } + ], "licenses": [ { "license": { @@ -7509,6 +7761,12 @@ "type": "library", "name": "recursive-open-struct", "version": "1.1.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "5a4a02765d82d6786a832384b890f0a2497c2e14" + } + ], "licenses": [ { "license": { @@ -7541,6 +7799,12 @@ "type": "library", "name": "rest-client", "version": "2.1.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "a7e5943a216b16e0867693f20d5d1604cd015486" + } + ], "licenses": [ { "license": { @@ -7573,6 +7837,12 @@ "type": "library", "name": "serverengine", "version": "2.2.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "16e5806b2d513f6b075355c602aed0f960584267" + } + ], "licenses": [ { "license": { @@ -7605,6 +7875,12 @@ "type": "library", "name": "sigdump", "version": "0.2.4", + "hashes": [ + { + "alg": "SHA-1", + "content": "1bae5c6042dc82a4bec6aacb42f75ba71f7cb634" + } + ], "licenses": [ { "license": { @@ -7637,6 +7913,12 @@ "type": "library", "name": "strptime", "version": "0.2.3", + "hashes": [ + { + "alg": "SHA-1", + "content": "17150d9e40754ea1a732796f224b9be78e77b86a" + } + ], "licenses": [ { "license": { @@ -7669,6 +7951,12 @@ "type": "library", "name": "systemd-journal", "version": "1.3.3", + "hashes": [ + { + "alg": "SHA-1", + "content": "4f310622fe58e95897147736c96d3d42174a3363" + } + ], "licenses": [ { "license": { @@ -7701,6 +7989,12 @@ "type": "library", "name": "thread_safe", "version": "0.3.6", + "hashes": [ + { + "alg": "SHA-1", + "content": "546993ac33864e279ae73e918d6da5d4ca083098" + } + ], "licenses": [ { "license": { @@ -7733,6 +8027,12 @@ "type": "library", "name": "tzinfo-data", "version": "1.2019.3", + "hashes": [ + { + "alg": "SHA-1", + "content": "26832d11382943b02433f3ad1df7653b4cfdf3a2" + } + ], "licenses": [ { "license": { @@ -7765,6 +8065,12 @@ "type": "library", "name": "tzinfo", "version": "1.2.6", + "hashes": [ + { + "alg": "SHA-1", + "content": "5b7db490d431d97366729086683e736d2b5fee99" + } + ], "licenses": [ { "license": { @@ -7797,6 +8103,12 @@ "type": "library", "name": "unf", "version": "0.1.4", + "hashes": [ + { + "alg": "SHA-1", + "content": "85ff87b60a6d16ffddf4db5f5f91c0ef76bacd3d" + } + ], "licenses": [ { "license": { @@ -7829,6 +8141,12 @@ "type": "library", "name": "unf_ext", "version": "0.0.7.6", + "hashes": [ + { + "alg": "SHA-1", + "content": "1b5141ee855f16e832534c2e73d81fec0601ebd3" + } + ], "licenses": [ { "license": { @@ -7861,6 +8179,12 @@ "type": "library", "name": "yajl-ruby", "version": "1.4.1", + "hashes": [ + { + "alg": "SHA-1", + "content": "670f3cd2fc601c9b7fde02b1d8c60e90491a7221" + } + ], "licenses": [ { "license": { @@ -7893,6 +8217,12 @@ "type": "library", "name": "zeitwerk", "version": "2.3.0", + "hashes": [ + { + "alg": "SHA-1", + "content": "803894c06d28932016866a26fc2b22c4db942094" + } + ], "licenses": [ { "license": { diff --git a/pkg/commands/artifact/run.go b/pkg/commands/artifact/run.go index 49c7d3b34296..5018434d10c2 100644 --- a/pkg/commands/artifact/run.go +++ b/pkg/commands/artifact/run.go @@ -538,9 +538,9 @@ func (r *runner) initScannerConfig(ctx context.Context, opts flag.Options) (Scan } } - // SPDX needs to calculate digests for package files + // SPDX and CycloneDX need to calculate digests for package files var fileChecksum bool - if opts.Format == types.FormatSPDXJSON || opts.Format == types.FormatSPDX { + if opts.Format == types.FormatSPDXJSON || opts.Format == types.FormatSPDX || opts.Format == types.FormatCycloneDX { fileChecksum = true }